Solved

DNS Issues With 2000 Server Network and External Icehouse ISP Mail Exchanger and Website Hosting

Posted on 2006-11-21
14
231 Views
Last Modified: 2010-03-18
Hi,
I have one win 2000 domain controller using active directory. I have not been successful implementing dhcp or dns because of the following issue. My isp is icehouse.net. They have provided us with a soho gateway that is serving my internal network with their dns numbers and scope 192.168.0.50 through 192.68.0.100 as we configured it to. We want to disable the gateway dhcp and utilize our own dhcp dns services. The domain controller is statically assigned 192.168.0.2 and is excluded. The dns and dhcp servers (internal) have been activated and configured but when I do the mail services are not functional and the website is not accessible. The mail services and website are both managed by icehouse. We have purchased the domain parksmedical.com and pay also for hosting and mail. I had my dhcp scope issue gateway 192.168.0.1, dns 192.168.0.2.  The dns and dhcp are both on the domain controller 192.168.0.2  I know it is not recommended but have done this before with no issues. I configured my dns server to foreward requests to icehouse dns if not reconciled and of coarse disabled the Actiontec Gateway dhcp services while testing for implementation. After activation and refresth of my dhcp/dns servers mail services on outlook clients fail for both smtp and pop. I have tried entering the mail exchanger info in dns server forword lookup for parksmedical.com as parent domain parksmedical.com, host or domain parksmedical and mail server mail.parksmedical.com but no mail service still and cant view the website. What did I miss?
0
Comment
Question by:sundance1560
  • 9
  • 5
14 Comments
 
LVL 25

Expert Comment

by:DrDave242
ID: 17997271
I'm a little unclear, but it sounds like you've got externally-hosted mail and web servers that use your registered domain name (mail.parksmedical.com and www.parksmedical.com), correct?  The problem arises because that's also the name of your internal domain and its correspoding DNS zone.  Your internal DNS server thinks it's authoritative for anything in that domain, so when someone tries to access mail.parksmedical.com, for example, the request goes to your internal DNS server and isn't forwarded out.

The quick fix would be to create host (A) records on your DNS server for mail.parksmedical.com and www.parksmedical.com using their respective public IP addresses.
0
 

Author Comment

by:sundance1560
ID: 18030049
Thnanks DrDave,

I think you were acurate in your interpretation. I suspected that their might be a conflict in haveing the matching domain names. I have not been able to test drive yet but will let you know how it turns out.

dan
0
 

Author Comment

by:sundance1560
ID: 18033568
DrDave,

I have added the host records for www and mail as perscribed but still cannot recieve mails or visit our website on clients. Is it possible that Icehouse DNS only recognises inquiries from the gateway since they are mostly home, small office or do you think it can be resolved internaly. Other ideas?
0
 

Author Comment

by:sundance1560
ID: 18042405
Seems to be working now Dr Dave Thanks
0
 

Author Comment

by:sundance1560
ID: 18042425
That was premature. I am stil at a loss.

d
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 18070048
Sorry, I've been snowed in for a couple of days.  What's the current situation?
0
 

Author Comment

by:sundance1560
ID: 18077124
Hi Thanks for following up. I have set the host records for the mail server, mail.parksmedical.com 216.229.161.78 and www.parksmedical.com 216.225.15.130. According to dnsstuff.com (resource finder) and go180.net these are the correct ip addresses. I then turn off the gateway dhcp, turn on my dhcp/dns servers and refresh each of the as well as the test client. I ran ns lookup on the client for the two url's www... and mail... and got the appropriate priviously mentioned ip's but still no service from either.

Hope the snow melts some.

Dan
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 25

Expert Comment

by:DrDave242
ID: 18077882
The snow is mostly gone, and work is back to normal.  (I was hoping it would stick around for a little longer.)  Something's not right on the authoritative DNS server for that domain, because I don't get those addresses when I ping those names:

---
H:\>ping mail.parksmedical.com

Pinging mail.my180.net [216.229.188.250] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 216.229.188.250:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

H:\>ping www.parksmedical.com

Pinging parksmedical.com [66.225.15.130] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 66.225.15.130:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
---

The fact that the pings are timing out doesn't necessarily mean anything, as they could be blocked, but the fact that the IP addresses are different from what you've got suggests that something isn't configured correctly.
0
 

Author Comment

by:sundance1560
ID: 18081719
Dave,
Icehouse (DNS 216.229.160.10) subcontracts or owns mxa.go180.net/mxb.go180.net 216.229.188.254/216.229.161.78 and godaddy.net godaddy.com which is our web host. I am told the webserv is 66.225.15.130 though I have not been able to verify the webserv. Perhaps if we just work on mail serv as I am sure of those addresses? Sorry I have not been very concise.

Dan
0
 

Author Comment

by:sundance1560
ID: 18081734
My nslookup return from the client for mail.parksmedical.com shows:

> mail.parksmedical.com
server: unknown
address: 192.168.0.2

name: mail.parksmedical.com
address: 216.229.188.254

Dan
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 18086803
An external nslookup on mail.parksmedical.com gets this result:

Non-authoritative answer:
Name:    mail.my180.net
Address:  216.229.188.250
Aliases:  mail.parksmedical.com

Ignore the "non-authoritative answer" part, as an nslookup using your authoritative nameserver gives the same IP.  So your internal DNS server has a different IP address for mail.parksmedical.com (.254 rather than .250).  However, I've verified that your MX records do indeed point to 216.229.188.254 (mxa.go180.net) and 216.229.161.78 (mxb.go180.net), so I would expect that your mail clients would be able to receive mail, since they're pointing to .254.  I admit, I'm a little stumped on this at the moment.

By the way, your website displays with no problems from here, so I think all you need to do in order to get to it from inside your office is change that www host record to 66.225.15.130.
0
 

Author Comment

by:sundance1560
ID: 18093879
The webservice is no longer an issue but I am still having the same result with the mail services. I can configure the mail server ip addresses as mx records rather then host records on my dns server and the only difference will be priority?
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 18102698
There's no need to put MX records on your internal DNS server at all (unless it's acting as a public DNS server as well and has been delegated authority over that domain by your ISP, but that's not likely).  They're only used on the external DNS server to tell other mail servers where to deliver mail addressed to users in your domain.  Internally, all you really need is a host record.
0
 

Author Comment

by:sundance1560
ID: 18104230
It looks like we have resolved this issue by adding the domail name to the scope on my dns server. I had no idea. I should be able to close this request Monday and I will credit you.

Thanks again, I learned alot.

Dan
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now