?
Solved

Correct IP address for DNS Setup

Posted on 2008-02-10
10
Medium Priority
?
530 Views
Last Modified: 2011-10-19
Been on this site for a few weeks and have already learned more than the network classes I took three years ago. Unfortuanly, the other job took precedence, but I'm geting back into it.

What IP address should I set in my TCP/IP for the Server? The Static assigned by my ISP or as I thought and read something I decide on, like 192.168.1.100?

My static IP is 69.73.xx.xx and it routes thru port 2 of a cisco router (not sure of the model, it's mounted to the wall). Gateway IP 69.73.xx.xxx. I have a Kingston Ether Pro hub attached to Port 2 with the server and one client plugged into the hub.

I've tried both ways and the only way I get to the internet is by assiging my static IP. When I set to the 192.168...., I get a notice about the gateway not being on the same subnet and no access.

WIth the static IP, I get all the indications DNS is working properly. (NSLOOKUP comes back to my Static IP and my domain name, etc.) Then I setup DHCP with a scope of 192.168.1.1 - 20, authorize and all appears fine. When I test a client computer, it's like the DHCP request turns left at the gateway and finds a IP address outside instead of finding the DHCP from the Server. I've tried the clinet with and without a gateway setting, plus with and without the DNS setting point to the Server (static IP)

Am I getting confused on internal and external domains? I'm trying to setup a Server (AD, DNS and DHCP) for a 5 XP machine network.

Network Background on the building: The network: 10 XP machines running as a workgroup. I installed a Server 2003 R2 and need 5 of the 10 computers on a secure seperate network. Matrix Fiber Optic with 24 port cisco with gateway IP 69.73.xx.xxx (not sure model number, ISP manages it and ID plate is against the wall). Ports 8-24 are for VoIP. Ports 1-6 are static IP's (69.73.xx.xxx - 69.73.xx.xx) 1 is the WAN and Port 6 is the LAN. Port 6 connected to a 3 Com Cable/DSL. Ports 2, 3, 4, and 5 are Static IP's. Port 7 is dead (according to ISP Tech Support). I attached a Kingston Ether Pro Switch to cisco port 2 and the sever to the Kingston switch. Clinet plugged into the Kingston switch as well. ISP DNS's are 69.1.xx.xx and 69.1.xx.xx.

Appreciate any help for a NOIB DNS'er
0
Comment
Question by:Raptorfixer
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 2

Expert Comment

by:laurin1
ID: 20861395
Ok, I'm a little unclear about your configuration and not familiar with Cisco equipment, per se, but if that device is a router, not a switch, then port 1 needs to be configured with the static IP of your Gateway (and you need to be sure it's acting as a gateway, and not a router. It sounds like it is, but you need to be sure. Time Warner provides a "gateway" to us, that can be a router, but we had them put it in gateway mode (no routing, no DHCP, and the device behind it uses the same IP as the gateway.) Also, if the Cisco device is a router, not a switch, besides setting port 1 to a static IP, you need to make sure it's not providing DHCP of it's own (may not even be capable, but just to be sure.) Next, port 6 of your router needs to be set to an internal static IP. If you want to use the 192.168.0.0/24 (24 = 255.255.255.0) range, then set the router to 192.168.0.1, preferably, but it can be anything in that range. Finally, set your DHCP server to use the 192.168.0.0/24 range and have it broadcast the router's internal IP as 003 router in the DHCP scope. DNS should be set to your Domain Controller/DHCP server, assuming that you are providing DNS.

If you are incorrect and that Cisco device is just a switch (the fact that setting your DC to the external static IP allowed you connect makes me suspect, but I don't know Cisco), then either that Gateway device needs to be a router, or you will have to buy one or, not preferably, you can make your DC also a router. You have to have a routing device, and it has to be in between the ISP and your subnet.

On my subnet 192.168.0.5 is the internal IP address of my router, .2 and .9 are my DHCP/DNS servers.
dhcp-options.bmp
0
 

Author Comment

by:Raptorfixer
ID: 20861862
Thank you for the info.

Some additional Info:
I mispoke in my original e-mail

Ports 3-5 are access ports, we have 6 static IP's assigned.
DSL/Cable is a 3 Comm Office Connect Router (I don't have admin password and since I'm not sure of current settings, don't want to reset it and loose any key settings for the phones)

Info provided by ISP: (Not true IP's, only representative)
Port 1 WAN
Port 2-5 Access Ports
Port 6 - LAN
Ports 8-12 Phones

Inferface IP 75.72.145.2
Gateway IP 75.72.145.1
Subnet Mask 255.255.255.252
DNS Server 68.1.30.50 and .51

Routed Network Information
Office Subnet 68.73.89.112/29 with 6 usable IP's
Usable Range 68.73.89.113-118
Gateway; 68.73.89.113
Broadcast 68.73.89.119
Subnet Mask 255.255.255.248

I'll contact Knology tech support, who manages the cisco,  and ask somemore about the cisco setup and get the model number.  When you say " , port 6 of your router needs to be set to an internal static IP." does this mean having tech support change a setting to the cisco so it always points to the static IP?

When I taked to tech support yesterday, they told me my access ports (2-5) are not set up to recogize DHCP. If i hook a computer up to a port, I get a IP address, but it's not nothing I recogize. The ViOP phones get DHCP (ports 8-12) from the Cable/DSL and are the typcial 192.168.x.x.

When you say to use another router, how could I connect it with the cisco and current DSL/Cable.

I've only set up small office networks and this one is more complex than I'm used to, especially with the cisco in place.


0
 
LVL 6

Expert Comment

by:Geyybecca
ID: 20861957
OK taking a t look through this you have now provided enough information to give an answer, firstly your router has two zones, inside and outside and both are configured with public IP addresses (Very wasteful)

Outside 75.72.145.2 You can see from your sebnet mask that there are only two IP's on this network, the other one being your default gateway for the router 75.72.145.1

on the inside you have 6 useable IP addresses 68.73.89.113 is used on the internal Interface of the router and is used by any device on your internal network as the default gateway, so in actual face you can only have 5 other devices on the inside with a public routable IP address. 114-118

If your planning on connecting your server directly to the network the router is on you would need to give it an IP address from 114-118

This raises the obvious question, what are you using for a firewall? this should be given one of your public IP address on its outside interface and a private IP address such as the 192.168.*.* you mentioned in your first post.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 6

Expert Comment

by:Geyybecca
ID: 20861968
One more thing, if you are planning on connecting devices directly to the public range given by your ISP then you should use DNS Server 68.1.30.50 and .51 as your DNS servers.

However I would highly recommend you install a firewall and give your clients that devices internal interface as thier DNS server and have that device quiery the public DNS's server provided by your ISP
0
 

Author Comment

by:Raptorfixer
ID: 20862156
Geyybecca

Thanks.

I've set up the server using 68.73.89.115, as a IP, install DNS, setup forward and reverse lookup zones, use 68.1.30.50 and .51 in the forwarders tab. I do a NSlookup and get my domain name in reture with the 68.73.89.115 IP showing. DNS events start writing and everything looks like it's running well.

At this point the Server is attached to the Kingston Hub  and appears to be operating normally. I then set the Server up for DHCP, and by all indications, appears to be running normally.  In DHCP options, I'm showing
o3 Router 68.73.89.113
06 DNS Server 68.73.89.113
15 DNS Domain Name "shows my domain"

I'vehave tried diffent scopes, but cannot get a client to pull a IP. I'm testing with one client XP machine that works fine when attached to the ViOP phone.

I think it has something to do with the way I have the hub plugged into the cicso. Is it even correct to plug the Kingson Hub straight into a access port?

I may be overthinking my needs. I just need to limit access to the server by 5 computers/users and planned on using AD to perform that task. AD requires DNS, but will this work without a DHCP server? I've searched the site, but get pros and cons to both, but it's not clear.

Right now I'm relying on windows firewall, but after testing and setup, I'll move to a more robust firewall.
0
 
LVL 6

Expert Comment

by:Geyybecca
ID: 20862302
what IP are you giving your clients in DHCP? also is this a Windows domain? if so you would need to authorise the DHCP server
0
 

Author Comment

by:Raptorfixer
ID: 20862527
I've tried everything I could think of. Since my IP is  68.73.89.115 (I incorrectly put .113 in my reply to you) I tried 68.73.89.1-8 and varations of 192.168.1 and .2. with compatible subnet masks.

Each time I creat a scope, I authorize it and I get a green up arrow.

When I try DHCP from a workstation, it will aquire a IP like 69.73.xx.xx (the xx.xx usually are the same with each /renew, but sometimes different). The IP it's aquiring, but not connecting to, doesn't even appear to be inside the office networks.  I've tried to set the workstations TCP/IP settings to the gateway of the router 68.73.89.113, but still no DHCP from the server. On the off chance it'd work, I did a ipconfig /flushdns with no luck.

 It'll be tomorrow before I can get back to the office, I can do a few /renews and post if you think if would help.
0
 
LVL 2

Expert Comment

by:laurin1
ID: 20863824
That IP address is either coming from the "gateway", or your ISP itself (or possibly the router.) Probably the former. Talk to your ISP and tell them you want that to make sure the gateway is just that and that it is not running DHCP, nor is it passing DHCP requests.
0
 
LVL 3

Assisted Solution

by:cycle303
cycle303 earned 200 total points
ID: 20863906
Not to be mean, but this seems like a big mess.  I just want to make sure I have the general idea of what is going on.  You have a cisco device that must support VLANS as well as routing capabilities due to the NAT on the VOIP interfaces.  You are interested in setting up the 2003 server, using DHCP, and creating 2 subnets for security.  You have 6 public IP's available.  1 port on the CISCO is allready set for the office subnet?  No other firewall exists other than Windows firewall (and the security provided by NAT on the CISCO).  If your ultimate goal is the server and the 2 subnets for security, than why do you need 6 routable IP's?  Are you using some of the IP's for the VOIP circuits?  Anyway, without IP's and the rest, let us know what the ultimate goal is.  The ideal method for what I see would be to use the public IP's externally only, assign NAT to 2 LAN ports on the CISCO.  Allow DHCP passthrough on the 2 LAN ports.  Setup 2 DCHP scopes (1 for each subnet).  Assign the server a non-routable IP (192.168.XXX.XXX 10.XXX.XXX.XXX 172.128.XXX.XXX) and use a slightly different subnet for the other network.  The other option would be to use another firewall between the two subnets, but it would seem that the CISCO could do this already.
0
 

Accepted Solution

by:
Raptorfixer earned 0 total points
ID: 20944195
Sorry I haven't responded in a while, picked up the flu.

For now, instead of going with a DC, I've decided to stay with a workgroup environnment. Turns out the law program the lawyers need to run requires Sequel 2005 and for now, they don't want to spend additional money on another server, so this one will do the duty. We've developed a 12 month plan to purchase additional servers and bring the entire network of 12 computers under a single domain instead of splitting the effort.

Thanks everyone for your inputs.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question