Solved

DNS re-config

Posted on 2008-10-10
7
270 Views
Last Modified: 2011-10-19
I am a new admin at a small company with just one server, Win Server 2003R2.  This server does everything, DHCP, DNS, File and print, and Exchange.

I notices a number of DNS errors in the event logs: The dynamic registration of the DNS record '_ldap._tcp.h2o-law.com. 600 IN SRV 0 100 389 server.h2o-law.com.' failed on the following DNS server:  

DNS server IP address: 89.187.67.184
Returned Response Code (RCODE): 5
Returned Status Code: 9017

Looking at the DNS I was horrified with what I saw - see attched image file.
Given that this server is absolutely mission critical and that there is no other dns server in the business, and it is running IIS and Exchange,  I just want confirmation that my thoughts on how to get the DNS into a more sensible config is right.

Only missing piece of information is that nobody seems to know the IP addresses of the ISP DNS servers.

Please tell me how you would change the config of the DNS and TC/IP of the NIC.

Thanks

Apt-it
dns1.jpg
0
Comment
Question by:apt-it
  • 3
  • 2
  • 2
7 Comments
 
LVL 2

Assisted Solution

by:Matt1705
Matt1705 earned 200 total points
ID: 22690216
There are a couple of things I would do...

1. Document the existing configuration! THis photo is nice...
2. Attempt to determine if the forwarders have a purpose.  They may have been added for a good reason.
3. If the forwarders have no purpose, delete them.
4. Change the dns entries on your server so that it points to itself.  There should be no other DNS entries except the one pointing to itself.

You may also want to look at dhcp to determine what DNS servers are configured.
0
 
LVL 2

Expert Comment

by:Matt1705
ID: 22690255
A second note, you shouldn't need the IP addresses of the ISP DNS servers.  This server should work fine without them.
0
 

Author Comment

by:apt-it
ID: 22690602
Matt1705,  many thanks for your input.  

Regarding the purpose of the forwarders, I can't imaging any point to an address like 10.0.0.254 since this won't route.  Can you suggest any possible reasons for the others and/or how I could go about findinig out their purpose?

Cheera
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 70

Expert Comment

by:Chris Dent
ID: 22693364

The servers listed are:

Address:  80.248.178.131
Server:  henry.therocketshop.co.uk

Address:  91.186.3.142
Server:  ns1.therackhouse.net

Do the names mean anything to you at all? They do both respond to recursive queries (meaning they are or should be valid forwarders). It's up to you if you want to keep those.

If you don't have Forwarders configured the server will use Root Hints to resolve public requests.

> you shouldn't need the IP addresses of the ISP DNS servers

I would probably be a bit stronger with that :) You should not have DNS servers listed in TCP/IP configuration if they cannot provide an authoritative answer for the AD domain.

If the organisation can afford it an additional Domain Controller would be a real benefit.

Chris
0
 

Author Comment

by:apt-it
ID: 22694860
Chris,

Once again, many thanks for your input which is much appreciated.  I also had checked the nslookup for the two IP addresses you mention.  They are dns forwarders for a local co-location service provider who have had dealings with the business, so they could be valid fowarders though, as you say, it may be just as good to use the Root Hint servers, though I  believe this may cause a small performance hit on DNS resolution.

Can you think of any reason why someone would put 10.0.0.254 in the forwarders, or does this just point to incompetence on the part of whoever set up the DNS?

My inclination is, then, (A)  to take out the alternate DNS server in the TCP/ip properties as the server should only point to itself; (B) to remove 10.0.0.254 as this is meaningless, (C), to keep 91.186.3.142 and add 89.187.67.184 to the forwarders as these are the primary and secondary DNS servers belonging to therackhouse.

Does this sound like a good plan to you??

My last question is - do you think that these changes will remedy the Event Log error I reported in my first posting, ID 5774 source, NETLOGON?

Really appreciate you help as I am working alone and need to get this right.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 300 total points
ID: 22696839

Regarding 10.0.0.254. It could have been a Firewall or other internal device capable of handling DNS requests. I'd be hesitant to say incompetence, but that is a possibility if nothing else comes to light :)

That sounds like an excellent plan. And it should resolve the errors provided that an authoritative zone exists for the name it's trying to register.

Chris
0
 

Author Closing Comment

by:apt-it
ID: 31505166
Gents, many thanks for your help - much appreciated!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now