Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS CONFIGURATION

Posted on 2010-01-05
165
Medium Priority
?
756 Views
Last Modified: 2012-05-08
Hi,

I am currently trying to configure DNS on our work server running Windows Server 2003 64bit however am having some problems configuring/registering it. We currently have Exchange 2007 installed on this server. In summary this server will be handling DHCP, DNS and exchange.I have limited knowledge in the setting DNS so step by step instructions will be very appreciated.

Currently, I have tried to set up DNS using the wizard however haven't had much luck in configuring it properly and registering it. I have downloaded Netdiag.exe from the internet and ran it, please see results below. Can anyone please advise of how to configure DNS properly and getting it working on all workstations. If this is of any relevance workstations are running Windows XP Professional.

Thank you.





    Computer Name: SERVER01
    DNS Host Name: server01.amc.local
    System info : Windows 2000 Server (Build 3790)
    Processor : EM64T Family 6 Model 23 Stepping 10, GenuineIntel
    List of installed hotfixes :
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Network Bridge (Network Bridge)

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server01
        IP Address . . . . . . . . : 10.10.20.13
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . : 10.10.20.1
        Dns Servers. . . . . . . . : 203.8.183.1
                                     192.189.54.33


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'server01.amc.local.'. [RCODE_SERVER_FAILURE]
            The name 'server01.amc.local.' may not be registered in DNS.
    [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
    [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Failed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    The browser is bound to 1 NetBt transport.
    [FATAL] Cannot send mailslot message to 'AMC*' via browser. [ERROR_INVALID_FUNCTION]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Cannot lookup package Kerberos.
    The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully




0
Comment
Question by:ahmzie
  • 94
  • 70
165 Comments
 

Author Comment

by:ahmzie
ID: 26187973
Just to add a quick note here is an error i found in the DNS logs.

The zone 10.20.10.in-addr.arpa is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



thanks again
0
 
LVL 14

Expert Comment

by:Kaffiend
ID: 26188109


On the network adapter properties for this server, change the DNS servers to 10.10.20.13.  If you have another server that is a Domain Controller, add its IP address to the adapter's list of DNS servers.  Also, remove 203.8.183.1 and 192.189.54.33 from the list of DNS servers.  

Because of the current TCP/IP settings on the server, you are seeing these errors. After you have made the change, run netdiag again and see if things have improved.

To configure your XP workstations, make sure your DHCP scope uses these same DNS servers (not 203.8.183.1 and 192.189.54.33)
0
 

Author Comment

by:ahmzie
ID: 26188429
Thank you for your quick response Kafflend.

I only have one Domain controller. I have changed and the dns settings on my Network Adapter Properties to 10.10.20.13 as you have suggested.  

Just want to confirm that when you suggested to "remove 203.8.183.1 and 192.189.54.33 from the list of DNS servers" is this also from the network adapter properties. If this is the case I have done so. Unfortunately the DNS is still failing here are is the new netdiag results below.???




    Computer Name: SERVER01
    DNS Host Name: server01.amc.local
    System info : Windows 2000 Server (Build 3790)
    Processor : EM64T Family 6 Model 23 Stepping 10, GenuineIntel
    List of installed hotfixes :
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Network Bridge (Network Bridge)

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server01
        IP Address . . . . . . . . : 10.10.20.13
        Subnet Mask. . . . . . . . : 255.0.0.0
        Default Gateway. . . . . . : 10.10.20.1
        Dns Servers. . . . . . . . : 10.10.20.13


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
            No names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'server01.amc.local.'. [RCODE_SERVER_FAILURE]
            The name 'server01.amc.local.' may not be registered in DNS.
    [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Failed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{2C953AF4-8501-4014-B6C1-AFB5C8139F50}
    The browser is bound to 1 NetBt transport.
    [FATAL] Cannot send mailslot message to 'AMC*' via browser. [ERROR_INVALID_FUNCTION]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Failed
    [FATAL] Cannot lookup package Kerberos.
    The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188457

>     [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.

Normally caused by using the wrong version of NetDiag. 64-bit OS isn't it? Where did you install the Support Tools from? You should use the version supplied with the OS media if you can.

Chris
0
 

Author Comment

by:ahmzie
ID: 26188478
I downloaded this tool while doing research on google regarding my problem. Any ideas where I can donwnload the 64 bit version?. Also according to netdiag my DNS is failing. According to DNS logs here is what it generated.

The DNS server could not signal the service "NAT". The error was 1168. There  may be interoperability problems between the DNS service and this service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

any ideas?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188496

> Any ideas where I can donwnload the 64 bit version?.

I'm not sure you can, or at least quick googling doesn't give me a link to pass you. Have you got the installation CD / DVD for that version of Windows? It should be on there.

You have Routing and Remote Access installed on the server as well? To be honest though, I wouldn't trust any results it's giving you until it's a version that manages to do it's job properly.

Chris
0
 

Author Comment

by:ahmzie
ID: 26188524
chris-dent thank you for you quick response. Yes I do have routing and remote access on my server. Do i need to make any changes to it to get DNS to work???. Usually what happens is when I connect a workstation to my domain with DHCP coming from the server it will automatically create an A record for that user however, is not doing it now??? any suggestions?
0
 

Author Comment

by:ahmzie
ID: 26188555
ALSO I found this in the log which just came through

The zone BBDE_AMC is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot  be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188557

Have you tried DCDiag at all?

And are the Event Logs showing any errors?

Can we check and see if DHCP has been configured to use specific credentials to perform updates? Head to the DHCP console, open the server properties, then Advanced and click the Credentials button. If those are set and out of date updates will fail.

DHCP also has its own log files, they're held in %SystemRoot%\System32\DHCP, one file per day, see if it's noting an error about updating DNS.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188578

> The zone BBDE_AMC

Really just that? Single label domain rather than "something.com" or "something.local"?

Those always create lots of extra fun unfortunately. You need to add extra registry settings to allow systems to update a single label domain name. The settings are detailed here:

http://support.microsoft.com/kb/300684

If that is all the case, I advise doing a migration at some point (although I'm not suggesting you do that right now), because both the single label name and the underscore used there will cause you problems in the long run.

Chris
0
 

Author Comment

by:ahmzie
ID: 26188596
thanks chris. Ill do this now and let u know how i go. thanks again
0
 

Author Comment

by:ahmzie
ID: 26188614
chris, im sorry to bother you again with all my questions but does this need to be done on the server or on the workstations?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188631

It's not a bother, your questions are why this is all here :)

The clients shouldn't need it, but I'd be tempted to push it out to them anyway. Should be possible to do that using Group Policy, even if it's a reg file executed by a batch file.

I guess this was all working before?

Chris
0
 

Author Comment

by:ahmzie
ID: 26188658
thanks again chris. Your a champ mate. Yes this was all working before. We were in the process of moving premises. We purchased 2 used servers of ebay and are using one for our domain controler and the other for our database. I am almost there in having a succesful network but have little glitches like DNS that drives me crazy hopefully this should work ill give it a go right away and let u know how i go. Thanks again
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188666

If it's a new build, and you can afford the extra time, I would strongly advise you rebuild with a more supportable domain name. It's just if you try and (ever) deploy something like Exchange (other than 2000 / 2003) it'll get real upset about the domain name and you'll have to rebuild anyway.

Chris
0
 

Author Comment

by:ahmzie
ID: 26188691
Yeah it is a new build. Im at home at the moment doing this remotely. Everything is loaded on the server including Domain name and DHCP and all workstations are connected to it. This server also has exchange. Will editing registry keys kill exchange 2007?. Will rebuilding DNS kill the network and kick me off as I am logged in remotely. My full domain is actually "amc.local"      In this case has DNS been setup wrongly?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188725

Oh it is? Well that's fine then :)

Lets see...

In the DNS console, the Forward Lookup Zone is amc.local? And that allows Dynamic Updates at the moment? Can you see if there's either a zone called _msdcs.amc.local, or a sub-folder of amc.local called _msdcs?

Do you have a Reverse Lookup Zone configured as well? Not so important, but always nice to have.

Chris
0
 

Author Comment

by:ahmzie
ID: 26188747
the forward lookup zone is BBDE_AMC I am pretty sure this has been done by someone. I am just trying to configure what they have already done. Um. If I put my Internet provider DNS setting back in my Network Properties and redo the hole DNS thing would this be better, will It kick me off, or would it be better if can Request remote assistance and get your help. If this is okay with you this will save me so much time and I will be very appretiative. Cheers mate please let me know
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188790

Okay, it's starting to make a lot of sense now then :)

It should be pretty easy to resolve:

1. Create a new Forward Lookup Zone called amc.local
2. Set it to Primary and tick Store in Active Directory
3. Permit Secure Dynamic Updates on the zone

It'll ask you how you want to replicate the zone at some point during that. Tell it to use All DNS Servers in the AD Domain (or something very similar to that).

Once that's done, run these commands (Command Prompt will do):

ipconfig /registerdns
net stop netlogon && net start netlogon

If you go back to the DNS Console after that and refresh the view, you should see that it has created an _msdcs folder with lots of sub-folders beneath it. You should also see a Host (A) Record for your server.

May as well create a Reverse Lookup Zone as well. Your IP range is a bit huge, but no matter.

1. Right click on Reverse Lookup Zones and create a new zone called "10.in-addr.arpa". It will have an option of entering either that name or the IP address early on in the wizard, if you go for the IP, just enter 10 and leave the other parts of the IP blank
2. All other settings are the same as the Forward Lookup Zone

For DHCP, are you using the default 8 day lease?

Chris
0
 

Author Comment

by:ahmzie
ID: 26188855
hey Chris, Thanks again mate, yeah with DHCP i am using the default 8 day lease. I have just did all the steps you provided just about to test to see if it works.

Cheers mate will let u know
0
 

Author Comment

by:ahmzie
ID: 26188904
Chris, Mate you are amazing. ITS WORKING!!! WOOT WOOT!!. Mate you are a genius Thank you very much.

The client computers are picking up the DNS. Logs are great only down to 1 concern which is.

The DNS server could not signal the service "NAT". The error was 1168. There  may be interoperability problems between the DNS service and this service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Is this anything to worry about?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26188984

I'll come back to the NAT problem in a moment, just wanted to finish typing this lot.

While we're at it, we may as well set up Aging and Scavenging, it's not essential, but I would always do it at this stage of the build. It helps keep DNS neat and tidy when you have dynamic updates running.

Back to the DNS Console again...

1. Right click on your DNS Server. You should have an option to get Aging and Scavenging for all zones. Select that.
2. In the box that pops up, tick the first box (enabling Scavenging for the zone), then in the boxes below, set the Refresh Interval to 2 days, and the No-Refresh Interval to 2 days.
3. Click OK
4. Right click on the Server again, this time open Properties
5. Select the Advanced tab
6. Tick "Enable Automatic Scavenging" and get the period to 1 day

Those settings could use a bit of an explanation...

All dynamically updated records in DNS get a time stamp. You can see that if you select View / Advanced in the console then open the properties for a record. When Scavenging is enabled that time stamp is used to determine whether or not the record is still valid. Once a record becomes too old, the scavenging process removes it.

Here are the settings:

No-Refresh - During this interval computers on your network aren't permitted to update the TimeStamp on the record. It's here to prevent unnecessary replication traffic, not an issue if you only have one DC, but we'll leave at the 2 days for now. When a record is first registered, or a time stamp is successfully updated the No-Refresh interval begins.

Refresh - This comes immediately after the No-Refresh interval. If a system is still active on the network it will update the time stamp and we go back to No-Refresh. Otherwise it has 2 days to fix it. If no update occurs and this interval passes a record is considered stale and will be removed by the Scavenging process.

That means our record life-time is something like this:

1. Computer gets a record from DHCP
2. DHCP registers record in DNS (a time stamp is set here)
3. As long as the Computer maintains it's lease with DHCP the record is kept (the time stamp is updated)
4. If the computer vanishes, or gets a new IP from DHCP, the record is left (time stamp is no longer updated)
5. 4 days after the last time stamp update (No-Refresh + Refresh) the record is able to be removed from DNS
6. Any stale records (4 days or older with no time stamp update) will be removed from DNS next time the automatic scavenging process runs (above that's set to run once a day)

Why 2 days for those intervals? If you use an 8 day lease systems on your network will Renew and extend their lease once half of the lease has passed. So 4 days into the current lease it is extended. That means any DHCP lease can exist for some multiple of 4 days, and that any DNS record can be valid for some multiple of 4 days.

We can't know how many multiples of 4 days, however, we can give DNS the opportunity to check each time a 4 day interval has passed (since the last time stamp update).

I hope that all made sense... This article has a fine description of all this, probably better than mine, and it has pretty pictures which always helps:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

NAT will follow in a moment.

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189004

Okay, so the NAT error.

That's normally caused by one of a few different components. Does the server have any of these:

1. Routing and Remote Access Service installed and running (check Administrative Tools \ Services). Perhaps for inbound VPN connections?
2. Internet Connection Sharing?
3. More than one network adapter?

Chris
0
 

Author Comment

by:ahmzie
ID: 26189045
Have followed your instructions and it is all smooth mate you are amazing. your service is second to none. Wish there were more of you out there. Will look forward to your routing and remote access instructions. Thanks again mate I really do appretiate this
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189057

Just the few questions above first :) NAT must be running as part of something for that error to occur.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189069
Hey Chris.

Yes the server does have Routing and Remote access enabled. Yes it does have 2 network adapters. The way the server is running is we have the internet plugged directly into the server via network plug. We then have a network plug from the server to the switch. These 2 LAN cards are bridged and DHCP coming off the same server is proving IP's to all workstations. Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189108

Okay, got it. That makes a lot of sense and is a pretty common configuration.

Lets see.. we may be able to do something about this if we prevent DNS from binding to the external network interface.

Head back to the DNS console, then open up the Server Properties again. There should be an Interfaces tab (should be the first one it shows you). Instead of listening on all interfaces we want to change it to only listen on the internal network interface / IP address.

Restart the DNS service once that's done and see if it still generates the error  message?

Chris
0
 

Author Comment

by:ahmzie
ID: 26189126
Hey Chris,

Have tried this, after restarting the DNS service. Error message popped up again.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189213

Thought that might be too easy :)

There should be a way to configure that under the RRAS service. Can you see if there's a DNS Proxy in there anywhere?

Unfortunately I so rarely run RRAS I can't say for certain what we need to do to fix that one up.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189225
hey chris thanks for getting back to me, I cant seem to find DNS proxy in the DNS console but i will continue thanks .
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189230

It'll be in the RRAS Console if it's anywhere.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189259
sorry mate cant seem to find it anywhere
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189267

Hmm, sorry I can't tell you more specifically what to do about this one. Chances are it'll operate happily despite that error, but it would be nice to get it fixed up. I wonder if you would mind raising a new question for it? Someone out there will have fixed it in a time-frame shorter than 5 years ago...

Chris
0
 

Author Comment

by:ahmzie
ID: 26189281
Thats fine mate as long as it wont affect anything I,m happy just to overlook this error. I thank you very much for you help. If you dont mind I know I have already asked you 1000000000 questions but if you dont mind can I please add one more. :-) I have noticed that when using the internet when on a https website i.e. signing into hotmail, it takes a while to load and sometimes it will time out. Does this have anything to do with the configurations of the server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189296

It shouldn't... DNS is done the moment you get from the site name to an IP address, so if you quickly get a response when running "nslookup whateverwebsite.com" it rules that part out.

It's possible the error is being caused by RRAS, but I couldn't particularly say why at the moment.

Do you suffer the same timeout from the server? And it would be interesting to know if it still happens if you plug something else into the internet connection (a laptop say). Of course, that last one is a bit tricky if you're working remotely :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26189342
I have just given it another go, DNS is working fine however HTTPS websites such as when signing into hotmail still slow. I ran it off the server remotely and it is still slow but nowhere near before. Do you think this is due to RRAS or do you think that it will take time for the DNS to really kick in>?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189392

DNS should be as kicked in as it's going to get now, perhaps we could check it's Forwarders (if you used any)?

Head back to the DNS Console, right click and open the Server Properties again. Anything listed under the Forwarders tab?

Chris
0
 

Author Comment

by:ahmzie
ID: 26189446
hey mate, I hope you know how much I appretiate all this.

Please see image below. This is all I have in forwarders.


forwarders.bmp
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189528

I guess you got those from your ISP?

Quickest way to test this is to note them down, then remove them (both) from the Forwarders list. That makes DNS use the server list in Root Hints to perform full name resolution rather than passing everything off to the forwarders.

Then run "dnscmd /ClearCache" on the server, and "ipconfig /flushdns" on the client. Try the web page again.

If it works properly and quickly we can blame it on those Forwarders.

Finally, if that does end up being the problem, either test one of those IPs as forwarders at a time, or confirm them with your ISP, or just continue using the current settings (no forwarders).

Chris
0
 

Author Comment

by:ahmzie
ID: 26189605
hey mate, Have removed forwardes cleared cache flushed dns on client its still the same slow speed. I also am starting to think this may be relate to RRAS. Do i need this??? cant it just be disabled?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189632

I assumed everyone on your network was using your server as default gateway?

That is, I was thinking you have something like:


< Client Systems >    <--->   Switch   <--->   Server   <--->   Modem / Router

Which means the only way to access the Internet is if the server does some kind of routing / NAT.

Whether that can be changed does depend rather a lot on what kit you have available. It would be simpler to have something like this:

< Client Systems >    <--->   Switch   <--->   Server
                                                  |
                                       Router / Firewall

With this setup everyone, including the server, would use the Router / Firewall as their default gateway, and the server has less work to do.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189639
at the moment Server is DNS and Router is gateway. Is routing enabled due to LAN cards being bridged?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189654

Yep, to get traffic between the two networks (one on either side of the server) you'll have to route across the server.

Bridging is a bit less common than using NAT, but I don't have a RRAS server to reference to tell you what might be best.  I tend to work with Cisco / Checkpoint Firewalls for this kind of thing.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189665
I have a cisco as our main router. What if I unplug the cisco network cable from the router put it directly into the switch and from the switch plug a cable to the server. Then disable routing. will this work?? If so do I have to reconfigure any settings?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189704

Potentially yes.

Did you configure the router? Do you know the IP address of it's internal interface? And it's subnet mask as well?

Chris
0
 

Author Comment

by:ahmzie
ID: 26189714
yes IP address of router is 10.10.20.1 and subnet is 255.0.0.0???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189728

Nothing much to lose by trying it then. Plug it in and test it as a gateway? :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26189743
sweet will try this tomorrow as soon as i get to work. Will keep you posted. Mate thank you so so so so so so so so so so so muchhh for all your effort and help. I will defiantly be in touch tomorrow. You are second to none. Do you work for experts exchange?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189752

You're welcome :) And nope, all of us are volunteers.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189756
ohh noo :'( I just encounted heaps of error warning logs.

The DNS server encountered a packet addressed to itself on IP address 10.10.20.13. The packet is for the DNS name "f.root-servers.net.". The packet will be discarded. This condition usually indicates a configuration error.
 
Check the following areas for possible self-send configuration errors:
  1) Forwarders list. (DNS servers should not forward to themselves).
  2) Master lists of secondary zones.
  3) Notify lists of primary zones.
  4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.
  5) Root hints.
 
Example of self-delegation:
  -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.
0
 

Author Comment

by:ahmzie
ID: 26189759
:'( I just wanted this to work:'( please tell me this is an easy fix:'(
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189764

Head back to the Forwarders list and, for now, pop the forwarders we had before in again.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189771
i just tried that and no luck:'(
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189784

Which interfaces have default gateways configured on the server? Just the one connected to the router right?

If that fails, we can start capturing the requests which may help to see how they're ending back up in a loop.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189801
I hope I understood the question correctly. But I have 2 Lan cards of the server. We also have a cisco 1841 modem/router (HWIC card) the router is connected directly to the server. The 2nd LAN card is being connected strait to the switch using DHCP. Did i answer your question correctly? Every network/computer in the company is running a gateway of 10.10.20.1 whether it is static or dynamic
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189811

Okay, so that should be sending out correctly.

Are any public names resolving at the moment?

We can either use the Debug Logging option in the DNS server properties, or a packet sniffer like WireShark to see what the looping DNS requests are actually about.

Chris
0
 

Author Comment

by:ahmzie
ID: 26189831
Im looking for wireshark now to download it. Will it be quicker and will it work if i just redo the dns settings as in delete foward lookup zone and reverse lookup zone and redo it?
0
 

Author Comment

by:ahmzie
ID: 26189849
its blocked me access to internet explorer however I can still access the servers remotely just cant use internet explorer?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189861

> Will it be quicker and will it work if i just redo the dns settings as in delete foward lookup zone
> and reverse lookup zone and redo it?

No, because local names should still resolve. It's having trouble with everything that we haven't defined locally.

It may well be failing to resolve all public names, try "nslookup www.google.com". Are there clients using the network at the moment?

Chris
0
 

Author Comment

by:ahmzie
ID: 26189921
hey chris no luck its saying cant find server name for www.google.com and its failing. I still cant use internet explorer either. Its dead but yet I still have access to rdc which is how im connected at the moment
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189941

Your RDC connection won't need to resolve names.

Okay, so.... from the server can you run:

nslookup www.google.com 203.8.183.1

And:

nslookup www.google.com 192.189.54.33

The implication is that it's trying to send to those, but somehow the outbound packet is ending back up at the server itself (and causing the event to be logged).

Chris
0
 

Author Comment

by:ahmzie
ID: 26189976
i figured out how i am connecting. I am connected to our terminal server which i am then rdp into the dns server. Internet is working on terminal this is becuase I have the dns sretting set on its lan adapter. however not working on the DNS server. I tried nslookup www.google.com 203.8.183.1 worked however the other refused. should i restart the dns server?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26189988

I didn't want to suggest that in case you couldn't get back on. But a restart is always worth a try if you can do so safely.

Chris
0
 

Author Comment

by:ahmzie
ID: 26190003
thats find I am restarting it at the moment. I hope this is going to work. I think it lost its DNS settings becuase when i put the settings on the LAN adapter it works.???
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190010

Where were they before?

Chris
0
 

Author Comment

by:ahmzie
ID: 26190031
initially they were in my LAN adapter.and then when i was configuring dns i got asked to change dns to my server IP which i did and was working fine until now.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190077

Hmm

As far as AD is concerned you'll need to be using your servers IP for DNS, and that should be the only DNS server used (Forwarders are different).

But we're still getting that error logged?

It means your DNS server is getting a query, then as part of its attempt to resolve the query it's sending it back to itself (normally we'd expect it to pass on the query to the forwarders).

Any idea which point it stopped working? We can delete information from DNS, but it should not have any impact on the error its generating.

Fancy trying Debug Logging so we can see what it's looping?

Chris
0
 

Author Comment

by:ahmzie
ID: 26190094
yeah after i removed the dns addressing from the forwarders about 10 minutes later it stopped
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190098

But those are back in now aren't they? Poor confused server, I bet it's something fairly simple.

Is it all in use at the moment (effecting people)?

Chris
0
 

Author Comment

by:ahmzie
ID: 26190115
nope not yet thankfully but it will in 20 minutes. Doctors start working them.. We are a medical clinic. poor patients
0
 

Author Comment

by:ahmzie
ID: 26190137
server has restarted still no internet:(
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190147

Would you mind showing me "ipconfig /all" from the server?

And can we check it's still answering for its own domains? With:

nslookup amc.local

Then perhaps we can look at:

dnscmd /Info

Chris
0
 

Author Comment

by:ahmzie
ID: 26190227
hey chris sorry as i have no internet i am unable to enable it to my email to post it on exchange but i can tell you everyhting you need to know what info would you like to know?
0
 

Author Comment

by:ahmzie
ID: 26190244
see the way i am logged in is through terminal to dns server this is how i have access to it. Would you like for me to request remote assiatnce from terminal and then you can have a look at the dns server and make changes accoridngly?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190254

Sure, but only if you're comfortable with that.

Otherwise, I hoped for...

From ipconfig, a list of active interfaces, the IP addresses assigned, and any default gateway assignment.

From "nslookup amc.local" whether or not it replies, and if it does, that it replies with the IP of your DC.

From "dnscmd /Info", the interface list and the forwarders lists.

Chris
0
 

Author Comment

by:ahmzie
ID: 26190263
yeah mate you sound like a good bloke ill request remote assitance. do you have hotmail?
0
 

Author Comment

by:ahmzie
ID: 26190269
it is required for remote assiatnce?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190273

Nope, but my e-mail address is in my profile on here :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26190283
sorry mate cant find it can you provide it on this page thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190294

Afraid not, it's against the site rules. It's obscured in there, starts "chris (at the domain)".

Chris
0
 

Author Comment

by:ahmzie
ID: 26190311
thats fine. Got it. Sending it an invitation now
0
 

Author Comment

by:ahmzie
ID: 26190324
invitation sent, once your in you will need to mstsc into server01
0
 

Author Comment

by:ahmzie
ID: 26190335
please confirm when you have receievd invitation? cheers mate
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190341

Nothing yet I'm afraid.

Chris
0
 

Author Comment

by:ahmzie
ID: 26190360
k its resent you should recieve this now thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190376

Okay, just got it, one sec, never used it before ;)

Chris
0
 

Author Comment

by:ahmzie
ID: 26190380
ok no problems
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26190401

Hmmm doesn't seem to contain anything useful. Might be easier doing it through MS Messenger (perhaps), I have that installed using the same e-mail address.

Chris
0
 

Author Comment

by:ahmzie
ID: 26190408
ok ill add you one min
0
 

Author Comment

by:ahmzie
ID: 26198201
hey chris, once again thank you very much for your help yesterday, when i got to work I got the server down to 1 nic and reconfigured dns and all is well. I am only down to 2 problems now that need to be resolved fast. HTTPS websites is very slow i.e. when signing into hotmail or for instance westpac when it uses https protocol its like very slow. I know for a fact that this is not related back to dns as when dns was configured on the router still same problem. Our router is a cisco 1841 do I have to do anything or put in any special commands to fix this problem or is this problem due to a non-available service on the server or what is the best option. Just to note some workstations can access some https websites with no problems and others cant??. Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198206

Hey dude,

Glad to hear it's all working a little better.

I'm not sure what would cause the problem with HTTPS, you may need to monitor network traffic on the host and across the router to get any indication of where a delay may be occurring.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198213
cheers chris, thanks for your response, mate that was lightning fast haha, also other problem is when useing exchange was sending an email it takes a while to send or otherwise it times out. Would you know what the fix would be or do you think i should post this questions up on exchange?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198219

That sounds like DNS again, but it's equally possible it's having trouble establishing the TCP connnection.

I'd be throwing WireShark on there as well to see exactly what it's connecting to (or failing to connect to).

Chris
0
 

Author Comment

by:ahmzie
ID: 26198234
cheers mate will do so right away
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198260

Sorry it's a bit vague, but possibilities for that problem extend out from the local system all the way through your ISP and beyond.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198266
I really think that this problem is relating back to the ISP. This is because i have a second WAN connection on the same IP range and it is working perfectly. 2nd I have had problems with my ISP they have given my soo many different DNS servers to try. Can this be the route of the problem. Can it be that I am useing the wrong dns?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198283

If you're not sure, bump the forwarders out again. That takes DNS out of the loop because your server is reliant on no one except the systems that are supposed to provide the answers.

As long as it doesn't start looping the requests again that'll be fine as a running configuration :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26198287
Im afraid by doing so I will have the same problem as yesterday. Should I give it a go anyway?
0
 

Author Comment

by:ahmzie
ID: 26198298
just to let u know incase this is of relevance dns is switched off on the cisco router and switched on on the server and dhcp
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198306

Before you do, head to the Root Hints tab. You should have entries in there like a.root-servers.net, b.root-servers.net, if those are there I'd be very tempted to kill the forwarders off.

If it fills you with dread, change the forwarders to these two:

4.2.2.4
4.2.2.2

Those DNS servers belong to Verizon and are pretty reliable.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198325
ive got both those root hints that you mentioned plus alot more however next to all of them in the IP address tab it has got unknown is that normal?
0
 

Author Comment

by:ahmzie
ID: 26198335
becuase i have ms exchange 2007 running on this server will i need to create a MX exchange record?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198341

Hmm no, that's not normal.

Can you try clicking the Copy From Server button and feeding it this IP: 198.41.0.4. That's the IP for a.root-servers.net, and it will have an up to date copy of those servers.

And no, you won't need an MX Record on there.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198358
ok oh goodness your extremely smart, I now have IP's for all of them except for k.root-servers.net, l.root-servers.net, m.root-servers.net. is this okay?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198365

It's an improvement. If you can, restart the DNS service and check again, we need to make sure those survive a restart there.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198379
hey chris, yep there all still there. whats next
0
 

Author Comment

by:ahmzie
ID: 26198383
please be aware that I am logged in remotely. cheers mate
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198390

Okay, so, either we drop the forwarders completely (removing your ISP from the DNS part of this), or switch them to use Verizons Forwarders.

Neither of these will require a restart and, if its behaving itself, neither should interrupt service.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198395
ok im going to completely remove forwarders lets hope for the best
0
 

Author Comment

by:ahmzie
ID: 26198412
good news forwarders are out internet still running. What should i do now?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198422

Time to test the HTTPS bits again. Your ISP are no longer involved in the DNS side of this, although they still, obviously, provide your net connection.

If it makes no difference, no amount of listening them telling you to change DNS servers will help.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198446
mate your a genius im gonna give it a go do i have to flushdns?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198465

No, but you can if you like, just means it has to look up what it might have in the cache at the moment. It won't cause any significant delay to name resolution.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198490
Mate your a genius. It is working again yay..... Mate what can i do to thank you mate your amazing..i really do appretiatte all your hard work and effort
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198497

Fast enough on the HTTPS connections?

You don't have to do anything, everything is freely given :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26198502
mate im connecting remotely and it seamed to all be okay real test is tomorrow i will for sure keep you posted to let u know how things went. Mate seriosuly your a genius
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198520

Hopefully you'll get an earlier night tonight then :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26198589
haha yep:D:D:D:D:D mate once again i thank you and I am extremely appretiative. Should have an earlier night tonight. Im just trying to figure out how to sort the email issues. Do you think that by using root hints this may of fixed the emailing problems?. one of my collegues has advised that the last time we had this problems with our old servers he created something in the reverse dns and he got it working. Unfortunately he doesnt remember what he did.
0
 

Author Comment

by:ahmzie
ID: 26198602
sorry mate i know so far i have asked you a billion questions, but as im now using root hints, do i get rid of the dns servers in dhcp?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198617

It depends, if the failures were caused by slow name resolution, yes :)

It's always worth checking reverse lookup for mail now you mention it. It's one of the more popular reasons for it failing. Do you know your public IP address?

If not, head to the Exchange Server and load up www.whatismyip.com. Take that IP Address and run:

nslookup -q=ptr TheIPAddress

It should come back with your mail server name.

While we're at it, which version of Exchange? It would be a good idea to check the name it's using to send out mail.

DHCP should only list your internal DNS server (or at least it should now that seems to be working a little better). Your clients will need that one to find AD and will get horribly confused if they find anything else. Same applies to your servers, also easily confused.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198633
Thanks chris, Im using microsoft exchange server 2007. is the public ip the same as my WAN ip?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198679

Yep, it is.

To check the name in Exchange 2007, either run this from the Management Shell:

Get-SendConnector | Select-Object Name, Fqdn

Or by opening the Exchange Management Console, selecting Organization Configuration, then Hub Transport then the Send Connectors tab and looking at the properties of each.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198711
yes got it name is menopausecentre.com.au
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198718

Do you get the same when you run nslookup on the IP Address?

Chris
0
 

Author Comment

by:ahmzie
ID: 26198761
nslookup -q=ptr 202.130.205.63        i get the following message

"Cant find server name for address 10.10.20.13. Non-existant domain"
Server: Unknown
Address: 10.10.20.13
Non Authoritative answer:
63.205.130.202.in.addr.arpa                Name = server.akira.com
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198766

That won't help then. You'll have to ask your ISP to update the Reverse Lookup Record / PTR for you so it matches up with the name your Exchange Server uses to send out mail. That is, unless you've configured a Smart Host?

About the "Unknown" message up there, it's because of the Reverse Lookup Zone. Did you manage to make one for "10.x.x.x Subnet" or 10.in-addr.arpa on your local DNS server?

Chris
0
 

Author Comment

by:ahmzie
ID: 26198789
my reverse lookup zone is configured as 10.10.20.0 It seems to be working really well no error logs and it has automatically created a host record for each workstation is this okay?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198792

Yep, that's okay. Does it have a PTR record in there for your servers IP address / name?

Chris
0
 

Author Comment

by:ahmzie
ID: 26198810
No actually it has only created an NS and SOA record can this be done manually?
0
 

Author Comment

by:ahmzie
ID: 26198816
it has created an A record for the server though??
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198821

It should create it if you run "ipconfig /registerdns". But there's no real harm in manually adding a PTR record for the server.

This is aside from the ISP / mail bit though, it's just aesthetics really. It's more important to get the public records fixed up.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198849
ok i have created one :)
0
 

Author Comment

by:ahmzie
ID: 26198864
chris the main problem is we use a database program called goldmine. The smtp we use is mail.clevercomms.com how can i add this in my reverse to get it working on all workstations?. I know that my collegeue did it once with our old servers and it was working great. Unfortunately he forgot what he did is this possible?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198867

Should get rid of the error message when running nslookup at least.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198899
chris the main problem is we use a database program called goldmine. The smtp we use is mail.clevercomms.com how can i add this in my reverse to get it working on all workstations?. I know that my collegeue did it once with our old servers and it was working great. Unfortunately he forgot what he did is this possible?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198905

Where is mail.clevercomms.com? Is it something you manage?

Reverse Lookup is only relevant as far as mail servers sending mail is concerned. It doesn't play a part in the conversations your workstations have with the server.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198921
nope nothing we manage however, as goldmine basically works with outlook we cannot have an exchange acount linked to goldmine as there are over 40 users. we use a different smtp to send emails through goldmine which is mail.clevercomms.com at the moment this is only working on a few computers not all. does this have anything to do with dns?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198930

It shouldn't be you'd need to see what happens when someone tries to use that server. Does it give a failure message at all?

Chris
0
 

Author Comment

by:ahmzie
ID: 26198939
nope it doesnt fail, it will just time out
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26198952

From one of them that's failing, run:

telnet mail.clevercomms.com 25

Then the same from one that works please?

You might check Antivirus, it's real keen on closing down Port 25 which can prevent things like this working.

Chris
0
 

Author Comment

by:ahmzie
ID: 26198967
i will have to this this tomorow when i get to work as i dont have access to the workstations at the moment. I dont think it is the antivirus as we have been using sofos antivirus for quiet some time now and it is installed on the server and branched out to the clients. I will try telnet tomorrow. If the telnet port is closed how can i open it?
0
 

Author Comment

by:ahmzie
ID: 26198981
the other thing is that all these clients were able to send emails from the past. Can it be a setting on the cisco router?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26199001

> If the telnet port is closed how can i open it?

With the 25 of the end it's the SMTP port we're testing.

As for opening, well it really depends where it's closed. That may be because of AV, or may be because of the router.

Chris
0
 

Author Comment

by:ahmzie
ID: 26199018
ok i doubt it is due to the router as some computers on the network are able to send emails using goldmine others arnt. I will telnet port 25 tomorrow on the ones working and non-working and see what i can generate from there. Mate once again thank you for all your help. Your a genius. you are A++++++++++++++++++++++++++++ x100000

cheers mate
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26199022

No worries :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26199033

:-)
0
 

Author Comment

by:ahmzie
ID: 26275782
Chris mate you are a genius DNS is working really well. HTTPS websites are alot faster. Mate I thank you so much for your help. you are second to none. A+++++++++++++++++++++++++++++

The only thing I am trying to work out with my provider and they insist that it has already been done is to create a reverse record for my exchange
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26276751

Good morning,

You have to be a bit pedantic to get this all to work, suits me quite well really ;)

(nslookup) 202.130.205.63 points to server.akira.com.
(nslookup) server.akira.com points to 216.240.145.60.
(nslookup) server.akira.com.au points to 202.130.205.63.
The server on that IP Address responds as server.akira.com.au (telnet 202.130.205.63 25).

I'm guessing, because of the au, that you're akira.com.au not akira.com? If so...

We need your ISP to change the PTR Record for 202.130.205.63 to server.akira.com.au (be quite firm that it is not correct right now as server.akira.com, ISP support can be a pain in the proverbial about these things sometimes).

I strongly recommend you change the alias (CNAME) you are currently using in public DNS for server and mail to Host (A) records. Two reasons for that:

1. server.akira.com.au as an alias is just risky because many systems will expect this to be a Host record (reverse lookup check that we're trying to fix).
2. Using mail.akira.com.au in your MX record is not legal while it is a CNAME.

I hope that all made sense.

Chris
0
 

Author Comment

by:ahmzie
ID: 26276948
sorry chris, you have me confused there. I undertood up to the point where you mentioned to call my ISP and ask them to point WAN IP to mail.akira.com.au. What needs to be done from my side though?

can you please provide steps

cheers mate
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26276951

Do you manage your public DNS information? Or do they do that too?

Chris
0
 

Author Comment

by:ahmzie
ID: 26276957
chris another thing to mention that my ISP isnt 202.130.205.63 its actaully 202.130.205.62?? has my ISP pointed this to the wrong IP address?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26276961

Your mail server answers on 63, so it doesn't sound too wrong :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26276969
however this isnt the IP we use. The ip we use ends in .62, this has to be changed right?
0
 

Author Comment

by:ahmzie
ID: 26276979
Do you manage your public DNS information? Or do they do that too?

in regards to this i think we do manage it. We have dns service active and are using root hints as you suggested. so i guess our ISP is just providing us with the internet
0
 

Author Comment

by:ahmzie
ID: 26277053
hey chris, how do I modify nslookup to return an authoritive answer: when nslooking up 202.130.205.62?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26277265

All non-authoritative means is that it has a response from the cache (memory). If you want an authoritative response you have to clear the cache on the server.

> however this isnt the IP we use.

Hmmm... start with the basics... are you server.akira.com.au ? :)

Chris
0
 

Author Comment

by:ahmzie
ID: 26277280
nope i believe we are server.akira.com not au.

we have spoken to our ISP regarding this issue. I will send you the email they have emailed us. I will forward the email to your email address. Cheers mate
0
 

Author Comment

by:ahmzie
ID: 26277292
just to confirm i have forwarded the email to you please let me know what u think

cheers mate
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26277322

They don't know what authoritative answer means, but that's not really very surprising ;)

Anyway, we need to make one little change on your Exchange server then we're all set.

Pop open the Exchange Management Console, then expand Organization Configuration, and select Hub Transport. Select the Send Connector tab and open the properties for whatever you have there (I hope there's only one entry).

At the moment that says menopausecentre.com.au doesn't it? That value needs to be changed to mail.menopausecentre.com.au. Which will make everything match up with your PTR record.

Chris
0
 

Author Comment

by:ahmzie
ID: 26277336
yes you are right there is only one record and have changed this to mail.menopausecentre.com.au

whats next? it still says unauthorative?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 26277350

Non-Authoritative Answer just means your server asked for it once, then remembered it and is replying with the remembered version. It's nothing to worry about, normal DNS behaviour.

It's only troublesome if the answer you're getting is wrong, and I think it's all good now isn't it?

That is, when we run this:

nslookup mail.menopausecentre.com.au

We should get the IP address of your mail server. And when we run this:

nslookup -q=ptr 202.130.205.62

You should get "mail.menopausecentre.com.au". And finally, when your mail server starts talking to another it should identify itself as "mail.menopausecentre.com.au", which is the change we just made.

Those three things form part of a simple anti-spam check, since they all match we pass the check.

Chris
0
 

Author Comment

by:ahmzie
ID: 26277353
mate your a genius:)
0
 

Author Comment

by:ahmzie
ID: 26277354
thank you very much:-)
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 26277359

No problem :)

Chris
0
 

Author Closing Comment

by:ahmzie
ID: 31673362
This guy is a genius A++++++++++++++++++++++++++++
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question