Mark
asked on
having trouble setting up local domain
I have a public domain: xyz.org. Behind my firewall I have a SBS 2008 server, server 2008 database server, linux webserver and linux file server. There are an additional 10 domain connected Windows workstations.
The SBS 2008 machine is the main DNS server and the DHCP server. The office has basically 2 domains: the local windows domain xyz.local, and the publicly visible domain xyz.org.
The linux web server has a static IP and it's dnsdomain is xyz.org. There are no issues with this computer.
My problem is with the linux file server. I have several problems, in fact, but one at a time. This host is supposed to be a local host only - not visible to the Internet. I've configured it to get a dynamic IP address from the SBS server and I've set it's dnsdomain to xyz.local.
Problem 1: from this file server I can connect to the webserver via e.g. ssh@webserver.xyz.local, telnet webserver.xyz.local, etc, but I cannot see the public domain xyz.org:
$ ping webserver.xyz.org
ping: unknown host webserver.xyz.org
yet I can see other public domains, e.g. yahoo.com:
$ ping yahoo.com
PING yahoo.com (98.138.253.109) 56(84) bytes of data.
64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_req=1 ttl=53 time=32.5 ms
What is my problem? It seems like my SBS 2008 DNS server is resolving external public domains, but isn't resolving the public domain it is hosting.
The SBS 2008 machine is the main DNS server and the DHCP server. The office has basically 2 domains: the local windows domain xyz.local, and the publicly visible domain xyz.org.
The linux web server has a static IP and it's dnsdomain is xyz.org. There are no issues with this computer.
My problem is with the linux file server. I have several problems, in fact, but one at a time. This host is supposed to be a local host only - not visible to the Internet. I've configured it to get a dynamic IP address from the SBS server and I've set it's dnsdomain to xyz.local.
Problem 1: from this file server I can connect to the webserver via e.g. ssh@webserver.xyz.local, telnet webserver.xyz.local, etc, but I cannot see the public domain xyz.org:
$ ping webserver.xyz.org
ping: unknown host webserver.xyz.org
yet I can see other public domains, e.g. yahoo.com:
$ ping yahoo.com
PING yahoo.com (98.138.253.109) 56(84) bytes of data.
64 bytes from ir1.fp.vip.ne1.yahoo.com (98.138.253.109): icmp_req=1 ttl=53 time=32.5 ms
What is my problem? It seems like my SBS 2008 DNS server is resolving external public domains, but isn't resolving the public domain it is hosting.
ASKER
clement_nuss: > On your Windows DNS server, which DNS servers are set ?
Here is the image of the network card setup on the Windows DNS server:
As you can see, it has itself as the only DNS. That's a bit odd since what does it use for up-stream DNS? The gateway, 192.168.0.1 is the firewall/router, and it does have ISP DNS IPs specified. Does it go to the gateway for DNS resolution?
I put 192.168.0.1 in as the 2nd (Alternate) DNS server, but no improvement.
> You can too try on a windows computer to lookup DNS records on Windows server using the command : nslookup - "your dns server ip"
Here are my results from that:
Here is the image of the network card setup on the Windows DNS server:
As you can see, it has itself as the only DNS. That's a bit odd since what does it use for up-stream DNS? The gateway, 192.168.0.1 is the firewall/router, and it does have ISP DNS IPs specified. Does it go to the gateway for DNS resolution? I put 192.168.0.1 in as the 2nd (Alternate) DNS server, but no improvement.
> You can too try on a windows computer to lookup DNS records on Windows server using the command : nslookup - "your dns server ip"
Here are my results from that:
C:\Users\mark>nslookup 192.160.0.2
Server: mail.hprs.local
Address: 192.168.0.2
*** mail.hprs.local can't find 192.160.0.2: Non-existent domainC:\Users\mark>nslookup ohprs.org
Server: mail.hprs.local
Address: 192.168.0.2
Name: ohprs.orgC:\Users\mark>nslookup 192.160.0.2 192.168.0.1
Server: UnKnown
Address: 192.168.0.1
*** UnKnown can't find 192.160.0.2: Non-existent domainASKER
more info:
If I send an email from the linux file server to a user on the linux webserver, it gives the following error on the webserver:
# (on file server)
$ mail -r dumper@webserver.ohprs.org
# (on webserver)
----- The following addresses had permanent fatal errors -----
sysadmin@webserver.hprs.lo
(reason: 553 5.1.8 <dumper@webserver.ohprs.or
(expanded from: sysadmin@webserver.hprs.lo
If I ping webserver.ohprs.org FROM webserver.ohprs.org, it works! But if I do nslookup from webserver I get:
$ nslookup webserver.ohprs.org
Server: 192.168.0.2
Address: 192.168.0.2#53
** server can't find webserver.ohprs.org: NXDOMAIN
Clearly, something is messed up! The webserver has the following in the /etc/resolv.conf file:
domain hprs.local
nameserver 192.168.0.2
nameserver 66.193.88.2
nameserver 8.8.8.8
# nameserver 66.193.88.3
If I specify one of the other name servers, it find it:
$ nslookup webserver.ohprs.org 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: webserver.ohprs.org
Address: 64.129.23.95
I am sooooo confused! Clearly, as clement_nuss suggested, there must be something wrong with the Windows DNS server (since it cannot locate the hprs.org domain, but 8.8.8.8 can). But what is wrong and how do I fix it?
If I send an email from the linux file server to a user on the linux webserver, it gives the following error on the webserver:
# (on file server)
$ mail -r dumper@webserver.ohprs.org
# (on webserver)
----- The following addresses had permanent fatal errors -----
sysadmin@webserver.hprs.lo
(reason: 553 5.1.8 <dumper@webserver.ohprs.or
(expanded from: sysadmin@webserver.hprs.lo
If I ping webserver.ohprs.org FROM webserver.ohprs.org, it works! But if I do nslookup from webserver I get:
$ nslookup webserver.ohprs.org
Server: 192.168.0.2
Address: 192.168.0.2#53
** server can't find webserver.ohprs.org: NXDOMAIN
Clearly, something is messed up! The webserver has the following in the /etc/resolv.conf file:
domain hprs.local
nameserver 192.168.0.2
nameserver 66.193.88.2
nameserver 8.8.8.8
# nameserver 66.193.88.3
If I specify one of the other name servers, it find it:
$ nslookup webserver.ohprs.org 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: webserver.ohprs.org
Address: 64.129.23.95
I am sooooo confused! Clearly, as clement_nuss suggested, there must be something wrong with the Windows DNS server (since it cannot locate the hprs.org domain, but 8.8.8.8 can). But what is wrong and how do I fix it?
ASKER
more info:
OK, the ping webserver.ohprs.org worked because that FQDN was in the /etc/hosts file. When I remove it from the /etc/hosts file, pinging doesn't work either. Which is more consistent.
OK, the ping webserver.ohprs.org worked because that FQDN was in the /etc/hosts file. When I remove it from the /etc/hosts file, pinging doesn't work either. Which is more consistent.
well , with the nskookup command you need to use a - ( score) when you want to specify which server you're using : nskookup - 192.168.0.2. and then enter the domain you're looking for.
But apparently the windows server isn't giving the right addresses to your local network. try looking up the properties of your ohprs.org zone, and look if it has some rules to only serve some ips. it may too be a spelling error, because the DNS servers don't look to be your local 192.168.0.2 - mail.hprs.local. then there may be a mistake in this server, you talked somewhere of a hprs.org and too of ohprs.org, which exists on the net.
try then first : nskookup - 192.168.0.2. and ask the DNS server about ohprs.org and about hprs.org, and see if everything is ok. the linux server probably hasn't any got any DNS problem , the resolv.conf is looking to be all right.
hope this will help !
But apparently the windows server isn't giving the right addresses to your local network. try looking up the properties of your ohprs.org zone, and look if it has some rules to only serve some ips. it may too be a spelling error, because the DNS servers don't look to be your local 192.168.0.2 - mail.hprs.local. then there may be a mistake in this server, you talked somewhere of a hprs.org and too of ohprs.org, which exists on the net.
try then first : nskookup - 192.168.0.2. and ask the DNS server about ohprs.org and about hprs.org, and see if everything is ok. the linux server probably hasn't any got any DNS problem , the resolv.conf is looking to be all right.
hope this will help !
ASKER
> you talked somewhere of a hprs.org
That was at the end of my post 39451280 and was a typeo. There is only one public domain: ohprs.org.
> with the nskookup command you need to use a - ( score) when you want to specify which server you're using
Well, the score/dash just enters interactive mode. It works without, and you'll notice that my examples show it working with a different DNS server.
I can now do the nslookup from a Windows workstation:
The last example show a lookup of the domain name, but I specifiy a nameserver provided by the ISP. This does, in fact, return the public domain name and public IP.
I'm not sure what I did to get this far. What I did was remove the self-reference of the DNS server in the NIC config and add the gateway and one of the IPS's DNSes (see attached image and compare with image above).
Note that with this setup I still cannot find the ohprs.org domain from the linux web server unless it is explicitly entered in /etc/hosts:
$ ping webserver.ohprs.org
ping: unknown host webserver.ohprs.org
I need to step back and get some explicit setup help:
1. My NIC card setup screen-shot in posting ID: 39451246 shows the DNS address the same as the DNS server for the DNS server itself. Is this correct or should it point somewhere other than itself (is my new setting show in the current image correct)?
2. What specific configuration steps should I take either on the DNS server or on the linux host to get the linux host to be able to resolve the ohprs.org domain? I think I need this to happen before I can successfully get rid of the email error message.
newNIC-DNS.jpg
That was at the end of my post 39451280 and was a typeo. There is only one public domain: ohprs.org.
> with the nskookup command you need to use a - ( score) when you want to specify which server you're using
Well, the score/dash just enters interactive mode. It works without, and you'll notice that my examples show it working with a different DNS server.
I can now do the nslookup from a Windows workstation:
C:\Users\mark>nslookup 192.168.0.2
Server: mail.hprs.local
Address: 192.168.0.2
Name: mail.hprs.local
Address: 192.168.0.2
C:\Users\mark>nslookup ohprs.org
Server: mail.hprs.local
Address: 192.168.0.2
Name: ohprs.org
C:\Users\mark>nslookup ohprs.org 192.168.0.2
Server: mail.hprs.local
Address: 192.168.0.2
Name: ohprs.org
C:\Users\mark>nslookup ohprs.org 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: ohprs.org
Address: 64.129.23.80The last example show a lookup of the domain name, but I specifiy a nameserver provided by the ISP. This does, in fact, return the public domain name and public IP.
I'm not sure what I did to get this far. What I did was remove the self-reference of the DNS server in the NIC config and add the gateway and one of the IPS's DNSes (see attached image and compare with image above).
Note that with this setup I still cannot find the ohprs.org domain from the linux web server unless it is explicitly entered in /etc/hosts:
$ ping webserver.ohprs.org
ping: unknown host webserver.ohprs.org
I need to step back and get some explicit setup help:
1. My NIC card setup screen-shot in posting ID: 39451246 shows the DNS address the same as the DNS server for the DNS server itself. Is this correct or should it point somewhere other than itself (is my new setting show in the current image correct)?
2. What specific configuration steps should I take either on the DNS server or on the linux host to get the linux host to be able to resolve the ohprs.org domain? I think I need this to happen before I can successfully get rid of the email error message.
newNIC-DNS.jpg
ASKER
clement_nuss, I'm going to also post this last bit as a separate question, devoid of all the clutter ...
Well, examples 2 and 3 are the same in fact, the default DNS server on the windows computer is 192.168.0.2. But anyway, your 192.168.0.2 DNS server doesn't return any address for the ohprs.org domain. Did you run these commands on the windows server ?
To be clear : the output of a nslookup is made of two part : one who speaks about the dns server you're querying IP addresses, and a second part in which the infos you're asking should appear. Then if you ask the 192.168.0.2 dns server or the mail.hprs.local it is the same.
The best config is normally to set the dns server (Windows here) itself as the first dns server in the NIC configuration, but if you only put e.g. 8.8.8.8 dns server, you should be able to resolve ohprs.org. There are too some settings in the DNS server itself about the DNS resolver. Right-click the DNS server in the management console and see what resolver it uses.
Think too to use the ipconfig /flushdns command, which flushes the DNS cache, and may solve some problem ! And could you too tell me if you're able on the Windows server to do : nslookup ohprs.org 127.0.0.1
Good luck !
To be clear : the output of a nslookup is made of two part : one who speaks about the dns server you're querying IP addresses, and a second part in which the infos you're asking should appear. Then if you ask the 192.168.0.2 dns server or the mail.hprs.local it is the same.
The best config is normally to set the dns server (Windows here) itself as the first dns server in the NIC configuration, but if you only put e.g. 8.8.8.8 dns server, you should be able to resolve ohprs.org. There are too some settings in the DNS server itself about the DNS resolver. Right-click the DNS server in the management console and see what resolver it uses.
Think too to use the ipconfig /flushdns command, which flushes the DNS cache, and may solve some problem ! And could you too tell me if you're able on the Windows server to do : nslookup ohprs.org 127.0.0.1
Good luck !
ASKER
The current DNS usage settings on the SBS/DNS server are shown in the image: 192.168.0.1, 8.8.8.8. So, you are saying that I *should* have 192.168.0.2 (the SBS host itself) as the 1st DNS server and, if I want, the 8.8.8.8 as alternate, right?
nslookup ohprs.org 127.0.0.1 gives me:
Server: localhost
Address: 127.0.0.1
Name: ohprs.org
nslookup ohprs.org 127.0.0.1 gives me:
Server: localhost
Address: 127.0.0.1
Name: ohprs.org
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, I got this one solved by creating an A record on the SBS server for webserver.ohprs.org. I'll now continue exploring the email issues and see it that helps resolve the problem and, if not, I'll be back with another post.
THX
THX
On your Windows DNS server, which DNS servers are set ? If you've set an other DNS (in the network card configuration page), it needs to be in second position.
You can too try on a windows computer to lookup DNS records on Windows server using the command : nslookup - "your dns server ip"
e.g. nslookup - 10.1.2.3
Then type xyz.org and check the output. Maybe the problem isn't on the linux server side, but on the Windows server.