Solved

Help with DNS Statis entry ending in 0 (10.1.1.0)

Posted on 2016-07-16
12
58 Views
Last Modified: 2016-07-18
I'm a not a network guy but trying to get up to speed with our DNS configuration on this Windows 2008 R2 server..  In the image below I have received advice that the static 10.1.1.0 entry is not required and in fact can cause problems.  Is this correct?  What does this entry indicated?

dns
Also, the record above (10.1.1.252) is not known to use and does not respond to pings.  Given it was last updated in 2015 I'm considering deleting it.   Shouldn't these records expire automatically?
0
Comment
Question by:canuckconsulting
  • 4
  • 2
  • 2
  • +3
12 Comments
 
LVL 23

Expert Comment

by:Dr. Klahn
Comment Utility
Some more information would be helpful.

What is the IPv4 setup for your network?  In particular, what address is the network gateway using?

The network appears to be located on 10.1.1.0, from what I see in the image above.  If that is the case, the entry for 10.1.1.0 is probably a static route to the network default gateway.

The Angry IP Scanner is useful for scanning networks to see what devices are present and responding.  Note:  Some virus scanners flag AIPS as a "hacking tool."
0
 

Author Comment

by:canuckconsulting
Comment Utility
Sorry, I should have provided more detail.

We have a local site at our office and a number of remote servers at Hosting.com.  We have two 2003 DC's locally (IPS 10.1.1.250 and 10.1.1.251).  We have one 2008 DC set up a the remote site with IP 7*.*.*.*.

The image I provided in my original question is the DNS server located at Hosting.com. Below is the output of ipconfig run on this remote DC.  Is there anything else that would help?


IPConfig
0
 
LVL 2

Expert Comment

by:JesNoFear
Comment Utility
is this a windows domain DC?

If this is a domain controller, the only DNS entry you should have should be 127.0.0.1

What this means is when that host is trying to resolve DNS entrys, it only looks to its own DNS records to resolve.

That being said, if you are trying to have your server resolve to the outside you will need to setup forwarders to public DNS servers to get records of web address you are not hosting a namespace for.
0
 
LVL 2

Expert Comment

by:JesNoFear
Comment Utility
another note, Static entry's never auto purge, Only dynamic entry's auto purge. if you have specifically added an entry the intention is you know what you are doing and it will stay forever. hints the word Static.
0
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 250 total points
Comment Utility
imo:  Since 10.1.1.0 is not the default gateway or one of your DNS servers, I can't see the need for a static host entry unless there's something unusual located at that address.
0
 

Author Comment

by:canuckconsulting
Comment Utility
JesNoFear - yes it's a DC running both the AD and DNS roles.  Regarding auto-purge/expring, I was referring to the non-static entry 10.1.1.252 above it.  Why would that not have disappeared over time?


Dr. Klahn - the person who advised me to delete it indicated this was a practice used back in NT4 servers.  He thought maybe whoever set it up hadn't realized this was no longer required.  Does that make any sense to you?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 125 total points
Comment Utility
It looks like the server is configured to run Routing and Remote Access (which means it hopefully has TWO NICs) - and is acting as the router for the network.

One strong clue for this is that your gateway configured on the server is a public  IP address.

As you probably know this is most likely a horrible configuration and incredibly vulnerable.

But don't just delete it -- you'll take down your entire network.

Look at workstations and see if their gateway is showing as that address.
0
 

Author Comment

by:canuckconsulting
Comment Utility
Jeffrey Kane - TechSoEasy - What is the clue that it is running Routing and Remote Access?  It only has one nIc.  This thread is getting my heart rate up!

The other servers on this subnet (only servers are hosted at Hosting.com) are using that same external gateway.  Another question; given I'd blanked out all but the leading 7 of the gateway, how did you know it was an external ip?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Private addresses start with 1: 10.x.x.x, 172.16-31.x.x, 192.168.x.x, everything else is public (external)
1
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Right, the leading 7 gave it away.
0
 
LVL 16

Assisted Solution

by:Learnctx
Learnctx earned 125 total points
Comment Utility
If this is a domain controller, the only DNS entry you should have should be 127.0.0.1
Incorrect, this goes against Microsoft guidance. A domain controller should point to another domain controller in its site as primary and should contain its loop back as a tertiary at least somewhere in the list of servers.

DNS best practice advice from the Microsoft directory services team here: https://blogs.technet.microsoft.com/askds/2010/07/17/friday-mail-sack-saturday-edition/#dnsbest
DNS BPA recommendations here: https://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

There are always exceptions to this and I would say a satellite site with 1 DC and a link that did not offer good performance or reliability would be one scenario where you would want the primary as the loop back and the tertiary as an off site DC.
0
 

Author Closing Comment

by:canuckconsulting
Comment Utility
Thanks for the great help.  I will be removing the static entry outside of working hours to test.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now