Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help with DNS Statis entry ending in 0 (10.1.1.0)

Posted on 2016-07-16
12
Medium Priority
?
98 Views
Last Modified: 2016-07-18
I'm a not a network guy but trying to get up to speed with our DNS configuration on this Windows 2008 R2 server..  In the image below I have received advice that the static 10.1.1.0 entry is not required and in fact can cause problems.  Is this correct?  What does this entry indicated?

dns
Also, the record above (10.1.1.252) is not known to use and does not respond to pings.  Given it was last updated in 2015 I'm considering deleting it.   Shouldn't these records expire automatically?
0
Comment
Question by:canuckconsulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +3
12 Comments
 
LVL 29

Expert Comment

by:Dr. Klahn
ID: 41714698
Some more information would be helpful.

What is the IPv4 setup for your network?  In particular, what address is the network gateway using?

The network appears to be located on 10.1.1.0, from what I see in the image above.  If that is the case, the entry for 10.1.1.0 is probably a static route to the network default gateway.

The Angry IP Scanner is useful for scanning networks to see what devices are present and responding.  Note:  Some virus scanners flag AIPS as a "hacking tool."
0
 

Author Comment

by:canuckconsulting
ID: 41714703
Sorry, I should have provided more detail.

We have a local site at our office and a number of remote servers at Hosting.com.  We have two 2003 DC's locally (IPS 10.1.1.250 and 10.1.1.251).  We have one 2008 DC set up a the remote site with IP 7*.*.*.*.

The image I provided in my original question is the DNS server located at Hosting.com. Below is the output of ipconfig run on this remote DC.  Is there anything else that would help?


IPConfig
0
 
LVL 2

Expert Comment

by:JesNoFear
ID: 41714707
is this a windows domain DC?

If this is a domain controller, the only DNS entry you should have should be 127.0.0.1

What this means is when that host is trying to resolve DNS entrys, it only looks to its own DNS records to resolve.

That being said, if you are trying to have your server resolve to the outside you will need to setup forwarders to public DNS servers to get records of web address you are not hosting a namespace for.
0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 
LVL 2

Expert Comment

by:JesNoFear
ID: 41714708
another note, Static entry's never auto purge, Only dynamic entry's auto purge. if you have specifically added an entry the intention is you know what you are doing and it will stay forever. hints the word Static.
0
 
LVL 29

Accepted Solution

by:
Dr. Klahn earned 1000 total points
ID: 41714711
imo:  Since 10.1.1.0 is not the default gateway or one of your DNS servers, I can't see the need for a static host entry unless there's something unusual located at that address.
0
 

Author Comment

by:canuckconsulting
ID: 41714718
JesNoFear - yes it's a DC running both the AD and DNS roles.  Regarding auto-purge/expring, I was referring to the non-static entry 10.1.1.252 above it.  Why would that not have disappeared over time?


Dr. Klahn - the person who advised me to delete it indicated this was a practice used back in NT4 servers.  He thought maybe whoever set it up hadn't realized this was no longer required.  Does that make any sense to you?
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 41714724
It looks like the server is configured to run Routing and Remote Access (which means it hopefully has TWO NICs) - and is acting as the router for the network.

One strong clue for this is that your gateway configured on the server is a public  IP address.

As you probably know this is most likely a horrible configuration and incredibly vulnerable.

But don't just delete it -- you'll take down your entire network.

Look at workstations and see if their gateway is showing as that address.
0
 

Author Comment

by:canuckconsulting
ID: 41714742
Jeffrey Kane - TechSoEasy - What is the clue that it is running Routing and Remote Access?  It only has one nIc.  This thread is getting my heart rate up!

The other servers on this subnet (only servers are hosted at Hosting.com) are using that same external gateway.  Another question; given I'd blanked out all but the leading 7 of the gateway, how did you know it was an external ip?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41714748
Private addresses start with 1: 10.x.x.x, 172.16-31.x.x, 192.168.x.x, everything else is public (external)
1
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41714760
Right, the leading 7 gave it away.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
ID: 41714918
If this is a domain controller, the only DNS entry you should have should be 127.0.0.1
Incorrect, this goes against Microsoft guidance. A domain controller should point to another domain controller in its site as primary and should contain its loop back as a tertiary at least somewhere in the list of servers.

DNS best practice advice from the Microsoft directory services team here: https://blogs.technet.microsoft.com/askds/2010/07/17/friday-mail-sack-saturday-edition/#dnsbest
DNS BPA recommendations here: https://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

There are always exceptions to this and I would say a satellite site with 1 DC and a link that did not offer good performance or reliability would be one scenario where you would want the primary as the loop back and the tertiary as an off site DC.
0
 

Author Closing Comment

by:canuckconsulting
ID: 41717310
Thanks for the great help.  I will be removing the static entry outside of working hours to test.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question