Solved

Help with DNS Statis entry ending in 0 (10.1.1.0)

Posted on 2016-07-16
12
63 Views
Last Modified: 2016-07-18
I'm a not a network guy but trying to get up to speed with our DNS configuration on this Windows 2008 R2 server..  In the image below I have received advice that the static 10.1.1.0 entry is not required and in fact can cause problems.  Is this correct?  What does this entry indicated?

dns
Also, the record above (10.1.1.252) is not known to use and does not respond to pings.  Given it was last updated in 2015 I'm considering deleting it.   Shouldn't these records expire automatically?
0
Comment
Question by:canuckconsulting
  • 4
  • 2
  • 2
  • +3
12 Comments
 
LVL 25

Expert Comment

by:Dr. Klahn
ID: 41714698
Some more information would be helpful.

What is the IPv4 setup for your network?  In particular, what address is the network gateway using?

The network appears to be located on 10.1.1.0, from what I see in the image above.  If that is the case, the entry for 10.1.1.0 is probably a static route to the network default gateway.

The Angry IP Scanner is useful for scanning networks to see what devices are present and responding.  Note:  Some virus scanners flag AIPS as a "hacking tool."
0
 

Author Comment

by:canuckconsulting
ID: 41714703
Sorry, I should have provided more detail.

We have a local site at our office and a number of remote servers at Hosting.com.  We have two 2003 DC's locally (IPS 10.1.1.250 and 10.1.1.251).  We have one 2008 DC set up a the remote site with IP 7*.*.*.*.

The image I provided in my original question is the DNS server located at Hosting.com. Below is the output of ipconfig run on this remote DC.  Is there anything else that would help?


IPConfig
0
 
LVL 2

Expert Comment

by:JesNoFear
ID: 41714707
is this a windows domain DC?

If this is a domain controller, the only DNS entry you should have should be 127.0.0.1

What this means is when that host is trying to resolve DNS entrys, it only looks to its own DNS records to resolve.

That being said, if you are trying to have your server resolve to the outside you will need to setup forwarders to public DNS servers to get records of web address you are not hosting a namespace for.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Expert Comment

by:JesNoFear
ID: 41714708
another note, Static entry's never auto purge, Only dynamic entry's auto purge. if you have specifically added an entry the intention is you know what you are doing and it will stay forever. hints the word Static.
0
 
LVL 25

Accepted Solution

by:
Dr. Klahn earned 250 total points
ID: 41714711
imo:  Since 10.1.1.0 is not the default gateway or one of your DNS servers, I can't see the need for a static host entry unless there's something unusual located at that address.
0
 

Author Comment

by:canuckconsulting
ID: 41714718
JesNoFear - yes it's a DC running both the AD and DNS roles.  Regarding auto-purge/expring, I was referring to the non-static entry 10.1.1.252 above it.  Why would that not have disappeared over time?


Dr. Klahn - the person who advised me to delete it indicated this was a practice used back in NT4 servers.  He thought maybe whoever set it up hadn't realized this was no longer required.  Does that make any sense to you?
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 125 total points
ID: 41714724
It looks like the server is configured to run Routing and Remote Access (which means it hopefully has TWO NICs) - and is acting as the router for the network.

One strong clue for this is that your gateway configured on the server is a public  IP address.

As you probably know this is most likely a horrible configuration and incredibly vulnerable.

But don't just delete it -- you'll take down your entire network.

Look at workstations and see if their gateway is showing as that address.
0
 

Author Comment

by:canuckconsulting
ID: 41714742
Jeffrey Kane - TechSoEasy - What is the clue that it is running Routing and Remote Access?  It only has one nIc.  This thread is getting my heart rate up!

The other servers on this subnet (only servers are hosted at Hosting.com) are using that same external gateway.  Another question; given I'd blanked out all but the leading 7 of the gateway, how did you know it was an external ip?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 41714748
Private addresses start with 1: 10.x.x.x, 172.16-31.x.x, 192.168.x.x, everything else is public (external)
1
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 41714760
Right, the leading 7 gave it away.
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 125 total points
ID: 41714918
If this is a domain controller, the only DNS entry you should have should be 127.0.0.1
Incorrect, this goes against Microsoft guidance. A domain controller should point to another domain controller in its site as primary and should contain its loop back as a tertiary at least somewhere in the list of servers.

DNS best practice advice from the Microsoft directory services team here: https://blogs.technet.microsoft.com/askds/2010/07/17/friday-mail-sack-saturday-edition/#dnsbest
DNS BPA recommendations here: https://technet.microsoft.com/en-us/library/ff807362%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

There are always exceptions to this and I would say a satellite site with 1 DC and a link that did not offer good performance or reliability would be one scenario where you would want the primary as the loop back and the tertiary as an off site DC.
0
 

Author Closing Comment

by:canuckconsulting
ID: 41717310
Thanks for the great help.  I will be removing the static entry outside of working hours to test.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question