Problem with DNS resolving externa IP address of the server


G

Guest

Hello
I have a problem. My main server is Win200 server. It holds Exchange Server,
DNS and ISA. This server has 2 NICs and one is connected locally and one have
external IP address. Lets call it "COMMS" Server.

My problem is that we have 3 sub networks. One for each office connected
thru WAN links.
When everything works fine for local network that have the COMMS server on,
it is not true for two other remote networks. When client computers on the
remote networks do DNS query of the COMMS server (for example to access
Exchange) they are given external IP address of the server and this makes the
system slow as it take long time for Outlook to connect to the service. Same
problem with ISA. When we start IE then computers are supposed to connect to
our internal site on COMMS server but it takes like 60 seconds until it will
kick in. This is again due to DNS resolving the name COMMS to external IP
address.

We are using DNS only to resolve the names on the internet (for WWW) and
names on the internal network for services.

What is the best way of making sure that the External IP address of server
COMMS will not be advertised to internal clients.

Regards,
Macio
 
Ad

Advertisements

J

Jason Hammond

sounds like you have a split brain DNS config, internal DNS namespace is the
same as your external. My only question is arent your internal clients
using this server for name resolution, DHCP giving the clients the IP
address, domain name and DNS servers.

If your clients are pointed to that server for DNS and its still not
working sounds like the clients do not have their domain name and suffix
set. To test that do an NSlookup , set the server to COMMS, and do a fully
qualified host lookup.

"exchange.mydomain.com". If that works its definately a domain name, search
order issue.

Wonderboy
 
G

Gary Fose [MSFT]

Disable the external adapter from registering itself on the internal DNS.
--------------------
'--'Thread-Topic: Problem with DNS resolving externa IP address of the server
'--'thread-index: AcTRY3hSfLGJt/T1THagbtpUXxf9dQ==
'--'X-WBNR-Posting-Host: 80.177.148.74
'--'From: "=?Utf-8?B?TWFjaW8=?=" <[email protected]>
'--'Subject: Problem with DNS resolving externa IP address of the server
'--'Date: Tue, 23 Nov 2004 05:51:02 -0800
'--'Lines: 25
'--'Message-ID: <[email protected]>
'--'MIME-Version: 1.0
'--'Content-Type: text/plain;
'--' charset="Utf-8"
'--'Content-Transfer-Encoding: 7bit
'--'X-Newsreader: Microsoft CDO for Windows 2000
'--'Content-Class: urn:content-classes:message
'--'Importance: normal
'--'Priority: normal
'--'X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
'--'Newsgroups: microsoft.public.win2000.dns
'--'NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
'--'Path: cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!
TK2MSFTNGXA03.phx.gbl
'--'Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.dns:45968
'--'X-Tomcat-NG: microsoft.public.win2000.dns
'--'
'--'Hello
'--'I have a problem. My main server is Win200 server. It holds Exchange Server,
'--'DNS and ISA. This server has 2 NICs and one is connected locally and one have
'--'external IP address. Lets call it "COMMS" Server.
'--'
'--'My problem is that we have 3 sub networks. One for each office connected
'--'thru WAN links.
'--'When everything works fine for local network that have the COMMS server on,
'--'it is not true for two other remote networks. When client computers on the
'--'remote networks do DNS query of the COMMS server (for example to access
'--'Exchange) they are given external IP address of the server and this makes the
'--'system slow as it take long time for Outlook to connect to the service. Same
'--'problem with ISA. When we start IE then computers are supposed to connect to
'--'our internal site on COMMS server but it takes like 60 seconds until it will
'--'kick in. This is again due to DNS resolving the name COMMS to external IP
'--'address.
'--'
'--'We are using DNS only to resolve the names on the internet (for WWW) and
'--'names on the internal network for services.
'--'
'--'What is the best way of making sure that the External IP address of server
'--'COMMS will not be advertised to internal clients.
'--'
'--'Regards,
'--'Macio
'--'


This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
 
G

Guest

Hi Gary

Thanks for you answer but i have no idea how to do it.
I tried to look on the internet and didn't find any answers.
I tried to untick "Register this connection in DNS" on the TCP/IP
properities page but it dosn't change a thing.

Do you know how to do it ??

Thanks
Macio
 
G

Guest

Hi Jason

Thanks for your answer but that is not the case. My internal domain name
space is different to my outside one.

Thanks
Macio
 
S

stuartm

Go into the advanced TCP/IP settings on your network adapter, then on
the DNS tab there is an option which is checked by default that says:
"Register this connection's address in DNS" Remove the check box and
then delete the entries from DNS which resolve to the wrong IP address.

Just unticking the box won't remove any entries that are already in DNS
- you'll need to manually delete these yourself.
 
Ad

Advertisements

K

Kevin D. Goodknecht Sr. [MVP]

In
Macio said:
Hi Gary

Thanks for you answer but i have no idea how to do it.
I tried to look on the internet and didn't find any
answers.
I tried to untick "Register this connection in DNS" on
the TCP/IP
properities page but it dosn't change a thing.

Do you know how to do it ??

That does not work on a Domain Controller, you will have to do several
things, it is not just a problem of getting the wrong IP address for COMMS,
but also a wrong IP address for your AD domain name and the wrong IP address
for the Global Catalog if this DC is also a Global Catalog server. You will
have to make several changes, this is a problem with all multi-homed Domain
Controllers. I will post the instructions below, make sure you go through
and follow every step.

1. In the DNS management console, on the properties of the DNS server,
interfaces tab, set DNS to only listen on the private IP you want in DNS for
the server.

2. Add this registry entry with regedt32 to stop the (same as parent folder)
records.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress

(If the DC is also a Global Catalog see note below)

3. Create a new host in DNS, leave the name field blank, give it the IP of
the internal interface. Win2k barks at you saying "(same as parent folder)
is
not a valid host name", click OK to create the record anyway.

4. Right click on Network places, choose properties, in the Advanced menu
select Advanced settings. Make sure the internal interface is at the top of
the connections pane and in the Bindings pane make sure File sharing and
Client for Microsoft Networks is enabled only on the internal interface.


Note-

If the DC is also a Global Catalog use this registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry value: DnsAvoidRegisterRecords
Data type: REG_MULTI_SZ

LdapIpAddress
GcIpAddress

And in addition to the (same as parent folder) record in the domain zone for
the domain name, expand _msdcs, open gc create new host with name field left
blank and give it the IP of the internal interface. This resolves as
gc._msdcs.forestroot.
 
Ad

Advertisements

A

Ace Fekay [MVP]

In
stuartm said:
Go into the advanced TCP/IP settings on your network adapter, then on
the DNS tab there is an option which is checked by default that says:
"Register this connection's address in DNS" Remove the check box and
then delete the entries from DNS which resolve to the wrong IP
address.
Just unticking the box won't remove any entries that are already in
DNS - you'll need to manually delete these yourself.

Unfortunately, that doesn't work like that if it's a DNS and/or DC. There
are reg entries and other configurations to alter, as Kevin pointed out.
Don;t forget to disable NetBIOS on the external interface to prevent port
139 access and eliminate a possible dupe name error.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top