-----Original Message-----
From: Michael B. Smith
[mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003
11:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS
Lookup Problem - Windows 2003
Eh... I ran across something like that
during the w2k3 beta process. Something about w2k didn't support long/extended
DNS responses across TCP and w2k3 does. There was also something fishy about
w2k3 not properly following referrals in deeply embedded zones.
I changed over to having my w2k3 servers
forward to my Unix authoritative servers instead of following root hints and
forgot about it.
From: ml.adlist
[mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003
11:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS
Lookup Problem - Windows 2003
Thanks for the tip. I have added the
static entries to my servers. I have to admit, that in my actual operation
I have not found that to be the case with the PIX. I did find the final cause
of my problems from your tip. The new 6.33 code added a DNS fixup command that
had no qualms at all about eating the responses being sent to my Windows 2003
dns servers I don't know why it did not eat them going to the Win2K dns.
Once I disabled dns fixup, the problem
ended on my test servers, and I just changed the production servers as well.
They now receive long mx responses without issues.
-----------------------
Miles Holt, MCP
Network Engineer
Summit Marketing
[EMAIL PROTECTED]
770-303-0426
-----------------------
"Show me a completely smooth operation and I'll show you someone who's
covering mistakes. Real boats rock." - Frank Herbert, "Chapterhouse:
Dune"
From: Roger
Seielstad [mailto:[EMAIL PROTECTED]
Sent: Sunday, November 02, 2003
3:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS
Lookup Problem - Windows 2003
Um, you *definitely* need to have static
NAT and the correct ACL's for you DNS servers. By default, DNS uses UDP
connects, which are stateless - so there is no session state to track, and the
replies will be rejected.
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: ml.adlist
[mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003
3:35 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] DNS
Lookup Problem - Windows 2003
Thanks, I have really found all the
suggestions given helpful. Even when they have rehashed things I
tried before they have encouraged me to try them again. My main frustration
with all of this is that with what appears to be an identical configuration,
Win2K gives me results and Win2K3 does not and it just makes no sense to me.
The server that I am testing with is one
of my production internal DNS servers. It is also a DC. It is a Netserver LH3000
with a single Intel 10/100 nic. Below is the ipconfig /all.
Windows IP Configuration
Host Name . . . . . . . . . .
. . : atldc1
Primary Dns Suffix . . . . . . . : summitmg.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : summitmg.com
Ethernet adapter Local Area Connection:
Connection-specific DNS
Suffix . :
Description . . . . . . . . . . . : HP NetServer 10/100TX PCI LAN
Adapter
Physical Address. . . . . . . . . : 00-30-6E-00-B3-71
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.100.1.220
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.100.1.230
DNS Servers . . . . . . . . . . . : 10.100.1.206
10.100.1.220
Primary WINS Server . . . . . . . : 10.100.1.206
Secondary WINS Server . . . . . . : 10.100.1.207
It is behind a PIX firewall, running 6.33.
I have added a static acl for TCP and UDP DNS traffic (port 53) from
208.51.103.75 to the internal ip of 10.100.1.220. Note that it should not NEED
this acl as the PIX should nat the outbound request and replies just fine.
For the two dns servers I configured for testing this morning,
there were no ACL's added. In the case of the Windows 2000 DNS all mx
requests work, and for the Windows 2003 DNS only some work. I have found requests
for cnn.com and bestbuy.com to work, but requests for aol.com and earthlink.net
to fail on the Windows 2003 DNS.
Attached is the results for dns
logging on the above server with requests for aol.com and earthlink.net. I
can't really make out the log results. If anyone would like to see screen
captures of the config pages for this server I will be happy to forward them to
you.
-----------------------
Miles Holt, MCP
Network Engineer
Summit Marketing
[EMAIL PROTECTED]
770-303-0426
-----------------------
"Show me a completely smooth operation and I'll show you someone who's
covering mistakes. Real boats rock." - Frank Herbert, "Chapterhouse:
Dune"
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, October 31, 2003
1:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS
Lookup Problem - Windows 2003
Miles, while it is very possible that you
have discovered a bug, I'd like to say it does not appear to be a universal bug
at this time :)
Let's see a config of the DNS server in question. Ipconfig
/all output with brief notes on what IP belongs to what server. Also, let's see
some config info from DNS itself. Listening on what NIC, going through what
type of Router/Firewall. Also, turn on Debug logging in DNS, leave it at the
default, and then run some more tests and look at the log file for any
interesting entries. With this information, we "may" be able to work
this out here.
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that
Today is the Tomorrow you were worried about Yesterday? -anon
