powered by Jive Software

Slightly OT: DNS issues

Ok I’‘m stretching the boundries of JM chat here but we all play with DNS and Routing in the course of admin-ing a JM server so here’'s my situation.

JM2.2 on Slackware - IP 10.0.0.20

Windows 2003 AD - IP 10.0.0.1

Windows XP Desktop - IP 10.0.0.51

Domain inside: awad.ca

Domain outside: awad.ca

All host and cname records inside and outside

If I do an NSLOOKUP fo jabber.awad.ca it points to 10.10.10.20

If I tracert to jabber.awad.ca it goes to 209.183.159.247

If I ipconfig /flushdns nothing changes.

Without the barrage of Windows sucks responses, does anyone have a sugestion has to how to stop this from happening?

Thanks

Peter

So I guess not one had an answer other then “windows sucks”

We’‘ll I guess that’'s part of my motivation for wanting to replace the Windows AD anyway.

Hey Peter,

I’'m in no way an IT guy or a network guy but here are my 2 cents.

Have you tried again 48 hours after you made your DNS change? Is it possible that not all DNSs have been updated (yet)?

Regards,

– Gato

Good guess, but this has been going on for over a year and is noticably worse on the windows desktop now that it is Windows XP rather then Windows 2000.

Peter

PS: sadly IT is my line of work, and this has stumped me for for somethime now.

Couple of thoughts.

Are you using NAT?

You may need to use DNS loopback to prevent the internal network from trying to resolve to an external ip address.

Well, there is one thing you are doing, which is actually a no-no, even according to MS. The domain used for the AD should NOT be a valid external-accessible on the internet domain. It supposedly confuses it. It particularly confuse the AD server when it comes to DNS. By separating your internal and external domains, you will save yourself some headaches.

pawad,

I am an IT guy and we have the same setup (i.e. we use the same domain name “ourcompany.com” for AD that is also used for our internet e-mail and externally hosted website). It’'s not necessarily a “no-no” from Microsoft to do so but you have to understand that there is extra management overhead depending on how many externally hosted services you need to have available to your internal clients.

Basically, you have two different versions of your DNS zone “awad.ca”. The full zone is hosted internally on your own DNS servers and then a subset of those records are hosted externally on your ISP’‘s DNS servers (I’'m assuming you have your ISP hosting the “awad.ca” zone for name resolution by external clients). That external zone will probably have MX records for people to be able to send you e-mail as well as some A records for the “www” host that has your externally accessible website. The extra management overhead involved is that you have to manually maintain a record for that external “www” host on your internal DNS servers so that if an internal client goes to http://www.awad.ca/, they will get routed to the correct website.

Now, back to your problem… I would check the DNS settings for the client that you are trying the tests from. You should be hitting 10.0.0.1 for your DNS. If not, try setting the client to look to your internal DNS server (10.0.0.1) and running the tests again. If you’‘re hitting another server that’‘s just forwarding to an external DNS server, then you’'ll be seeing your internet addressable IP address (209.183.159.247) not your internal private one (10.0.0.20).

Feel free to reply if you have any more questions.

(BTW, Windows does suck but so does every OS. They all just suck in different ways.)

This is what drive me nuts about this… a Tracert goes outside but an nslookup stays inside…

C:\Documents and Settings\Peter Awad>tracert www.awad.ca

Tracing route to awad.ca

over a maximum of 30 hops:

1 1 ms <1 ms <1 ms pawad.1meg.golden.net

Trace complete.

C:\Documents and Settings\Peter Awad>nslookup www.awad.ca

Server: zion.awad.ca

Address: 10.10.10.200

Name: galileo.awad.ca

Address: 10.10.10.250

Aliases: www.awad.ca

To add insult to injury, my wifes laptop traces and lookups just fine; its been on the network running XP longer then the desktop.

I just want consistancy… if its broken be broken… if its not broken stop this crap.

Peter