Ping domain.com inside network should resolve what?

Discussion in 'DNS Server' started by David Lewis, Aug 10, 2004.

  1. David Lewis

    David Lewis Guest

    If I ping our internal domain name domain.com sometimes I get the ip address of our old 2000 DC and sometimes I get a
    completely different ip address. I have retired the old DC and have upgraded to 2003. I am thinking that if I ping our
    domain name internally I should get the ip address of the 2003 DC? Is that correct? Where in MS DNS do I say what the
    ip address of the domain is? On the same note if I ping www.domain.com or ftp.domain.com I get an error of unknown
    host. The web sites resolve externally, but not internally. So it looks like I have some DNS tweaking to do?
     
    David Lewis, Aug 10, 2004
    #1
    1. Advertising

  2. In news:,
    David Lewis <*@*.*> made a post then I commented below
    > If I ping our internal domain name domain.com sometimes I get the ip
    > address of our old 2000 DC and sometimes I get a completely different
    > ip address. I have retired the old DC and have upgraded to 2003. I
    > am thinking that if I ping our domain name internally I should get
    > the ip address of the 2003 DC? Is that correct? Where in MS DNS do
    > I say what the ip address of the domain is? On the same note if I
    > ping www.domain.com or ftp.domain.com I get an error of unknown host.
    > The web sites resolve externally, but not internally. So it looks
    > like I have some DNS tweaking to do?


    If you look under your zone, the LdapIpAddress is what is being resolved
    when you ping domain.com. It looks like:

    (same as parent) A IpAddress

    Each DC registers this record. GPOs and DFS both use this record. Delete the
    old record. Curious, when you removed the 'old' DC, did you properly demote
    it?

    As for www, then it's telling me your internal AD domain name is the same as
    your external name. To resolve the external names, manually create your www
    and ftp and whatever other records you need, and provide the actual external
    IP address.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
     
    Ace Fekay [MVP], Aug 10, 2004
    #2
    1. Advertising

  3. David Lewis

    David Lewis Guest

    thankx

    Do I set up a new host, alias or mail exchanger?

    I resolved the first issue, but I don't understand what a LdapIpAddress is? I didn't see anything that was named
    LdapIpAddress.

    As far as demote, yes I transfered all the MSFO operations and I used the dcpromo on the old DC to demote it.

    "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&>
    |>In news:,
    |>David Lewis <*@*.*> made a post then I commented below
    |>> If I ping our internal domain name domain.com sometimes I get the ip
    |>> address of our old 2000 DC and sometimes I get a completely different
    |>> ip address. I have retired the old DC and have upgraded to 2003. I
    |>> am thinking that if I ping our domain name internally I should get
    |>> the ip address of the 2003 DC? Is that correct? Where in MS DNS do
    |>> I say what the ip address of the domain is? On the same note if I
    |>> ping www.domain.com or ftp.domain.com I get an error of unknown host.
    |>> The web sites resolve externally, but not internally. So it looks
    |>> like I have some DNS tweaking to do?
    |>
    |>If you look under your zone, the LdapIpAddress is what is being resolved
    |>when you ping domain.com. It looks like:
    |>
    |>(same as parent) A IpAddress
    |>
    |>Each DC registers this record. GPOs and DFS both use this record. Delete the
    |>old record. Curious, when you removed the 'old' DC, did you properly demote
    |>it?
    |>
    |>As for www, then it's telling me your internal AD domain name is the same as
    |>your external name. To resolve the external names, manually create your www
    |>and ftp and whatever other records you need, and provide the actual external
    |>IP address.
    |>
    |>--
    |>Regards,
    |>Ace
    |>
    |>Please direct all replies ONLY to the Microsoft public newsgroups
    |>so all can benefit.
    |>
    |>This posting is provided "AS-IS" with no warranties or guarantees
    |>and confers no rights.
    |>
    |>Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    |>Microsoft Windows MVP - Windows Server - Directory Services
    |>
    |>Security Is Like An Onion, It Has Layers
    |>HAM AND EGGS: A day's work for a chicken;
    |>A lifetime commitment for a pig.
     
    David Lewis, Aug 10, 2004
    #3
  4. David Lewis

    David Lewis Guest

    That would be fun if I knew how to do it. Thankx for the helpful suggestions on how to solve my problem :p

    How would you prefer me to refer to my domain? I don't feel like posting my real domain name to a public news group.


    Jonathan de Boyne Pollard <>
    |>DL> If I ping our internal domain name domain.com [...]
    |>
    |>Does DomainBank know that you have hijacked its domain name for your own
    |>use ?
    |>
    |><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html>
    |>
    |>DL> sometimes I get the ip address of our old 2000 DC
    |>
    |><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-ms-dcs-overwrite-domain-name.html>
    |>
    |>DL> if I ping www.domain.com or ftp.domain.com I get an error of unknown
    |>host.
    |>
    |>This is a side-effect of your hijacking DomainBank's domain name for
    |>your own use.
    |>
    |><URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-split-horizon-common-server-names.html>
     
    David Lewis, Aug 10, 2004
    #4
  5. Try flushing you dns cache with ipconfig /flushdns

    Do you actually have computers named www and ftp?
    if not you will have to setup CNAME records to point to
    the appropriate servers to ping them in that fashion.
    >-----Original Message-----
    >If I ping our internal domain name domain.com sometimes I

    get the ip address of our old 2000 DC and sometimes I get a
    >completely different ip address. I have retired the old

    DC and have upgraded to 2003. I am thinking that if I
    ping our
    >domain name internally I should get the ip address of the

    2003 DC? Is that correct? Where in MS DNS do I say what
    the
    >ip address of the domain is? On the same note if I ping

    www.domain.com or ftp.domain.com I get an error of unknown
    >host. The web sites resolve externally, but not

    internally. So it looks like I have some DNS tweaking to
    do?
    >.
    >
     
    Joshua M. Gillette, Aug 11, 2004
    #5
  6. In news:,
    David Lewis <*@*.*> made a post then I commented below
    > thankx
    >
    > Do I set up a new host, alias or mail exchanger?
    >
    > I resolved the first issue, but I don't understand what a
    > LdapIpAddress is? I didn't see anything that was named LdapIpAddress.
    >
    > As far as demote, yes I transfered all the MSFO operations and I used
    > the dcpromo on the old DC to demote it.
    >


    Just setup A records. No aliases needed. No MX required either. MX records
    are used by mail servers to find the mail machine on a given domain name.

    The LdapIpAddress is the blank host name A record for the domain. You will
    see one registered for each DC. Its an IP address for the domain that has no
    hostname. AD uses that record. Don't mess with it. You will not see that
    name in DNS. It does not have a name called LdapIpAddress. I was just trying
    to point out that is what the engineers call that record. It what GPOs use.
    Here's what the client machine uses to get a GPO:

    \\domain.com\sysvol\domain.com\policies\{LongPolicyGuidNumberHere}

    See the \\domain.com part of it? That is querying for that LdapIpAddress
    record.

    You can also call it the Blank Domain FQDN if you like, or the Blank Host
    Name for the Domain if you like, but you won't see that name in DNS
    anywhere.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
     
    Ace Fekay [MVP], Aug 11, 2004
    #6
  7. In news:,
    David Lewis <*@*.*> made a post then I commented below
    > thankx
    >
    > Do I set up a new host, alias or mail exchanger?
    >
    > I resolved the first issue, but I don't understand what a
    > LdapIpAddress is? I didn't see anything that was named LdapIpAddress.
    >
    > As far as demote, yes I transfered all the MSFO operations and I used
    > the dcpromo on the old DC to demote it.
    >


    Just to add, if the old the one you removed) DC's IP address shows up
    anywhere in DNS, whether as an LdapIpAddress, or a hostname, or a GC record
    (under the _msdcs.gc folder), you need to manually delete it. Look for it.

    Ace
     
    Ace Fekay [MVP], Aug 11, 2004
    #7
  8. David Lewis

    David Lewis Guest

    I did and it seems that we are having better network performance now
    thankx

    "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&>
    |>Just to add, if the old the one you removed) DC's IP address shows up
    |>anywhere in DNS, whether as an LdapIpAddress, or a hostname, or a GC record
    |>(under the _msdcs.gc folder), you need to manually delete it. Look for it.
     
    David Lewis, Aug 11, 2004
    #8
  9. David Lewis

    David Lewis Guest

    geeze, you made the comment about domain.com, I was just responding to your joke.

    I didn't make the decision to use the same domain name internally and externally.
    I'm just coming into an existing network and trying to clean it up.

    I read the pages, I didn't say I didn't? Whats the deal, I just responded to your joke?

    Jonathan de Boyne Pollard <>
    |>DL> Thankx for the helpful suggestions on how to solve my problem :p
    |>
    |>Read the web pages that you were pointed to. I didn't include their
    |>URLs merely as decoration. You've been led to water. Don't blame
    |>others if you remain thirsty because you don't bother to drink.
    |>
    |>DL> How would you prefer me to refer to my domain? I don't feel like
    |>DL> posting my real domain name to a public news group.
    |>
    |>Then you don't understand the nature of what you are doing. Read the
    |>web pages that you were pointed to. I didn't include their URLs merely
    |>as decoration.
     
    David Lewis, Aug 11, 2004
    #9
  10. In news:,
    David Lewis <*@*.*> wrote their comments
    Then Kevin replied below:
    > geeze, you made the comment about domain.com, I was just
    > responding to your joke.
    >
    > I read the pages, I didn't say I didn't? Whats the deal,
    > I just responded to your joke?


    Did he say he was joking? :)




    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 11, 2004
    #10
  11. In news:,
    David Lewis <*@*.*> made a post then I commented below
    > I did and it seems that we are having better network performance now
    > thankx
    >


    My pleasure.
    :)


    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
    --
    =================================
     
    Ace Fekay [MVP], Aug 11, 2004
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Blondie Wong
    Replies:
    0
    Views:
    290
    Blondie Wong
    Mar 2, 2004
  2. Bryan L
    Replies:
    14
    Views:
    1,555
    Phillip Windell
    Jan 22, 2007
  3. JH
    Replies:
    1
    Views:
    194
  4. Robert Cohen

    Can't resolve Public IP's inside the network

    Robert Cohen, Feb 2, 2005, in forum: DNS Server
    Replies:
    1
    Views:
    762
    Robert Cohen
    Feb 3, 2005
  5. CJSnet
    Replies:
    2
    Views:
    223
    CJSnet
    Dec 19, 2005
Loading...

Share This Page