[LONG] 70-291 - DNS Dynamic Registration Problem

Discussion in 'DNS Server' started by M D, Sep 7, 2006.

  1. M D

    M D Guest

    Hi everybody!

    I'm studying on 70-291 MS Press self paced training kit book (v.1) and
    practicing with MS Virtual PC.
    In the last few days I've gone mad trying to get that "ipconfig
    /registerdns" working between a DNS Client and a Server (each of them win
    2003 ).
    The problem was resolved only after decided to change the setting of the
    client from the "obtain an IP address automatically" (requested by that
    MSPress practice) to a static address.
    Obviously I had previously set an "alternate configuration" with a valid IP
    address in the same subnet of the DNS SRV and the correct DNS SRV IP.
    The client was configured with the primary dns suffix of the same zone of
    the DNS and the "register this connection's addresses to DNS" was checked
    (as it is by default).
    I even thought it was a problem of name resolution: I sniffed the traffic
    and noticed that non DNS frames were exchanged between the client and the
    server. So I decided to go straight through the problem and disable Netbios
    resolution from WINS tab in advanced TCP/IP properties in both the VPCs (see
    my other post..)

    Anyway it worked only by setting up a dhcp on the DNS server or setting up
    the static ip address in the client computer.

    Is this problem due to something I've been missing/misconfigured, to MS
    Virtual PC limitations or (just another) unaccuracy in the MS Press book
    practices?

    Thank for any reply!
    Bye

    MD
     
    M D, Sep 7, 2006
    #1
    1. Advertisements

  2. M D

    M D Guest

    Well, since no reply has been posted at the time I'm writing, I would like
    to simplify my question & try to troubleshoot this issue with your help ;)

    First:

    Scenario:
    A machine is configured with "obtaining an IP address automatically" and an
    alternate IP address in the 192.168.0.0 subnet (IP, S.M. and DNS).
    Advanced configuration properties for DNS are at their defaults.
    Another machine, the DNS server, is assigned the 192.168.0.1/24 static
    address.
    A.D. DC role has NOT been installed on the server yet but the 2 PCs have the
    same DNS primary suffix.
    In the DNS server properties I've allowed secure and non secure dynamic
    updates for the zone the 2 PCs belong to.

    First Troubleshooting Question:
    Is it true that the DNS Client will be able to register and update its (A)
    and PTR DNS records even when it is assigned the alternate address
    configuration?

    Please help me ;)

    Thanks a lot to everybody!

    Ciao
    MD
     
    M D, Sep 8, 2006
    #2
    1. Advertisements

  3. M D

    Herb Martin Guest

    Likely your question/post didn't replicate around the
    news servers for a while since it didn't popup for me
    until about a week after your post. If you use the MS
    servers direct your (apparently slow) local news server
    won't be able to delay your posts.
    Is this set in the System Control Panel (where it belongs)?

    Machines should NOT depend on the suffix settings in the
    NIC->IP but FIRST set their full computer name, including
    Domain in the System CP.
    Think of this as "allow unsecure updates" (I really wish they
    have never changed this label.) It's you only choice for dynamic
    updates until you have a DC and put the zone into AD.
    Yes. Clients must be 'modern' (Win2000+) but since only
    WinXP plus (includes Win2003 servers -- they are DNS clients
    too) have the "Alternate Config" that requirement is automatically
    met.

    But you need to make sure they can find the dynamic server and
    that they KNOW their full computer name including DNS domain/zone.
     
    Herb Martin, Sep 13, 2006
    #3
  4. M D

    M D Guest

    Hi Herb!

    Thank you again for your kind reply.
    Well I'm using news.microsoft.com as News Server because my provider doesn't
    seem to download any message from this newsgroup...
    Yes indeed: the 2 PCs have same dns suffix and System properties states that
    their FQDN are PC1.domain1.local and PC2.domain1.local
    Ok. I did it that way ;)
    Well the fact is I'm practicing DNS with VPC 2004 SP1 with 2 Win 2003 E.E.
    and the dynamic updates work only with the IP statically assigned to the
    client server (or assigned automatically by a DHCP server). The dynamic
    registration doesn't work with the alternate configuration.

    I've tried to troubleshoot this problem for a couple of days:
    - There is connectivity between the 2 srvs
    - The DNS server IP address was set in the client IP properties
    configuration (in the advanced section of the TCP/IP properties)
    - Ping worked but, as what I recall from last week troubleshooting,
    analyzing the traffic between the 2 srvs, I noticed that NBT resolution was
    preferred over DNS.
    - Even trying to force DNS registration (rebooting the client PC or
    executing the ipconfig /registerdns) nothing happened and event logs were
    not of much help (I looked into the system logs of the Client and the DNS
    event log of the srv).
    Those seemed to be working:
    from each of the srvs, launching ping -a localhost they responded with their
    correct FQDN. But when I tried to ping the Client hostname from the srv, the
    reply was not headed with the Client FQDN...

    I eventually thought of a Microsoft VPC limitation but I'm still not sure it
    wasn't my fault ;)

    If you've any further advice please do, I will likely reproducing the same
    environment for other tests the next days.

    Thank again for your reply, your help is highly apprecated.

    Bye

    MD
     
    M D, Sep 13, 2006
    #4
  5. M D

    Herb Martin Guest

    Well, then maybe it is MY news CLIENT but since no one answered
    you it seemed more likely a problem on your end.

    My Outlook Express has been pretty hosed up for quite some time but
    I really just cannot stand any other news client.
    Then that is correct. Many people leave this blank (or wrong)
    and try to correct it on the NIC properties which are mostly to
    be used for machine with multiple interfaces.
    Well, go through the same questions for the Server -- is it's full
    name properly set in the System Control Panel.

    What DNS server is it set to use on it's NIC-> IP properties?

    Can it reach the DNS server?

    (If this doesn't lead to a fix, then send me the IPConfig /all
    output to a file -- use text and don't edit it.)

    Which is the DNS server? (Usually people practicing or testing
    put the DNS on the SAME server as the DC.)

    You can check for DNS "connectivity" by using:

    nslookup somename.domain.com IP.of.DNS.Server

    This will prove that DNS can be answered. (You cannot
    update it if you cannot even query it.)

    Ping and Tracert can of course check routing but this is
    specific to DNS traffic so avoids firewall discrepancies.

    One common mistake people make with DNS clients is
    to set the "DNS Server" in their IP properties to a MIXTURE
    of both internal and external DNS servers.

    That is INCORRECT and UNRELIABLE.
    Why advanced? For a single DNS server you can do it on the
    main (first) page of the IP configuration dialog.

    You only need Advanced settings if you use more than two? DNS
    servers or wish to much with other settings. Make sure you left
    the checkbox for register this interface checked and don't bother
    with any of that suffix stuff SINCE you set the System Control
    Panel correctly.
    How did you determine this? Most likely you have a DNS problem
    (could be routing but DNS directly sounds more likely.)

    I will append my general DNS for AD instructions below.
    This is overkill and wasting your time.
    /registerDNS is only useful for client (or normal server) registration
    and will NOT work for DCs so be aware of that. For DCs we use
    other methods (see below in DNS stuff.)
    No, probably not a VPC limitation which generally works really well
    and does route if you set it up correctly.

    This could be just a routing problem. Better send IPConfig /all from
    both the VPC Virtual Machine AND the VPC Host computer.

    Are they on different subnets or the same?
    We try to help.
     
    Herb Martin, Sep 13, 2006
    #5
  6. M D

    M D Guest

    Hey Herb, I see I grab you a lot of time again! Thank you.
    BTW I usually check google groups to see if my post are ok, and that was
    about 10 minutes after I sent it... Perhaps it's a problem of one news
    server .. Nevermind.

    Here are some clarifications on what it was the scenario:

    I use 1 PC with VPC running 2 Win 2003 EE virtual machines used as training
    networking environment.
    One machine ("PC1") has only DNS installed with a static ip 192.168.0.1/24,
    no default gtw.
    The other ("PC2") has still no role installed and IP configuration is set to
    obtain an IP address automatically with an alternate configuration of
    192.168.0.2/24, no other info.
    The test lab I was doing didn't mention to add the DNS on the alternate tab,
    so I decided to insert the DNS IP in the DNS tab in the advanced TCP/IP
    settings.

    The 2 VM have been configured with the same dns suffix ("Domain1.local")
    from Control Panel -> System Properties -> Computer Name -> More.

    AD hasn't been installed yet so there is no "AD Domain".

    DNS has been configured with a forward "domain1.local" and a standard lookup
    zone for the subnet 192.168.0.0 .

    Tomorrow morning I plan to re-build that scenario and try to get things
    working.
    and post the additional info you requested If not resolving this issue.

    Thanks a lot for your suggestions!

    Bye for now

    MD
     
    M D, Sep 13, 2006
    #6
  7. M D

    Herb Martin Guest

    I use 1 PC with VPC running 2 Win 2003 EE virtual machines used as
    Generally it is better to fix problems than to try re-installing.
    You learn more and by re-installing you may just re-create
    the original issue or learn nothing.

    If this isn't installed currently I don't want to waste time on something
    than cannot even be tested or fixed.

    --
    Herb Martin, MCSE, MVP
    Accelerated MCSE
    http://www.LearnQuick.Com
    [phone number on web site]
     
    Herb Martin, Sep 13, 2006
    #7
  8. M D

    M D Guest

    Hi Herb!
    The fact is that following my 70-291 learning guide that initial scenario
    has now changed to a more complex A.D. infrastructure with 1 DHCP and
    DNSs...
    That's why, on my last check before taking the exam, I can sped some time to
    give it another try...
    Thanks a lot
    MD
     
    M D, Sep 14, 2006
    #8
  9. M D

    M D Guest

    Hi everybody:

    As I'm still in trouble with this anonaly with dynamic updates in VPC 2004
    SP1 and an alternate configured server, here I come with another post...

    (Resume: In a virtual PC secnario compoised of only 1 dns srv and a client
    (win2003 EE), dynamic updates work successfully only when I set up the
    client with static IP address or when I install a DHCP srv on the DNS srv)

    here is a full report of answers to Herb's questions!
    Here are the results of IPCONFIG /ALL run from the "client" PC:


    Windows IP Configuration



    Host Name . . . . . . . . . . . . : COMPUTER2

    Primary Dns Suffix . . . . . . . : domain1.local

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : domain1.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
    Adapter (Generic)

    Physical Address. . . . . . . . . : 00-03-FF-AF-EB-D9

    DHCP Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    Autoconfiguration IP Address. . . : 192.168.0.2

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

    DHCP Class ID . . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : 192.168.0.1

    -----------------------------------------------------------------------------

    Here are the results of IPCONFIG /ALL run from the "server" PC:


    Windows IP Configuration



    Host Name . . . . . . . . . . . . : COMPUTER1

    Primary Dns Suffix . . . . . . . : domain1.local

    Node Type . . . . . . . . . . . . : Hybrid

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No

    DNS Suffix Search List. . . . . . : domain1.local



    Ethernet adapter Local Area Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
    Adapter (Generic)

    Physical Address. . . . . . . . . : 00-03-FF-6D-42-7D

    DHCP Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : 192.168.0.1

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : 192.168.0.1


    From the client computer, "ping computer1" returns:



    Pinging computer1.domain1.local [192.168.0.1] with 32 bytes of data:



    Reply from 192.168.0.1: bytes=32 time=9ms TTL=128

    Reply from 192.168.0.1: bytes=32 time=7ms TTL=128

    Reply from 192.168.0.1: bytes=32 time=5ms TTL=128

    Reply from 192.168.0.1: bytes=32 time=9ms TTL=128



    Ping statistics for 192.168.0.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    Approximate round trip times in milli-seconds:

    Minimum = 5ms, Maximum = 9ms, Average = 7ms

    Actually there's no DC, computer1.domain1.local is the DNS server
    and "nlookup computer1.domain1.local 192.168.0.1" returns:

    Server: computer1.domain1.local
    Address: 192.168.0.1

    Name: computer1.domain1.local
    Address: 192.168.0.1

    no external connectivity is enabled so:

    nslookup www.microsoft.com 192.168.0.1

    Server: computer1.domain1.local
    Address: 192.168.0.1

    DNS request timed out.
    timeout was 2 seconds.
    The host PC (the one that has instaled VPC) is not connected to the 2 VMC.
    I mean: there is no connectivity between the 2 Virtual machines that have
    been configured with the "local only" network; moeover host PC has no
    physical network adapter connected to Inernet.

    Thanks a lot for any further hint!

    Bye

    MD
     
    M D, Sep 16, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.