DNS voodoo

16/03/2006, 10h08

Hello,

Earlier I posted a message about our Windows 2000 DNS (AD integrated),
and our RRAS clients. Unfortunatly, we never got it to work to our
satisfaction, but now we've moved on!

Right now we are using a Cisco PIX with VPN capabilities, which works
like a charm - for the biggest part.

We created a user group on the PIX, defined our DNS and WINS servers,
and logged on. All seemed fine so far. An ipconfig / all shows all the
correct settings, and I can reach my servers by either their netbios
name or by their FQDN, and browse the network. All is good in paradise.

Until we found out that the original problem what we had with RRAS is
still here. My VPN clients don't register in DNS. They seem to be able
to query the DNS server for records of other computers, but they don't
update their record.
When I give a ipconfig /registerdns the registration seems to work -
but when I use a user account to ipconfig /registerdns they get an
access denied error (which I think is standard behaviour).

Is there something wrong in my DNS security settings? It's set to allow
dynamic updates from non-secure hosts. We are in quite a tight spot
about this, because we use an application on the LAN, which connect to
the clients by using FTP - and of course its either not finding a name
at all in DNS or the wrong name (from when the client is at the
office).

Any would be greatly appreciated!

Jaap de Koning

16/03/2006, 21h09

Where do the remotes get their IP address? If from a Windows DHCP server,
have the DHCP server register their IP addresses in DNS. This will work even
if the PIX is operating as a DHCP relay. If the PIX is handing out IP
addresses directly, check and see how dynamic updates are configured in your
DNS. See if allowing all dynamic updates (rather than just secure) s.
Otherwise reconfigure the PIX to relay and let Windows be the DHCP server.

....kurt

"Jaap de Koning" <jaap.dekoning@gmail.com> wrote in message
news:1142503692.620914.50820@i40g2000cwc.googlegro ups.com...
> Hello,
>
> Earlier I posted a message about our Windows 2000 DNS (AD integrated),
> and our RRAS clients. Unfortunatly, we never got it to work to our
> satisfaction, but now we've moved on!
>
> Right now we are using a Cisco PIX with VPN capabilities, which works
> like a charm - for the biggest part.
>
> We created a user group on the PIX, defined our DNS and WINS servers,
> and logged on. All seemed fine so far. An ipconfig / all shows all the
> correct settings, and I can reach my servers by either their netbios
> name or by their FQDN, and browse the network. All is good in paradise.
>
> Until we found out that the original problem what we had with RRAS is
> still here. My VPN clients don't register in DNS. They seem to be able
> to query the DNS server for records of other computers, but they don't
> update their record.
> When I give a ipconfig /registerdns the registration seems to work -
> but when I use a user account to ipconfig /registerdns they get an
> access denied error (which I think is standard behaviour).
>
> Is there something wrong in my DNS security settings? It's set to allow
> dynamic updates from non-secure hosts. We are in quite a tight spot
> about this, because we use an application on the LAN, which connect to
> the clients by using FTP - and of course its either not finding a name
> at all in DNS or the wrong name (from when the client is at the
> office).
>
> Any would be greatly appreciated!
>
> Jaap de Koning
>

17/03/2006, 06h24

Cheers for the reaction mate, the PIX is indeed passing out the DHCP.

We will try and configure it to relay addresses from our internal
server to see if that will work.

I'll be back

20/03/2006, 10h08

Just a little update, we've figured out that when the clients receive
their IP from the PIX it does update the dns - just very slowly.

On a few test cases it took about 30 minutes for the client to register
itself.

We haven't had time yet to try the DHCP relay, hoping to get to that
tomorrow.

20/03/2006, 14h49

Standard zone transfers occur every 15 minutes. Even with DHCP doing the
registration, it'll only happen on the DHCP server's DNS server, and
replication to other DNS servers will happen at the scheduled interval.

....kurt

"Jaap de Koning" <jaap.dekoning@gmail.com> wrote in message
news:1142849311.336635.86100@z34g2000cwc.googlegro ups.com...
> Just a little update, we've figured out that when the clients receive
> their IP from the PIX it does update the dns - just very slowly.
>
> On a few test cases it took about 30 minutes for the client to register
> itself.
>
> We haven't had time yet to try the DHCP relay, hoping to get to that
> tomorrow.
>

16/03/2006, 10h08	#1
Jaap de Koning Messages: n/a Hébergeur:	DNS voodoo Hello, Earlier I posted a message about our Windows 2000 DNS (AD integrated), and our RRAS clients. Unfortunatly, we never got it to work to our satisfaction, but now we've moved on! Right now we are using a Cisco PIX with VPN capabilities, which works like a charm - for the biggest part. We created a user group on the PIX, defined our DNS and WINS servers, and logged on. All seemed fine so far. An ipconfig / all shows all the correct settings, and I can reach my servers by either their netbios name or by their FQDN, and browse the network. All is good in paradise. Until we found out that the original problem what we had with RRAS is still here. My VPN clients don't register in DNS. They seem to be able to query the DNS server for records of other computers, but they don't update their record. When I give a ipconfig /registerdns the registration seems to work - but when I use a user account to ipconfig /registerdns they get an access denied error (which I think is standard behaviour). Is there something wrong in my DNS security settings? It's set to allow dynamic updates from non-secure hosts. We are in quite a tight spot about this, because we use an application on the LAN, which connect to the clients by using FTP - and of course its either not finding a name at all in DNS or the wrong name (from when the client is at the office). Any would be greatly appreciated! Jaap de Koning

16/03/2006, 21h09	#2
Kurt Messages: n/a Hébergeur:	Re: DNS voodoo Where do the remotes get their IP address? If from a Windows DHCP server, have the DHCP server register their IP addresses in DNS. This will work even if the PIX is operating as a DHCP relay. If the PIX is handing out IP addresses directly, check and see how dynamic updates are configured in your DNS. See if allowing all dynamic updates (rather than just secure) s. Otherwise reconfigure the PIX to relay and let Windows be the DHCP server. ....kurt "Jaap de Koning" <jaap.dekoning@gmail.com> wrote in message news:1142503692.620914.50820@i40g2000cwc.googlegro ups.com... > Hello, > > Earlier I posted a message about our Windows 2000 DNS (AD integrated), > and our RRAS clients. Unfortunatly, we never got it to work to our > satisfaction, but now we've moved on! > > Right now we are using a Cisco PIX with VPN capabilities, which works > like a charm - for the biggest part. > > We created a user group on the PIX, defined our DNS and WINS servers, > and logged on. All seemed fine so far. An ipconfig / all shows all the > correct settings, and I can reach my servers by either their netbios > name or by their FQDN, and browse the network. All is good in paradise. > > Until we found out that the original problem what we had with RRAS is > still here. My VPN clients don't register in DNS. They seem to be able > to query the DNS server for records of other computers, but they don't > update their record. > When I give a ipconfig /registerdns the registration seems to work - > but when I use a user account to ipconfig /registerdns they get an > access denied error (which I think is standard behaviour). > > Is there something wrong in my DNS security settings? It's set to allow > dynamic updates from non-secure hosts. We are in quite a tight spot > about this, because we use an application on the LAN, which connect to > the clients by using FTP - and of course its either not finding a name > at all in DNS or the wrong name (from when the client is at the > office). > > Any would be greatly appreciated! > > Jaap de Koning >

17/03/2006, 06h24	#3
Jaap de Koning Messages: n/a Hébergeur:	Re: DNS voodoo Cheers for the reaction mate, the PIX is indeed passing out the DHCP. We will try and configure it to relay addresses from our internal server to see if that will work. I'll be back

20/03/2006, 10h08	#4
Jaap de Koning Messages: n/a Hébergeur:	Re: DNS voodoo Just a little update, we've figured out that when the clients receive their IP from the PIX it does update the dns - just very slowly. On a few test cases it took about 30 minutes for the client to register itself. We haven't had time yet to try the DHCP relay, hoping to get to that tomorrow.

20/03/2006, 14h49	#5
Kurt Messages: n/a Hébergeur:	Re: DNS voodoo Standard zone transfers occur every 15 minutes. Even with DHCP doing the registration, it'll only happen on the DHCP server's DNS server, and replication to other DNS servers will happen at the scheduled interval. ....kurt "Jaap de Koning" <jaap.dekoning@gmail.com> wrote in message news:1142849311.336635.86100@z34g2000cwc.googlegro ups.com... > Just a little update, we've figured out that when the clients receive > their IP from the PIX it does update the dns - just very slowly. > > On a few test cases it took about 30 minutes for the client to register > itself. > > We haven't had time yet to try the DHCP relay, hoping to get to that > tomorrow. >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email