A few very tough questions..
|
From: Ace Fekay [MCT] on 8 Dec 2009 11:30 "Leythos" <spam999free(a)rrohio.com> wrote in message news:MPG.25864579a48025f898a001(a)us.news.astraweb.com... > In article <#pIbr9udKHA.744(a)TK2MSFTNGP05.phx.gbl>, > lanwench(a)heybuddy.donotsendme.unsolicitedmailatyahoo.com says... >> Well, there may be more wrong than right and a clean install may be the >> way >> to go, but note that the myrealddomain.com is not a dealbreaker (and note >> that FQDN does not = public host/domain - server.internal.local is a >> fully-qualified domain name too). Heck, if you wanted a lot of headaches >> you >> could use microsoft.com for your AD namespace if you wish. Split brain >> DNS >> (disjointed namespace) is not always an accident. If the main problem is >> wizards you can fix that by running them - and add host records for >> publicly >> hosted resources such as www to their forward lookup zone (with the >> correct >> public IP). >> > > I've seen the DNS service on a .com/.net internal domain basically try > and replicate with a public DNS server at the real .com/.net domain on > the internet - 600 attempts per minute.... > > Anytime I find a .com/.net setup I encourage the customer to blow it > away and build it right. > Curious, did you use Wireshark or similar that indicated this was occuring? What was the zone property's SOA and NS settings on that external zone that was shadowed internally? Honestly, I haven't seen this with DNS when creating an internal zone of a public zone that already exists, unless the SOA or NS settings indicated the public NS or SOA for the public zone nameservers. When a Primary zone (AD integrated or Standard zone) is created on a DNS server, it becomes a content server for that zone it hosts and believes it is the start of that namespace and won't "look or replicate" (for a lack of a better term) or forward elsewhere for that content unless the public NS and SOA are indicated in it's properties. Just curious... -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution. Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer For urgent issues, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
From: Leythos on 8 Dec 2009 16:26 In article <epGwRPCeKHA.5228(a)TK2MSFTNGP06.phx.gbl>, aceman(a)mvps.RemoveThisPart.org says... > Curious, did you use Wireshark or similar that indicated this was occuring? > What was the zone property's SOA and NS settings on that external zone that > was shadowed internally? > > Honestly, I haven't seen this with DNS when creating an internal zone of a > public zone that already exists, unless the SOA or NS settings indicated the > public NS or SOA for the public zone nameservers. When a Primary zone (AD > integrated or Standard zone) is created on a DNS server, it becomes a > content server for that zone it hosts and believes it is the start of that > namespace and won't "look or replicate" (for a lack of a better term) or > forward elsewhere for that content unless the public NS and SOA are > indicated in it's properties. > This was 6 years ago (or more) and was a windows 2000 server setup incorrectly to replicate DNS. I don't remember the details (I'm getting old), but I remember calling the name owner and asking why their DNS server as attacking this one - it was funny, all I had was their IP, not their DNS name, and the local server was named "Stormy.com" and that was their public name.... their server was trying to replicate with the local server and the local with them, but I don't recall any of the details. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: Ace Fekay [MCT] on 8 Dec 2009 22:14
"Leythos" <spam999free(a)rrohio.com> wrote in message news:MPG.25888e832bbb8c7e98a00b(a)us.news.astraweb.com... > In article <epGwRPCeKHA.5228(a)TK2MSFTNGP06.phx.gbl>, > aceman(a)mvps.RemoveThisPart.org says... >> Curious, did you use Wireshark or similar that indicated this was >> occuring? >> What was the zone property's SOA and NS settings on that external zone >> that >> was shadowed internally? >> >> Honestly, I haven't seen this with DNS when creating an internal zone of >> a >> public zone that already exists, unless the SOA or NS settings indicated >> the >> public NS or SOA for the public zone nameservers. When a Primary zone (AD >> integrated or Standard zone) is created on a DNS server, it becomes a >> content server for that zone it hosts and believes it is the start of >> that >> namespace and won't "look or replicate" (for a lack of a better term) or >> forward elsewhere for that content unless the public NS and SOA are >> indicated in it's properties. >> > > This was 6 years ago (or more) and was a windows 2000 server setup > incorrectly to replicate DNS. I don't remember the details (I'm getting > old), but I remember calling the name owner and asking why their DNS > server as attacking this one - it was funny, all I had was their IP, not > their DNS name, and the local server was named "Stormy.com" and that was > their public name.... their server was trying to replicate with the > local server and the local with them, but I don't recall any of the > details. > > -- > You can't trust your best friends, your five senses, only the little > voice inside you that most civilians don't even hear -- Listen to that. > Trust yourself. > spam999free(a)rrohio.com (remove 999 for proper email address) Ok, thanks. My feeling is the public nameserver for stormy.com was in the nameserver tab, or specified as an SOA in the zone properties. Otherwise, it wouldn't have been communicating to it as if it was looking at the public nameservers as the SOA of the zone, or zone pulls, etc. Cheers! Ace |