Server 2012 Essentials - AD/DNS Issues

[AnotherUser]

Network - 192.168.1.0/24 Router - 192.168.1.1 Server - 192.168.1.4 DNS - 192.168.1.4 DHCP - 192.168.1.1

**NOTE - Tracert shows "double NAT", network before 192.168.1.1 is 192.168.254.254, I cannot change this from my current position but can in the future.

I have a domain setup, we'll call it 123.local, server name is WINSVR1. AD promotion was setup which then setup DNS. Router is setup to hand out 1.4 as the DNS server.

DNS queries in the browser seem fast and fine but NSLOOKUP queries have issues and I also cannot locate the local server when I'm trying to join PCs to the domain.

Here's a nslookup I tested from a client, unvisited before.

cbs.com Server: UnKnown Address: 192.168.1.4

DNS request timed out. timeout was 2 seconds. 
DNS request timed out. timeout was 2 seconds. 
DNS request timed out. timeout was 2 seconds. 
DNS request timed out. timeout was 2 seconds. 
*** Request to UnKnown timed-out cbs.com Server:
 UnKnown Address: 192.168.1.4

Non-authoritative answer: Name: cbs.com Addresses: 64.30.228.50 64.30.228.49

I can ping 123.local and nslookup 123.local along with winsvr1.123.local FROM THE SERVER but I cannot ping or nslookup either from a client. I can ping WINSVR1 (not FQDN) but that's probably from WINS or something.

DNS server logs I see the following: The DNS Server encountered a bad packet form 192.168.1.1. Packet processing leads beyond packet length. The vent data contains the DNS packet.

Not sure what the cause is there but there are a lot of entries for that.

I'm sure I'm missing something, let me know what you need to know.

Thanks

 

[dbwillis]

Clients should be getting the DNS from the server, especially if you want clients to connect/use the server, especially for logons, policies, etc.
Im guessing the .254.254 is a uverse/att device?
Turn off the DHCP on the .254 device *or* add your current router into the DMZ type zone
Server should be sending out DHCP info
192.168.1.4 as DNS
192.168.254.254 as gateway (or is you can do the DMZ mode use 192.168.1.1)
255.255.255.0 as subnet

 

[AnotherUser]

Clients should be getting the DNS from the server, especially if you want clients to connect/use the server, especially for logons, policies, etc.
Im guessing the .254.254 is a uverse/att device?
Turn off the DHCP on the .254 device *or* add your current router into the DMZ type zone
Server should be sending out DHCP info
192.168.1.1 as DNS
192.168.254.254 as gateway (or is you can do the DMZ mode use 192.168.1.1)
255.255.255.0 as subnet

Why 1.1 as DNS? Server is 1.4. Also, the 254.254 is coming from a Windstream Modem/Gateway, it's handling the DSL connection, then it's handing down 254.1 to the WAN port of the Linksys. Default gatway of that Linksys is 254.254 of the first router but I don't see how that portion would cause the issue.

 

[dbwillis]

sorry, type, meant the server as DNS (1.4)
its best to get rid of the double NAT, either use the Windstream as the router/gateway or use the Linksys.
You should be able to turn off DHCP on the Linksys and use it as simple switch (as long as the Windstream is doing the dsl user/pass auth) by plugging the windstream into a LAN port of the Linksys, then the windstream will do DHCP on the network.

Or turn off the do the DMZ option (if available) in the windstream, turn off DHCP on the Linksys and use the server for dhcp.

end result is you want whatever is handing out DHCP addresses , to also provide the server as the DNS IP.

 

[AnotherUser]

sorry, type, meant the server as DNS (1.4)
its best to get rid of the double NAT, either use the Windstream as the router/gateway or use the Linksys.
You should be able to turn off DHCP on the Linksys and use it as simple switch (as long as the Windstream is doing the dsl user/pass auth) by plugging the windstream into a LAN port of the Linksys, then the windstream will do DHCP on the network.

Or turn off the do the DMZ option (if available) in the windstream, turn off DHCP on the Linksys and use the server for dhcp.

end result is you want whatever is handing out DHCP addresses , to also provide the server as the DNS IP.

When I get the chance to stop in the shop I will likely make the Linksys a dumb switch but in the mean time, the DHCP device for the "network" is also handing out the right IPCONFIG information. External DNS does work, it's just slow at NSLOOKUP queries sometimes.

 

[dbwillis]

Sorry, I missed that part, whats the ipconfig from a client machine look like

 

[AnotherUser]

Sorry, I missed that part, whats the ipconfig from a client machine look like

The DNS suffix "domain.invalid" I think is some how coming from the Windstream, maybe that IS some how passing bad info along.

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : domain.invalid
   Description . . . . . . . . . . . : Linksys AE2500
   Physical Address. . . . . . . . . : [DELETED]
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : 
   IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 25, 2013 8:26:45 AM
   Lease Expires . . . . . . . . . . : Thursday, September 26, 2013 8:26:44 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 357103795
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-D3-C1-E8-C8-1F-66-03-99-4A

   DNS Servers . . . . . . . . . . . : 192.168.1.4
                                       8.8.8.8
                                       8.8.4.4
   Primary WINS Server . . . . . . . : 192.168.1.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

 

[Mister Natural]

You need to get rid of those google dns servers. Those should only be used as forwarders in the dns settings of your server. Your dns server should also be pointing to itself for dns requests.

 

[no_control]

Yup get rid of the google IPs from your DNS settings and set them up as forwarders. Link here Should be client -> DNS server (local resolution) -> Forward to outside DNS (external resolution). Depending on the lease time from the DHCP the change may not happen until the change expires on all of the clients.

 

[AnotherUser]

You need to get rid of those google dns servers. Those should only be used as forwarders in the dns settings of your server. Your dns server should also be pointing to itself for dns requests.

I'm just going to have to stop in there and re-setup the network/routers, this double NAT is causing a headache.

Now it's passing that 254.254 down.

Config: http://i.imgur.com/hsJ9dVl.jpg (I tried filling all fields with the same IP but it still pushes the 254.254)

DNS Servers . . . . . . . . . . . : 192.168.1.4
                                    192.168.254.254

 

[Mister Natural]

Your picture shows that your router is not manually configured with a static IP and dhcp is enabled on the device. (Automatic Configuration - DHCP) You should also use your server for dhcp and turn it off on the router. You have dhcp server enabled on the router. If this router is your gateway you could actually put those google dns numbers in the router instead of the DNS server numbers from your lan. You can then also setup the router as a forwarder.

 

[AnotherUser]

Your picture shows that your router is not manually configured with a static IP and dhcp is enabled on the device. (Automatic Configuration - DHCP) You should also use your server for dhcp and turn it off on the router. You have dhcp server enabled on the router. If this router is your gateway you could actually put those google dns numbers in the router instead of the DNS server numbers from your lan. You can then also setup the router as a forwarder.

The router DOES have a static IP on the LAN side, it's getting a DHCP address on the WAN side. With clients pointing at the server for DNS, I shouldn't have to set any Google or External DNS nor setup forwarding on the router, the server should take care of that.

I plan on getting in there to fix this, not sure if that will fix the DNS issues or not.

 

[Hawkbox]

Did you setup a forwarder to an external DNS server? Cause if you're using root hints it's slow as shit.

 

[AnotherUser]

Did you setup a forwarder to an external DNS server? Cause if you're using root hints it's slow as shit.

I had not, makes sense though. I'd like to read more about this, when to use what, etc if anyone has a good link or two. I did make the change, will see if that helps for external queries, I did noticed it randomly selected some junk IP addresses internally, that may have been causing the issue.

 

[AnotherUser]

I have not yet changed the network but after a few of the previously mentioned chnages the PC (one, for now) is able to nslookup and find the AD/DNS server. I will do further testing on other machines and continue to seek best practices.