Server 2012 Essentials - AD/DNS Issues

Discussion in 'Networking & Security' started by AnotherUser, Sep 24, 2013.

  1. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    Network - 192.168.1.0/24 Router - 192.168.1.1 Server - 192.168.1.4 DNS - 192.168.1.4 DHCP - 192.168.1.1

    **NOTE - Tracert shows "double NAT", network before 192.168.1.1 is 192.168.254.254, I cannot change this from my current position but can in the future.

    I have a domain setup, we'll call it 123.local, server name is WINSVR1. AD promotion was setup which then setup DNS. Router is setup to hand out 1.4 as the DNS server.

    DNS queries in the browser seem fast and fine but NSLOOKUP queries have issues and I also cannot locate the local server when I'm trying to join PCs to the domain.

    Here's a nslookup I tested from a client, unvisited before.
    Code:
    cbs.com Server: UnKnown Address: 192.168.1.4
    
    DNS request timed out. timeout was 2 seconds. 
    DNS request timed out. timeout was 2 seconds. 
    DNS request timed out. timeout was 2 seconds. 
    DNS request timed out. timeout was 2 seconds. 
    *** Request to UnKnown timed-out cbs.com Server:
     UnKnown Address: 192.168.1.4
    
    Non-authoritative answer: Name: cbs.com Addresses: 64.30.228.50 64.30.228.49
    
    I can ping 123.local and nslookup 123.local along with winsvr1.123.local FROM THE SERVER but I cannot ping or nslookup either from a client. I can ping WINSVR1 (not FQDN) but that's probably from WINS or something.

    DNS server logs I see the following: The DNS Server encountered a bad packet form 192.168.1.1. Packet processing leads beyond packet length. The vent data contains the DNS packet.

    Not sure what the cause is there but there are a lot of entries for that.

    I'm sure I'm missing something, let me know what you need to know.

    Thanks
     
  2. dbwillis

    dbwillis [H]ardness Supreme

    Messages:
    7,023
    Joined:
    Jul 9, 2002
    Clients should be getting the DNS from the server, especially if you want clients to connect/use the server, especially for logons, policies, etc.
    Im guessing the .254.254 is a uverse/att device?
    Turn off the DHCP on the .254 device *or* add your current router into the DMZ type zone
    Server should be sending out DHCP info
    192.168.1.4 as DNS
    192.168.254.254 as gateway (or is you can do the DMZ mode use 192.168.1.1)
    255.255.255.0 as subnet
     
    Last edited: Sep 24, 2013
  3. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    Why 1.1 as DNS? Server is 1.4. Also, the 254.254 is coming from a Windstream Modem/Gateway, it's handling the DSL connection, then it's handing down 254.1 to the WAN port of the Linksys. Default gatway of that Linksys is 254.254 of the first router but I don't see how that portion would cause the issue.
     
  4. dbwillis

    dbwillis [H]ardness Supreme

    Messages:
    7,023
    Joined:
    Jul 9, 2002
    sorry, type, meant the server as DNS (1.4)
    its best to get rid of the double NAT, either use the Windstream as the router/gateway or use the Linksys.
    You should be able to turn off DHCP on the Linksys and use it as simple switch (as long as the Windstream is doing the dsl user/pass auth) by plugging the windstream into a LAN port of the Linksys, then the windstream will do DHCP on the network.

    Or turn off the do the DMZ option (if available) in the windstream, turn off DHCP on the Linksys and use the server for dhcp.

    end result is you want whatever is handing out DHCP addresses , to also provide the server as the DNS IP.
     
  5. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    When I get the chance to stop in the shop I will likely make the Linksys a dumb switch but in the mean time, the DHCP device for the "network" is also handing out the right IPCONFIG information. External DNS does work, it's just slow at NSLOOKUP queries sometimes.
     
  6. dbwillis

    dbwillis [H]ardness Supreme

    Messages:
    7,023
    Joined:
    Jul 9, 2002
    Sorry, I missed that part, whats the ipconfig from a client machine look like
     
  7. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    The DNS suffix "domain.invalid" I think is some how coming from the Windstream, maybe that IS some how passing bad info along.

    Code:
    
    Wireless LAN adapter Wireless Network Connection:
    
       Connection-specific DNS Suffix  . : domain.invalid
       Description . . . . . . . . . . . : Linksys AE2500
       Physical Address. . . . . . . . . : [DELETED]
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : 
       IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Wednesday, September 25, 2013 8:26:45 AM
       Lease Expires . . . . . . . . . . : Thursday, September 26, 2013 8:26:44 AM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 357103795
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-D3-C1-E8-C8-1F-66-03-99-4A
    
       DNS Servers . . . . . . . . . . . : 192.168.1.4
                                           8.8.8.8
                                           8.8.4.4
       Primary WINS Server . . . . . . . : 192.168.1.4
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
     
  8. Mister Natural

    Mister Natural 2[H]4U

    Messages:
    3,549
    Joined:
    Oct 10, 2002
    You need to get rid of those google dns servers. Those should only be used as forwarders in the dns settings of your server. Your dns server should also be pointing to itself for dns requests.
     
    Last edited: Sep 25, 2013
  9. no_control

    no_control [H]ard|Gawd

    Messages:
    1,398
    Joined:
    Jul 6, 2006
    Yup get rid of the google IPs from your DNS settings and set them up as forwarders. Link here Should be client -> DNS server (local resolution) -> Forward to outside DNS (external resolution). Depending on the lease time from the DHCP the change may not happen until the change expires on all of the clients.
     
  10. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011

    I'm just going to have to stop in there and re-setup the network/routers, this double NAT is causing a headache.

    Now it's passing that 254.254 down.

    Config: http://i.imgur.com/hsJ9dVl.jpg (I tried filling all fields with the same IP but it still pushes the 254.254)

    Code:
    DNS Servers . . . . . . . . . . . : 192.168.1.4
                                        192.168.254.254
    
     
  11. Mister Natural

    Mister Natural 2[H]4U

    Messages:
    3,549
    Joined:
    Oct 10, 2002
    Your picture shows that your router is not manually configured with a static IP and dhcp is enabled on the device. (Automatic Configuration - DHCP) You should also use your server for dhcp and turn it off on the router. You have dhcp server enabled on the router. If this router is your gateway you could actually put those google dns numbers in the router instead of the DNS server numbers from your lan. You can then also setup the router as a forwarder.
     
  12. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    The router DOES have a static IP on the LAN side, it's getting a DHCP address on the WAN side. With clients pointing at the server for DNS, I shouldn't have to set any Google or External DNS nor setup forwarding on the router, the server should take care of that.

    I plan on getting in there to fix this, not sure if that will fix the DNS issues or not.
     
  13. Hawkbox

    Hawkbox n00bie

    Messages:
    59
    Joined:
    Apr 27, 2010
    Did you setup a forwarder to an external DNS server? Cause if you're using root hints it's slow as shit.
     
  14. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    I had not, makes sense though. I'd like to read more about this, when to use what, etc if anyone has a good link or two. I did make the change, will see if that helps for external queries, I did noticed it randomly selected some junk IP addresses internally, that may have been causing the issue.
     
  15. AnotherUser

    AnotherUser Limp Gawd

    Messages:
    137
    Joined:
    Oct 7, 2011
    I have not yet changed the network but after a few of the previously mentioned chnages the PC (one, for now) is able to nslookup and find the AD/DNS server. I will do further testing on other machines and continue to seek best practices.