Results 1 to 11 of 11
  1. #1

    DNS server for my datacenter

    Hello

    I have a very small datacenter, I have been using our ISPs dns server so far, but yesterday I configured a server to run dns service on it, I tested it but it seems something is missing,

    OS, Windows Server 2008 Enterprise, Ms DNS Server

    I assigned a static IP to the server,(the IP is reachable from internet) and for the dns server I pointed it to itself then I created forward and reverse zone, for forward a created a zone with the name of our domain then an A record in it named NS1 which points to the server IP I also created its PTR record as well, the dynamic update is disabled ! and I also put my ISP dns servers as my forwarders !

    It shows that its connected to the internet and I can ping the other server's IP addresses but it doesnt open any website.
    Another question ! do I need to enable dynamic update on my dns which is going to be my DC dns ?
    Do I need to add forwarders ? should they be my ISP DNSs ?

    Thanks

  2. #2
    Join Date
    Nov 2007
    Location
    West Palm Beach, FL
    Posts
    275
    What you're describing should work out of the box like that. I would look at the following:

    1. In the properties for the DNS server, verify what IP addresses the DNS service is listening on.

    2. From command line, use NSLOOKUP to query the local DNS server for the zone(s) and record(s) you've added.

    3. Verify any error messages or notifications in the event viewer for the DNS service -- it has its own section for logs

    4. Use the tool built into the DNS service to run a diagnostic and evaluate it's ability to perform both local and recursive lookups.

    From those items you should be able to diagnose where the problem is. MS DNS is generally very easy to setup, so it's likely a simple issue that's accidentally being overlooked.

    Good luck -

    Wayne
    Applied Innovations (www.appliedi.net)
    Microsoft Gold Certified Hosting Partner, ASP.net Featured Host.
    Specializing in Windows Hosting since 1999.

  3. #3
    Thanks a lot Wayne

    I will check them as soon as I go to the datacenter, but I knwo that it was listening to all of IP addresses.
    Could you please tell me if I need to enable dynamic updates ? is it neccessary for a datacenter ? isnt it a security risk ?

    Do I have to have forwarders like to OpenDNS ?

    Thanks

  4. #4
    Join Date
    Nov 2007
    Location
    West Palm Beach, FL
    Posts
    275
    Quote Originally Posted by Wonders View Post
    Thanks a lot Wayne

    I will check them as soon as I go to the datacenter, but I knwo that it was listening to all of IP addresses.
    Could you please tell me if I need to enable dynamic updates ? is it neccessary for a datacenter ? isnt it a security risk ?

    Do I have to have forwarders like to OpenDNS ?

    Thanks
    No, you absolutely do not want to enable dynamic updates. That's a big security risk. You'd only ever do that if you were absolutely limiting what other DNS servers had access to do so and you explicitly trusted them.

    You should not need to use any forwarders. Out of the box, if the server does not contain the requested zone file, the DNS server should be able to query root servers (as your ISP's DNS servers would) for results. You'll typically see (from a Windows guys perspective) forwarders setup when MS DNS is being used in Active Directory scenarios fowarding request to other primary and secondary AD integrated DNS servers (querying the rest of the AD forest).

    I'm guessing either you don't have recursion enabled (if you're not able to get results for external domains) or you simply don't have the zone setup correctly if you can't query something within the DNS server itself. And on another note, you really want to limit recursive queries to only IP addresses within your subnets. You don't want random external IP's querying the server for other external domains (using you server as a public DNS service). You'd either disable recursion and only use the DNS service to resolve local domains or use the firewall to limit/scope what IP's can access the service.

    Hope that helps -

    Wayne
    Applied Innovations (www.appliedi.net)
    Microsoft Gold Certified Hosting Partner, ASP.net Featured Host.
    Specializing in Windows Hosting since 1999.

  5. #5
    Join Date
    Feb 2011
    Posts
    669
    This is probably obvious but you did open up the DNS port in any firewall you are running?

    On another note, if you don't want to be dependent on your ISP you could use one of the many DNSServices like dnsmadeeasy. For machines needing DNS just have them use google open DNS at 8.8.8.8 and 8.8.4.4 fast and reliable.

    Remember if you are doing your own DNS you will need a secondary some place (ISP??)

  6. #6
    Join Date
    Jun 2011
    Location
    the Earth
    Posts
    8
    Quote Originally Posted by Wonders View Post
    Hello

    I have a very small datacenter, I have been using our ISPs dns server so far, but yesterday I configured a server to run dns service on it, I tested it but it seems something is missing,

    OS, Windows Server 2008 Enterprise, Ms DNS Server

    I assigned a static IP to the server,(the IP is reachable from internet) and for the dns server I pointed it to itself then I created forward and reverse zone, for forward a created a zone with the name of our domain then an A record in it named NS1 which points to the server IP I also created its PTR record as well, the dynamic update is disabled ! and I also put my ISP dns servers as my forwarders !

    It shows that its connected to the internet and I can ping the other server's IP addresses but it doesnt open any website.
    Another question ! do I need to enable dynamic update on my dns which is going to be my DC dns ?
    Do I need to add forwarders ? should they be my ISP DNSs ?

    Thanks
    Do you try "Simple DNS Plus" for your IDC DNS server? This programe is very easy to setup and use

  7. #7
    Quote Originally Posted by AI-Wayne View Post
    No, you absolutely do not want to enable dynamic updates. That's a big security risk. You'd only ever do that if you were absolutely limiting what other DNS servers had access to do so and you explicitly trusted them.

    You should not need to use any forwarders. Out of the box, if the server does not contain the requested zone file, the DNS server should be able to query root servers (as your ISP's DNS servers would) for results. You'll typically see (from a Windows guys perspective) forwarders setup when MS DNS is being used in Active Directory scenarios fowarding request to other primary and secondary AD integrated DNS servers (querying the rest of the AD forest).

    I'm guessing either you don't have recursion enabled (if you're not able to get results for external domains) or you simply don't have the zone setup correctly if you can't query something within the DNS server itself. And on another note, you really want to limit recursive queries to only IP addresses within your subnets. You don't want random external IP's querying the server for other external domains (using you server as a public DNS service). You'd either disable recursion and only use the DNS service to resolve local domains or use the firewall to limit/scope what IP's can access the service.

    Hope that helps -

    Wayne
    Thanks a lot Wayne
    The reason I asked about Dynamic updates was that I thought in a datacenter if a dedicated server created a dns record in their controlpanle like Plesk the record willb e created int eh main dns server of the datacenter as well ! (Which in this case if we are using ISP's dns server, the records will be created int heir dns) isnt it like that or Im wrong ? I want to be able to act as a proper DC datacenter and as I own my blocvk of IPs from RIPE I want be able to create PTR records on my DNS server !

    Yes the recursion was enabled ! but you say that If I enable recursion I dont need to have forwarders ! right ?

    You mean if I disable Recursive, I can still act like the main DNS server and create PTR records for my clients ? because at the moment for our previouse block of IP we have to ask our ISP to create the PTR records for us ! I want every server in our datacenter point their dns server setting to our new dns server !
    so they should be able to brwose internet and resolve their queries! btw I have heard that If we are setting up a DNS server on a range of IP that is assigned by RIPE we have to announce teh DNS server on RIPE website portal ! is it true ?

    Quote Originally Posted by david_halliday View Post
    This is probably obvious but you did open up the DNS port in any firewall you are running?

    On another note, if you don't want to be dependent on your ISP you could use one of the many DNSServices like dnsmadeeasy. For machines needing DNS just have them use google open DNS at 8.8.8.8 and 8.8.4.4 fast and reliable.

    Remember if you are doing your own DNS you will need a secondary some place (ISP??)
    Thanks David , yes I ahve opened that ! its not the problem I want be able to create PTR records, and act as the main DNS server within my datacenter.

    Quote Originally Posted by server-hk View Post
    Do you try "Simple DNS Plus" for your IDC DNS server? This programe is very easy to setup and use
    Thanks , but I want to use a more professional server, as I have paid for my Server 2008 Ent I want to use all of its features

  8. #8
    Join Date
    Jun 2011
    Location
    the Earth
    Posts
    8
    Simple DNS Plus is very professional. You can config PTR and Geo-DNS!
    Also it support AAAA record for your IPv6 server too.
    We use it for our primary DNS server

  9. #9
    Join Date
    Nov 2007
    Location
    West Palm Beach, FL
    Posts
    275
    Quote Originally Posted by Wonders View Post
    Thanks a lot Wayne
    The reason I asked about Dynamic updates was that I thought in a datacenter if a dedicated server created a dns record in their controlpanle like Plesk the record willb e created int eh main dns server of the datacenter as well ! (Which in this case if we are using ISP's dns server, the records will be created int heir dns) isnt it like that or Im wrong ? I want to be able to act as a proper DC datacenter and as I own my blocvk of IPs from RIPE I want be able to create PTR records on my DNS server !
    I think if I'm understanding you correctly, the servers that run Plesk will have their own local DNS servers. You wouldn't run dynamic updates on your primary datacenter DNS server for them. If you wanted to act as their secondary name server, then you could allow for zone transfers. They'd need to be running MS DNS as well.


    Quote Originally Posted by Wonders View Post
    Yes the recursion was enabled ! but you say that If I enable recursion I dont need to have forwarders ! right ?
    If you enable recursion you don't need forwarders. The DNS server will be able to query root servers for responses it doesn't have in its local zones/records.

    Quote Originally Posted by Wonders View Post
    You mean if I disable Recursive, I can still act like the main DNS server and create PTR records for my clients ? because at the moment for our previouse block of IP we have to ask our ISP to create the PTR records for us ! I want every server in our datacenter point their dns server setting to our new dns server ! so they should be able to brwose internet and resolve their queries!
    Yes.

    Recursion On = provide answers for zones within the DNS server *AND* anything else.

    Recursion Off = only provide answers for DNS zones within that server. Everything else will not be known.


    Quote Originally Posted by Wonders View Post
    btw I have heard that If we are setting up a DNS server on a range of IP that is assigned by RIPE we have to announce teh DNS server on RIPE website portal ! is it true ?
    I can't answer that. Our NOC/IP admin would normally handle anything like that. I personally haven't heard of it, but that means nothing.
    Applied Innovations (www.appliedi.net)
    Microsoft Gold Certified Hosting Partner, ASP.net Featured Host.
    Specializing in Windows Hosting since 1999.

  10. #10
    Join Date
    Nov 2007
    Location
    West Palm Beach, FL
    Posts
    275
    Quote Originally Posted by AI-Wayne View Post
    Yes.

    Recursion On = provide answers for zones within the DNS server *AND* anything else.

    Recursion Off = only provide answers for DNS zones within that server. Everything else will not be known.
    Sorry, I misread that the first time. It's actually 'no'. With recursion off you'll only be serving requests for zone/records within that DNS server and nothing else.

    Wayne
    Applied Innovations (www.appliedi.net)
    Microsoft Gold Certified Hosting Partner, ASP.net Featured Host.
    Specializing in Windows Hosting since 1999.

  11. #11
    Thanks
    No , basically Plesk runs BIND DNS 9 , and dedicated servers for the dns server in their network connection is pointed to the main datacenter DNS, (Which in this case we are pointing the server's dns setting to our ISP DNS server)I dont know what software they are using as their DNS server.
    I want to change the server's network connection dns server settign to point to our new created dns server, and I want everything works like I was pointing them to our ISP's dns server.

    Thanks

Similar Threads

  1. Replies: 0
    Last Post: 05-12-2011, 01:49 PM
  2. Siterack.net - cPanel DNS Only - DNS Custer Server - $7.99/month
    By Siterack_net in forum Other Hosting Offers
    Replies: 0
    Last Post: 02-14-2011, 07:48 PM
  3. Datacenter IP Addressing and DNS Management
    By feri_2009 in forum Colocation and Data Centers
    Replies: 13
    Last Post: 01-07-2011, 02:44 PM
  4. Correct DNS server & hosting server DNS records ?
    By ramppi in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-14-2007, 05:55 AM
  5. Request: Multi datacenter DNS & Backup MX
    By Cyberbite in forum Other Web Hosting Related Offers
    Replies: 3
    Last Post: 09-19-2004, 11:06 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •