DNS DHCP Domain - Networking

This is a discussion on DNS DHCP Domain - Networking ; Ok this is going to be a bit confusing but here goes. I have a system with a Windows 2003 R2 Server Running Active Directory to authenticate all of our workstations which also run Windows (have to have it for ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: DNS DHCP Domain

  1. DNS DHCP Domain

    Ok this is going to be a bit confusing but here goes. I have a system
    with a Windows 2003 R2 Server Running Active Directory to authenticate
    all of our workstations which also run Windows (have to have it for
    proprietary software or I would get rid of them.) next i have a Centos
    5.2 machine which houses our Postfix Mailserver and houses our
    Intranet Training Site.These are both at site one, subnet 10.0.1.X.
    these connect to an Endian Firewall that uses a broadband connection
    and a VPN tunnel to connect to our other site which has an Endian
    firewall Subnet 10.0.2.X that connects to another Windows 2003 R2
    Server. The Endians have DHCP running on them to assign IPS. i have a
    couple problems, and most of it for lack of understanding right now.

    1. When connected from outside the network to site 1 using a VPN
    connection you cannot see site 2 at all. You can't ping the IP of any
    machine except the Site 2 firewall or see any names. you can however
    do so from inside the network.

    2.On my Centos Machine at Site one, i cannot get ping any DNS names
    not eve the windows server. i have the resolve.conf with the Search of
    the domain and Nameserver pointing to the Endian and the Windows
    Servers. This makes it difficult for any service i run (bacula client)
    requiring a FQDN for the connection to another machine. From all the
    windows machines on teh network you can ping the domain names btw.


    resolve.conf

    search nishna.org
    nameserver 10.0.1.1 << nameserver 10.0.1.253 <<< nameserver 10.0.1.254 <<< Endian Firewall -- DHCP



    Site two is
    10.0.2.254 Endian Firewall with DHCP server
    10.0.2.1 Windows 2003 R2 Server, just doing active directory for site
    and authenticating users.

    I have entered host entries on the Endian Firewall for mail << Centos
    machine ; swcserver < windows server.

    We started this systems with just the Windows boxes with exchange on
    site one. then added the firewall and then the mailserver. I am not
    sure if the domains are correct on all the servers or even how to go
    about checking them. i sort of had this system dumped in my lap and am
    trying to figure out how to make it all play nice together. I keep
    reading on DHCP and DNS and trying to figure out how they interact but
    I keep changing one thing and thinking I have but but am at my wits
    end. Then trying another. I am pretty decent at figuring out the how
    things work but need a point in the right direction.

    I know this deals with windows servers but the main thing I want is
    for the linux machine to have dns info right.

    Any help or info you need i will be glad to give.

    Thanks

    Woody

  2. Re: DNS DHCP Domain

    Sarconastic wrote:

    > 1. When connected from outside the network to site 1 using a VPN
    > connection you cannot see site 2 at all. You can't ping the IP of any
    > machine except the Site 2 firewall or see any names. you can however
    > do so from inside the network.


    Is your VPN using the same address space as the site 1 LAN? And does the
    site 2 firewall allow access from that address space? That'd be the first
    place to look. Also you need to check if the VPN server allows access to
    other VPNs.

    >
    > 2.On my Centos Machine at Site one, i cannot get ping any DNS names
    > not eve the windows server. i have the resolve.conf with the Search of
    > the domain and Nameserver pointing to the Endian and the Windows
    > Servers. This makes it difficult for any service i run (bacula client)
    > requiring a FQDN for the connection to another machine. From all the
    > windows machines on teh network you can ping the domain names btw.
    >
    >
    > resolve.conf
    >
    > search nishna.org
    > nameserver 10.0.1.1 << > nameserver 10.0.1.253 <<< > nameserver 10.0.1.254 <<< Endian Firewall -- DHCP


    Have you tried asking explicitly the windows server? Try
    $ dig @10.0.1.1 hostname.domain.name
    If that does not work, your windows server does not allow querying from the
    CentOS machine.

    >
    >
    >
    > Site two is
    > 10.0.2.254 Endian Firewall with DHCP server
    > 10.0.2.1 Windows 2003 R2 Server, just doing active directory for site
    > and authenticating users.
    >
    > I have entered host entries on the Endian Firewall for mail << Centos
    > machine ; swcserver < > windows server.
    >
    > We started this systems with just the Windows boxes with exchange on
    > site one. then added the firewall and then the mailserver. I am not
    > sure if the domains are correct on all the servers or even how to go
    > about checking them. i sort of had this system dumped in my lap and am
    > trying to figure out how to make it all play nice together. I keep
    > reading on DHCP and DNS and trying to figure out how they interact but
    > I keep changing one thing and thinking I have but but am at my wits
    > end. Then trying another. I am pretty decent at figuring out the how
    > things work but need a point in the right direction.


    Look out for "DNS" in Start->Programs->Management (make that available in
    your Startmenu's properties).

    >
    > I know this deals with windows servers but the main thing I want is
    > for the linux machine to have dns info right.


    You have to take into account that Windows Domain Members can (and usually
    do) update their corresponding DNS entries in the Domain Master's DNS
    configuration. Linux usually does not do that, so you'd better give your
    Linux boxes fixed addresses (you can configure your DHCP to do so) and add
    entries to the Windows DNS system.

    DNS can be used by DHCP so you don't have to specify IP-addresses for known
    hosts (like DNS servers, gateways, timeservers and so on), and ISC DHCPd
    and ISC BIND (DNS) can be configured so the DHCP-server can update the DNS
    zone upon issuing an address lease. Otherwise they are not related.

    HTH,

    Felix

  3. Re: DNS DHCP Domain

    On Oct 15, 12:20*pm, Felix Tiede wrote:
    > Is your VPN using the same address space as the site 1 LAN? And does the
    > site 2 firewall allow access from that address space? That'd be the first
    > place to look. Also you need to check if the VPN server allows access to
    > other VPNs.



    My Vpn is on teh same subnet as site 1 but with a 50 ip reservation.
    >
    > Have you tried asking explicitly the windows server? Try
    > $ dig @10.0.1.1 hostname.domain.name
    > If that does not work, your windows server does not allow querying from the
    > CentOS machine.
    >


    I just tried this and it did work. But I have added an entry to the
    resolve.conf of

    'search npi.local'

    The domain of the windows server and also an entry in the host file
    for swcserver.npi.local to the ip 10.0.1.1. This allowed my Bacula
    system to communicate with the client on the windows server and get it
    running. But I know I still have some work to do. I think your
    information below is a good starting point.


    >
    > Look out for "DNS" in Start->Programs->Management (make that available in
    > your Startmenu's properties).
    >
    >


    :-) ... ok i should explain, I am not that much of a Noob. I have done
    a lot of work with the windows servers,no expert for sure, but on a
    hunt and search basis. ie. something doesn't work... figure out how to
    fix that problem, not the whole root problem, just that issue.. That's
    the main issue. I have several job titles at my company (non-profit)
    if that tells you anything. I just honestly have not have the time to
    set down and fully understand how the entire DNS system should work. I
    want to, just don't have the resources. For example, I am at home
    right now replying to your response, since this is when I can stop,
    SSH into my machines, and check out how the system ran today. or just
    to play with stuff.

    > You have to take into account that Windows Domain Members can (and usually
    > do) update their corresponding DNS entries in the Domain Master's DNS
    > configuration. Linux usually does not do that, so you'd better give your
    > Linux boxes fixed addresses (you can configure your DHCP to do so) and add
    > entries to the Windows DNS system.
    >
    > DNS can be used by DHCP so you don't have to specify IP-addresses for known
    > hosts (like DNS servers, gateways, timeservers and so on), and ISC DHCPd
    > and ISC BIND (DNS) can be configured so the DHCP-server can update the DNS
    > zone upon issuing an address lease. Otherwise they are not related.


    As time goes on i will figure this thing out. I have become a linux
    convert, i wish i could just eliminate windows, or have the time to
    really figure out how to integrate them the right way.

    Question:

    So the linux box cannot update it's DNS entries from the master DNS
    server, or is there a way to do so? and if not then should I just
    manually add them to the hosts file and call it good? i am only
    dealing with one linux machine right now, aside from the firewalls,
    and there there is only one linux workstation, and it's mine so that
    one is not a real problem right now. I would like to get everything
    setup the correct way though.


    Thanks Felix for your response, it s very much appreciated. Hopefully
    I can learn a little
    >
    > HTH,
    >
    > Felix- Hide quoted text -
    >
    > - Show quoted text -




  4. Re: DNS DHCP Domain

    Woody wrote:

    > On Oct 15, 12:20*pm, Felix Tiede wrote:
    >> Is your VPN using the same address space as the site 1 LAN? And does the
    >> site 2 firewall allow access from that address space? That'd be the first
    >> place to look. Also you need to check if the VPN server allows access to
    >> other VPNs.

    >
    >
    > My Vpn is on teh same subnet as site 1 but with a 50 ip reservation.


    So that should not be the problem, look if your VPN server allows
    communication with connected LANs and other VPNs, at least OpenVPN has
    configuration to forbid such communication.

    >>

    [snip]
    >>
    >> Look out for "DNS" in Start->Programs->Management (make that available in
    >> your Startmenu's properties).
    >>
    >>

    >
    > :-) ... ok i should explain, I am not that much of a Noob. I have done
    > a lot of work with the windows servers,no expert for sure, but on a
    > hunt and search basis. ie. something doesn't work... figure out how to
    > fix that problem, not the whole root problem, just that issue.. That's
    > the main issue. I have several job titles at my company (non-profit)
    > if that tells you anything. I just honestly have not have the time to
    > set down and fully understand how the entire DNS system should work. I
    > want to, just don't have the resources. For example, I am at home
    > right now replying to your response, since this is when I can stop,
    > SSH into my machines, and check out how the system ran today. or just
    > to play with stuff.


    Sorry, I did not mean any offence ;-)

    >

    [snip]
    >
    > Question:
    >
    > So the linux box cannot update it's DNS entries from the master DNS
    > server, or is there a way to do so? and if not then should I just
    > manually add them to the hosts file and call it good? i am only
    > dealing with one linux machine right now, aside from the firewalls,
    > and there there is only one linux workstation, and it's mine so that
    > one is not a real problem right now. I would like to get everything
    > setup the correct way though.


    At least I've not yet found out, how. But then for servers it is usually not
    necessary, they should have fixed IPs anyway, if for no else reason then
    because of port forwarding at the router(s)...

    So adding them manually to the Windows DNS server(s) should be good enough.

    As long as every host is in the DNS, it's a correct setup. It just gets a
    PITA if you have a large number of hosts not using automatic DNS
    registration and they're changing their IP a lot ;-)

    Felix

+ Reply to Thread