Server 2012 R2 DNS issue

nutcase

nutcase

nutcase

Soldato
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
Hi all, if you've seen some of my threads before you'll know I'm a windows server noob who has thrown himself in at the deep end. I have one niggling issue I really want to get sorted with DNS. It just isn't working properly with IPv6 :(

I suspect there's a trust issue between my two DNS servers as when adding the second one to the name servers list I get this:

DNS.png


I've blanked part of the IPv6 address as I understand in theory this could be used as an external IP one day.

Can anyone give me a clue where to start looking to fix this one?

thanks :)
 
I haven't really done any work with IPv6 but I'd be checking the DNS service is listening on the IPv6 address and you have full IPv6 connectivity on the system.

Also, using .local for your domain isn't a great idea these days. Rename to a private sub-domain of a real domain if you can (a domain that you own of course).
 
If you are using old switches or routers these may not be passing/forwarding IPv6 packs correctly?

Also check firewall rules, some rules are IPv4 or IPv6 specific and you have to setup two rules one for each?
 
Shad said:
Also, using .local for your domain isn't a great idea these days. Rename to a private sub-domain of a real domain if you can (a domain that you own of course).
Click to expand...
Would you explain why you are making this recommendation? Am curious as I haven't come across this.
 
rotor said:
Would you explain why you are making this recommendation? Am curious as I haven't come across this.
Click to expand...

Having the same external and internal DNS name makes life a lot simpler when using services that rely on DNS like Exchange Activesync or Lync for example.

In your public DNS space you list the external IP addresses like you usually would but Internally you add the internal IP addresses of your servers.

depending on where you are connected will depend on which DNS you use and which address you get. This is also the preferred Microsoft way of doing things.


RE the original issue.... are they both server 2012? if so then the likelyhood is that they are not configured to listen for IPv6. check under the properties of the server name in DNS manager and check it it is bound to the right IP and the V6 IP is checked.

if the other server is 2003 then it will fail the v6.
 
Ploppy2k3 said:
Having the same external and internal DNS name makes life a lot simpler when using services that rely on DNS like Exchange Activesync or Lync for example.

In your public DNS space you list the external IP addresses like you usually would but Internally you add the internal IP addresses of your servers.

depending on where you are connected will depend on which DNS you use and which address you get. This is also the preferred Microsoft way of doing things.
Click to expand...
Found it:
http://technet.microsoft.com/en-us/library/cc726016(v=ws.10).aspx

Quote: "We recommend that you use DNS names that are registered with an Internet authority in the Active Directory namespace. Only registered names are guaranteed to be globally unique. If another organization later registers the same DNS domain name (or if your organization merges with, acquires, or is acquired by another company that uses the same DNS name), the two infrastructures cannot interact with one another."

and: "Also, we do not recommend using unregistered suffixes, such as .local."

Thanks for that! Shall bear it in mind; not that you get that many opportunities to start a new forest from scratch! =)
 
Ploppy2k3 said:
and yet if you go back to Server 2003 and SBS they recommend it 100%. you can see why people get confused!
Click to expand...
you just have to look at the dates on the articles. But yeah, that's why I say I'm glad you pointed it out! Just passed it around to workmates and they were all surprised as well.
 
Thanks all - will have a look when I get home.

Ref .local I did almost go for my .com domain name but after reading something somewhere that said not to I didn't. Figures :D
 
Either register a separate domain to use internally and don't publish any public DNS records for it, or use something like ad.company.com

Otherwise you'll never get a valid SSL cert for it.
 
I think that's something for much further down the line for me to worry about.

Meanwhile - DNS issues solved - well almost. Down to two BPA errors - I put the Google IPv6 dns servers in for conditional forwarders and unsurprisingly they aren't responding as I've not configured my router to deal with IPv6 as yet.

Turns out what I had done was where I *thought* I had both IPv4 and IPv6 on my secondary DNS set to listen I'd missed the IPv6 one off :rolleyes: so bang on Shad, thank you :)
 
Rather than proud of this screenshot :D

DNS.png


Considering I'd never touched Windows server a few months ago and have had nothing but google (and you guys of course!) to help.

I'm now running 3 2K12R2 VMs -

DC/DNS
DC/DNS/File storage
RDP (with a whole 1 CAL for when I'm away or my wife is away)

and another 2K12R2 box running as backup server offsite at my parents through VPN

It's a better setup than at work :D
 
You must log in or register to reply here.
Back
Top Bottom