Super-Networking Blog

Well I just got through switching some 700+ domains from VegaDNS to our new Simple DNS Plus platform. Vega DNS ran on Linux and in a 99% Windows environment keeping Linux around just to run DNS was not viable. Simple DNS Plus running on Windows 2003 and is a simple, easy to manage, but powerful DNS solution.

VegaDNS was a complicated DNS program. Most people who run DNS on Linux run on some version of BIND. VegaDNS did run on BIND but did not take the simple approach of BIND. Basically how Vega worked was you take BIND, run TinyDNS on top of it, then run VegaDNS on top of TinyDNS. VegaDNS adds a web front-end and a MySQL back-end onto the BIND framework. You could keep all of the DNS servers insync off of that one MySQL database. It then kept local BIND files on the DNS server for serving up DNS. To maintain, backup and troubleshoot VegaDNS was complicated and annoying, to make things worst we had two installs of VegaDNS on all of our DNS servers with two different databases. If any one piece broke the whole thing became a mess.

Now everything is running on one program. Simple DNS Plus has master and slave servers and keeps all DNS servers synced. It keeps all of the data in one folder on all DNS servers, you backup that folder and you can have your entire DNS infrastructure rebuild in a matter of minutes. It can be managed with a Web front-end or a fat client, both are built-in. Import tools make migrations from other platforms easy. It has real-time DNS hit and cache stats as well as detailed logs if you want. It has built-in DOS mitigation and attack mitigation technics like telnet disconnect, version masking etc…

So far performance has been great and I would recommend to anyone looking for a solid Windows based DNS platform. Did I also mention that it is inexpensive. Check it out!

You hosting something on your home PC and the IP address keeps getting changed by your ISP? Check out this service called Dynamic DNS, it is a service that allows you to have a hostname permanently pointed back to your home computer even with a dynamic IP. How they do it is you install a client on your PC and as your IP address changes it update the service. Even better it is free for up to 5 hostname.

Well you come in and your Internet is slow across the board, doesn’t matter what website you are going to. Being an IT Professional and in my case the Network Admin I know I will hear about it. It is time to start checking it out even if it is just my PC.

First think I look at is there anything down, check Solarwinds Orion and everything is up, no events and everthing has been pretty quiet. Next I check for bandwidth, are we maxing out any of our links or Internet connections, answer no. Everything appears to be working, no errors, pings appear to be normal to outside world.

One thing a lot of people overlook, check your DNS server forwarders. A lot of the time in a Microsoft environment your PC will point to the Domain Controller which is running DNS and all of your DNS queries both internal and external will run through those servers. If you don’t want to deal with having your DCs connect directly to the DNS root servers, which can be a pain, you add in your ISP DNS servers as DNS query forwarders.

So try pinging all of your DNS forwarders and see if all of them are reachable, if one is down remove it from the list. I recommend having at least 3 of the in your list if possible. Even if they do respond to pings but are losing packets you don’t want to use them, DNS queries slow way down with packet loss. Hopefully you will find one that is having issues, you remove it and everything is working great.

This is by no means all the things that can go wrong or all the things you can check into but is a good high level start to troubleshooting this problem.

If you have a website and you want to make sure that anyone typing things like wwww.mydomain.com or ww.mydomain.com or even bob@mydomain.com put a wildcard entry in your DNS settings. Normally you would put an A record for www.mydomain.com and an A records for mydomain.com but you might miss mistypes. Another reason to use a wildcard dns entry would be if you have a ton of different A records that all point to the same place like 1.mydomain.com, 2.mydomain.com, 3.mydomain.com, 4.mydomain.com etc..

What you would want to do is create an A record for mydomain.com points to your website then create a cname record for *.mydomain.com pointing it to that a record you created. That way when you type in anything.mydomain.com it will point it to lookup mydomain.com.

One thing to watch out for when doing this is to have that A record in place before the cname record. If you don’t have the A record for mydomain.com and you create the cname record it can overstep all records for that domain. It can cause mx lookups, other A record lookups etc to be pointed to that cname. Ran into that one and since the mx record was pointed somewhere else when it was overstepped it broke incoming email for a while.

Ad - Listen to your Voicemail Online

If you setup a cname in DNS to point to a windows box you are unable to connect to the file shares using the Alias.

Workaround:

1) Start Regedit

2) Locate and click the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters

3) Add the following value

Value Name: DisableStrictNameChecking

Data Type: REG_DWORD

Radix: Decimal

Value: 1

Exit Regedit and Reboot your machine.

Microsoft Article

When you add a static nat in your Cisco router for one of your servers the router then knows the internal and external IP. When you do a DNS query on that server to an outside DNS server the router will translate your returned address to the internal IP for you. See below for the official explanation:

Q. Does Cisco IOS NAT support DNS queries?

A. Yes, Cisco IOS NAT does translate the address(es) which appear in DNS responses to name lookups (A queries) and inverse lookups (PTR queries). If an outside host sends a name-lookup to a DNS server on the inside, and that server responds with a local address, the NAT code translates that local address to a global address. The opposite is also true, and is how Cisco supports IP addresses that overlap. An inside host queries an outside DNS server, the response contains an address that matches the ACL specified on the outside source command, and the code translates the outside global address to an outside local address.

Time-to-live (TTL) values on all DNS resource records (RRs) which receive address translations in RR payloads are automatically set to zero.

Cisco IOS NAT does not translate IP addresses embedded in DNS zone transfers.

Found an issues with my companies external DNS yesterday that I would be curious to know how long it has been a problem. Our external DNS for my website had 5 name servers listed on the root DNS servers, 2 out of these 5 did not work. So theoretically all pages loads could have been taking a lot longer to load. In some of the testing I ran it would try to hit the first server that didn’t work then went to the 2nd server that didn’t working until is finally found a third server that could resolve the domain. This issue has been resolved now I am hoping; unfortunately I cannot look at it myself because another person in the department is in charge of DNS and does not share any info on it. From what I have seen on this DNS setup it is one big spider web and no-one really knows if all pieces are setup the same, let alone right. To the business I happen to work for this could be detrimental to the company since we rely on web traffic so heavily. It is my opinion that DNS is a very simple concept and should be very easy to setup right but without the access into the system my hands are tied. I get very frustrated when I know I can fix something or at least improve on it but am never given the chance.