DNS DHCP Domain

Ok this is going to be a bit confusing but here goes. I have a system
with a Windows 2003 R2 Server Running Active Directory to authenticate
all of our workstations which also run Windows (have to have it for
proprietary software or I would get rid of them.) next i have a Centos
5.2 machine which houses our Postfix Mailserver and houses our
Intranet Training Site.These are both at site one, subnet 10.0.1.X.
these connect to an Endian Firewall that uses a broadband connection
and a VPN tunnel to connect to our other site which has an Endian
firewall Subnet 10.0.2.X that connects to another Windows 2003 R2
Server. The Endians have DHCP running on them to assign IPS. i have a
couple problems, and most of it for lack of understanding right now.

1. When connected from outside the network to site 1 using a VPN
connection you cannot see site 2 at all. You can't ping the IP of any
machine except the Site 2 firewall or see any names. you can however
do so from inside the network.

2.On my Centos Machine at Site one, i cannot get ping any DNS names
not eve the windows server. i have the resolve.conf with the Search of
the domain and Nameserver pointing to the Endian and the Windows
Servers. This makes it difficult for any service i run (bacula client)
requiring a FQDN for the connection to another machine. From all the
windows machines on teh network you can ping the domain names btw.


resolve.conf

search nishna.org
nameserver 10.0.1.1 <<<Windows Server - DNS
nameserver 10.0.1.253 <<<<Centos Mail Server
nameserver 10.0.1.254 <<< Endian Firewall -- DHCP



Site two is
10.0.2.254 Endian Firewall with DHCP server
10.0.2.1 Windows 2003 R2 Server, just doing active directory for site
and authenticating users.

I have entered host entries on the Endian Firewall for mail << Centos
machine ; swcserver <<site 1 windows server ; rowcserver <<site 2
windows server.

We started this systems with just the Windows boxes with exchange on
site one. then added the firewall and then the mailserver. I am not
sure if the domains are correct on all the servers or even how to go
about checking them. i sort of had this system dumped in my lap and am
trying to figure out how to make it all play nice together. I keep
reading on DHCP and DNS and trying to figure out how they interact but
I keep changing one thing and thinking I have but but am at my wits
end. Then trying another. I am pretty decent at figuring out the how
things work but need a point in the right direction.

I know this deals with windows servers but the main thing I want is
for the linux machine to have dns info right.

Any help or info you need i will be glad to give.

Thanks

Woody

Sarconastic wrote:

> 1. When connected from outside the network to site 1 using a VPN
> connection you cannot see site 2 at all. You can't ping the IP of any
> machine except the Site 2 firewall or see any names. you can however
> do so from inside the network.

Is your VPN using the same address space as the site 1 LAN? And does the
site 2 firewall allow access from that address space? That'd be the first
place to look. Also you need to check if the VPN server allows access to
other VPNs.

>
> 2.On my Centos Machine at Site one, i cannot get ping any DNS names
> not eve the windows server. i have the resolve.conf with the Search of
> the domain and Nameserver pointing to the Endian and the Windows
> Servers. This makes it difficult for any service i run (bacula client)
> requiring a FQDN for the connection to another machine. From all the
> windows machines on teh network you can ping the domain names btw.
>
>
> resolve.conf
>
> search nishna.org
> nameserver 10.0.1.1 <<<Windows Server - DNS
> nameserver 10.0.1.253 <<<<Centos Mail Server
> nameserver 10.0.1.254 <<< Endian Firewall -- DHCP

Have you tried asking explicitly the windows server? Try
$ dig @10.0.1.1 hostname.domain.name
If that does not work, your windows server does not allow querying from the
CentOS machine.

>
>
>
> Site two is
> 10.0.2.254 Endian Firewall with DHCP server
> 10.0.2.1 Windows 2003 R2 Server, just doing active directory for site
> and authenticating users.
>
> I have entered host entries on the Endian Firewall for mail << Centos
> machine ; swcserver <<site 1 windows server ; rowcserver <<site 2
> windows server.
>
> We started this systems with just the Windows boxes with exchange on
> site one. then added the firewall and then the mailserver. I am not
> sure if the domains are correct on all the servers or even how to go
> about checking them. i sort of had this system dumped in my lap and am
> trying to figure out how to make it all play nice together. I keep
> reading on DHCP and DNS and trying to figure out how they interact but
> I keep changing one thing and thinking I have but but am at my wits
> end. Then trying another. I am pretty decent at figuring out the how
> things work but need a point in the right direction.

Look out for "DNS" in Start->Programs->Management (make that available in
your Startmenu's properties).

>
> I know this deals with windows servers but the main thing I want is
> for the linux machine to have dns info right.

You have to take into account that Windows Domain Members can (and usually
do) update their corresponding DNS entries in the Domain Master's DNS
configuration. Linux usually does not do that, so you'd better give your
Linux boxes fixed addresses (you can configure your DHCP to do so) and add
entries to the Windows DNS system.

DNS can be used by DHCP so you don't have to specify IP-addresses for known
hosts (like DNS servers, gateways, timeservers and so on), and ISC DHCPd
and ISC BIND (DNS) can be configured so the DHCP-server can update the DNS
zone upon issuing an address lease. Otherwise they are not related.

HTH,

Felix

On Oct 15, 12:20*pm, Felix Tiede <f.ti...@web.de> wrote:
> Is your VPN using the same address space as the site 1 LAN? And does the
> site 2 firewall allow access from that address space? That'd be the first
> place to look. Also you need to check if the VPN server allows access to
> other VPNs.


My Vpn is on teh same subnet as site 1 but with a 50 ip reservation.
>
> Have you tried asking explicitly the windows server? Try
> $ dig @10.0.1.1 hostname.domain.name
> If that does not work, your windows server does not allow querying from the
> CentOS machine.
>

I just tried this and it did work. But I have added an entry to the
resolve.conf of

'search npi.local'

The domain of the windows server and also an entry in the host file
for swcserver.npi.local to the ip 10.0.1.1. This allowed my Bacula
system to communicate with the client on the windows server and get it
running. But I know I still have some work to do. I think your
information below is a good starting point.


>
> Look out for "DNS" in Start->Programs->Management (make that available in
> your Startmenu's properties).
>
>

:-) ... ok i should explain, I am not that much of a Noob. I have done
a lot of work with the windows servers,no expert for sure, but on a
hunt and search basis. ie. something doesn't work... figure out how to
fix that problem, not the whole root problem, just that issue.. That's
the main issue. I have several job titles at my company (non-profit)
if that tells you anything. I just honestly have not have the time to
set down and fully understand how the entire DNS system should work. I
want to, just don't have the resources. For example, I am at home
right now replying to your response, since this is when I can stop,
SSH into my machines, and check out how the system ran today. or just
to play with stuff.

> You have to take into account that Windows Domain Members can (and usually
> do) update their corresponding DNS entries in the Domain Master's DNS
> configuration. Linux usually does not do that, so you'd better give your
> Linux boxes fixed addresses (you can configure your DHCP to do so) and add
> entries to the Windows DNS system.
>
> DNS can be used by DHCP so you don't have to specify IP-addresses for known
> hosts (like DNS servers, gateways, timeservers and so on), and ISC DHCPd
> and ISC BIND (DNS) can be configured so the DHCP-server can update the DNS
> zone upon issuing an address lease. Otherwise they are not related.

As time goes on i will figure this thing out. I have become a linux
convert, i wish i could just eliminate windows, or have the time to
really figure out how to integrate them the right way.

Question:

So the linux box cannot update it's DNS entries from the master DNS
server, or is there a way to do so? and if not then should I just
manually add them to the hosts file and call it good? i am only
dealing with one linux machine right now, aside from the firewalls,
and there there is only one linux workstation, and it's mine so that
one is not a real problem right now. I would like to get everything
setup the correct way though.


Thanks Felix for your response, it s very much appreciated. Hopefully
I can learn a little
>
> HTH,
>
> Felix- Hide quoted text -
>
> - Show quoted text -

Woody wrote:

> On Oct 15, 12:20Â*pm, Felix Tiede <f.ti...@web.de> wrote:
>> Is your VPN using the same address space as the site 1 LAN? And does the
>> site 2 firewall allow access from that address space? That'd be the first
>> place to look. Also you need to check if the VPN server allows access to
>> other VPNs.
>
>
> My Vpn is on teh same subnet as site 1 but with a 50 ip reservation.

So that should not be the problem, look if your VPN server allows
communication with connected LANs and other VPNs, at least OpenVPN has
configuration to forbid such communication.

>>
[snip]
>>
>> Look out for "DNS" in Start->Programs->Management (make that available in
>> your Startmenu's properties).
>>
>>
>
> :-) ... ok i should explain, I am not that much of a Noob. I have done
> a lot of work with the windows servers,no expert for sure, but on a
> hunt and search basis. ie. something doesn't work... figure out how to
> fix that problem, not the whole root problem, just that issue.. That's
> the main issue. I have several job titles at my company (non-profit)
> if that tells you anything. I just honestly have not have the time to
> set down and fully understand how the entire DNS system should work. I
> want to, just don't have the resources. For example, I am at home
> right now replying to your response, since this is when I can stop,
> SSH into my machines, and check out how the system ran today. or just
> to play with stuff.

Sorry, I did not mean any offence ;-)

>
[snip]
>
> Question:
>
> So the linux box cannot update it's DNS entries from the master DNS
> server, or is there a way to do so? and if not then should I just
> manually add them to the hosts file and call it good? i am only
> dealing with one linux machine right now, aside from the firewalls,
> and there there is only one linux workstation, and it's mine so that
> one is not a real problem right now. I would like to get everything
> setup the correct way though.

At least I've not yet found out, how. But then for servers it is usually not
necessary, they should have fixed IPs anyway, if for no else reason then
because of port forwarding at the router(s)...

So adding them manually to the Windows DNS server(s) should be good enough.

As long as every host is in the DNS, it's a correct setup. It just gets a
PITA if you have a large number of hosts not using automatic DNS
registration and they're changing their IP a lot ;-)

Felix