Re: DNS Over a Segment

From: Herb Martin (news_at_LearnQuick.com)
Date: 02/22/05 

Date: Mon, 21 Feb 2005 18:32:33 -0600

"Carl" <Carl@discussions.microsoft.com> wrote in message
news:B8C327E8-B594-42C3-92BC-607B8EA45214@microsoft.com...
> Herb,
>
> I pasted the CISCO router configs from both sides of the T-1 link at the
> bottom of this post. I pasted ipconfig /all's from a segment-1 PC that is
> working fine and also a segment-2 PC that works fine except it can not see
or
> even ping the Internet router. I also pasted the same info from my DC/DNS
> server.

I can go wade through that but it doesn't
really matter until you straighten out the
physical connectivity...and you didn't answer
my question about the assigned address(es)
and subnet mask from your ISP.

The only parts I will likely need from the Cisco
are the basic IP settings and the Routing table
(or how you set it.)

I can search for that but there is no reason to
do this until you have the network figured out
physically. 

-- 
Herb Martin
>
>
>
>
> "Herb Martin" wrote:
>
> > "Bill" <Bill@discussions.microsoft.com> wrote in message
> > news:E0A2DECA-3FB0-4F7C-B311-CF10F8735CE5@microsoft.com...
> > >
> > >
> > > "Herb Martin" wrote:
> > >
> > > > My comment are inline below but a quick looks says
> > > > the following is going to be your problem:
> > > >
> > > >     THE ISP router is the MIDDLE router and it must
> > > >     have it's routing table change to use the scheme you
> > > >     are using (with another net behind your connected
> > > >     router).  You probably cannot fix that so will
> > > >     likely need to re-configure your net.
> > >
> > > Thanks Herb, I appreciate your time and patience in what I orig.
thought
> > was
> > > a small matter.
> > >
> > > Ok, when you say I'll need to re-configure my net, are you referring
to
> > the
> > > routers only or are there other things that need fix'ed?
> >
> > The routers at least -- that is what I was referring to.
> >
> > I also was putting off your DNS refences until we get
> > the routing to work.
> >
> > > Do you still want me to post the ipconfig /all for the PC's/server
> > > in-question?
> >
>
> > What comes first is probably connecting the equipment.
>
> The equipment is installed and operating but obviously not configured
> correctly!  Lots of hair pulled over this!
>
> >
> > You might also tell me what address ranges your ISP
> > provided you WITH subnet mask so I can figure out
> > that is really legal/workable for you.
>
> I don't have any range of addresses from my ISP.  All I have is their
> dynamic IP in the ISP Router on the WAN side.  I have a static IP of
> 172.20.100.200 255.255.0.0 in the ISP Router LAN side.
>
>
> >
> > I suspect that you need to pull those server behind the
> > router -- need, not just "should."
> >
> > -- 
> > Herb Martin
> >
> >
> > "Bill" <Bill@discussions.microsoft.com> wrote in message
> > news:E0A2DECA-3FB0-4F7C-B311-CF10F8735CE5@microsoft.com...
> > >
> > >
> > > "Herb Martin" wrote:
> > >
> > > > My comment are inline below but a quick looks says
> > > > the following is going to be your problem:
> > > >
> > > >     THE ISP router is the MIDDLE router and it must
> > > >     have it's routing table change to use the scheme you
> > > >     are using (with another net behind your connected
> > > >     router).  You probably cannot fix that so will
> > > >     likely need to re-configure your net.
> > >
> > > Thanks Herb, I appreciate your time and patience in what I orig.
thought
> > was
> > > a small matter.
> > >
> > > Ok, when you say I'll need to re-configure my net, are you referring
to
> > the
> > > routers only or are there other things that need fix'ed?
> > >
> > > Do you still want me to post the ipconfig /all for the PC's/server
> > > in-question?
> > >
> > > >
> > > > "Bill" <Bill@discussions.microsoft.com> wrote in message
> > > > news:5596661C-C951-42CE-BB94-4D7C8FFDDE4D@microsoft.com...
> > > > >
> > > > >
> > > > > "Herb Martin" wrote:
> > > > >
> > > > > > "Bill" <Bill@discussions.microsoft.com> wrote in message
> > > > > > news:804FFE55-0800-4665-9ABC-69237FB586B1@microsoft.com...
> > > > > > > Hi,
> > > > > > >
> > > > > > > I have a problem where I can not ping (IP or Name) my internet
> > router
> > > > from
> > > > > > > segment-2.  I can ping other IP's on segment-1 from segment-2,
> > just
> > > > not
> > > > > > the
> > > > > > > ISP router.
> > > > > >
> > > > [dhcp stuff remove]
> > > >
> > > >
> > > > > This is my config on segment-1 (CISCO-1):
> > > > > (Everything works fine on this side)
> > > > > Win2k DC Server 172.20.100.2
> > > > > DNS Server      172.20.100.2
> > > > > Cisco-1 router  172.20.100.10
> > > > > ISP Router      172.20.100.200
> > > > > >
> > > >
> > > > > >     ISP<-->Cisco--DC + DNS
> > > >
> > > > Ok, I understand the above is INCORRECT and the
> > > > following is correct -- the above it what you
> > > > should likely use for many reasons.
> > > >
> > > >
> > > > > The config below describes my setup:
> > > > > > Yes all four? machines are using addresses that are
> > > > > > (likely) on the same subnet which would mean this:
> > > > > >
> > > > > >     ISP< -- DC + DNS -->Cisco
> > > > > >     (with the servers on an EXTERIOR subnet
> > > >
> > > > Ok, this is your net -- and I had a type in my parenthesis
> > > > (correct now) -- your servers (DNS an DC) are OUTSIDE
> > > > of your own gateway and should probably NOT be located
> > > > there.
> > > >
> > > > It causes many problems from routing to security.
> > > >
> > > > > > It is also odd that the ISP is using a address that is
> > > > > > unroutable on the Internet but maybe you just tried to
> > > > > > hide your real addresses and picked this.  It is really
> > > > > > best if you give us your real settings and do not even
> > > > > > TYPE them in but give us the actual output of the
> > > > > > commands (cut and paste, or redirect to a file).
> > > > >
> > > > > I'm not at the site today but will past info when I get there in
the
> > next
> > > > > day or so.
> > > > >
> > > > > The ISP IP addr is the static IP for the LAN side.  All segments
are
> > using
> > > > a
> > > > > class-B subnet.
> > > > >
> > > > >
> > > > > >
> > > > > > Also note:  according to the above addresses, you have
> > > > > > two different servers:  DC and DNS using the same
> > > > > > address.
> > > > > >
> > > > >
> > > > >
> > > > > This is my config on segment-2:
> > > > > (Everything works fine on this side except can't ping ISP router,
can
> > ping
> > > > > W2k server & routers on both sides)
> > > > > Cisco router    172.21.100.10
> > > > >
> > > > >
> > > > > >
> > > > > > Chances are you never added a route to the
> > > > > > (intermediate) router for the most interior networks
> > > > > > but your report is very confusing so this is difficult
> > > > > > to say definitively.
> > > > >
> > > > >
> > > > > I havent added any routes.  The only thing I have done was to use
a
> > > > > forwarder on my DNS server to the ISP IP (Static LAN IP).
Everything
> > is
> > > > > working fine on that side.
> > > >
> > > > DNS is irrelevant until you get the routing working.
> > > >
> > > > > > > Network LAN connection config on Segment-2 PC's:
> > > > > > > Gateway 172.21.10.2
> > > > > > > DNS     172.20.10.1
> > > > > >
> > > > > >
> > > > > > > I tried setting the ISP IP as a second gateway in the LAN
setup
> > but
> > > > that
> > > > > > > made no difference.
> > > > > >
> > > > > > Two (or more default gateways) have NO effect if
> > > > > > the first is ALIVE (answering, working).
> > > > > >
> > > > > > You can only have ONE DEFAULT gateway ACTIVE
> > > > > > at a time.  The others are for backup in case the first one
> > > > > > fails.
> > > > >
> > > > > Ok.  My PC LAN gateway's are pointing to my ISP router
> > (172.20.100.200)
> > > > and
> > > > > working fine on segment-1.  A couple of PC's on Segment-1 also
need to
> > see
> > > > > files on Segment-2.  WHat I did for those units is have the
Segment-2
> > > > router
> > > > > IP (172.21-100-10 as the default GW and the ISP router IP
> > (172.20.100.200)
> > > > as
> > > > > the second GW.  (This is working ok but may not be setup the best
way
> > > > either)
> > > >
> > > > That is almost never correct.  PCs should be behind
> > > > your router and use IT for their Default Gateway IF
> > > > they are directly connected -- otherwise use the nearest
> > > > adjacent router which will forward up the chain to the
> > > > internet.
> > > >
> > > > Inner "middle" routers must have static routes (or dynamic
> > > > routing protocols configured and working.)
> > >
> > > It looks like I'll need to find a CISCO tech to help with setting up
the
> > > CISCO routers.  With the exception of the new ISP router, this was all
> > > in-place when I inherrited the network.
> > >
> > > Thanks!
> > > Bill
> > >
> > >
> > > >
> > > > > > > Should I setup a forwarder on my DNS server to point back to
> > > > 172.21.10.2
> > > > > > ???
> > > > > >
> > > > > > Don't mess up the DNS until you have the Routing working.
> > > > > >
> > > > > > Best to show us what your network looks like:
> > > > > >
> > > > > >     ISP--Cisco1--subnet1-Cisco2-subnet2
> > > > > >
> > > > > > ...or whatever you really have.
> > > > > >
> > > > > > > I do not have a "." setup.
> > > > > >
> > > > > > Good but...
> > > > > >
> > > > > > That's DNS and your problems described above are
> > > > > > all IP (routing) based.
> > > > > >
> > > > > > > I do have a Forwarder set for my ISP router
> > > > > > > DNS server points to itself on server.
> > > > > > > Everything works great on segment-1.
> > > > > > >
> > > > > > > Any thought will be appreciated!
> > > > > >
> > > > > > It's likely an "intermediate" router problem where
> > > > > > you have no manual route to the more interior subnet.
> > > > > >
> > > > > > When you have 3 routers involved (my guess) you
> > > > > > must have manual (or dynamic) routes on the MIDDLE
> > > > > > one(s).
> > > > > >
> > > > > > The ISP counts as 1, your gateway router to the ISP is
> > > > > > 2, and if you have multiple segments internally then
> > > > > > you LIKELY have a THIRD router (not always.)
> > > > > >
> > > > > > But this is not what your describe above nor what your
> > > > > > addresses really suggest except for the use of "segment
> > > > > > 1" and "segment 2".
> > > > > >
> > > > > > If you have 2 (or more) internal routers (ISP is 3) then
> > > > > > the one(s) in the middle need additional routes added.
> > > > > >
> > > > > >
> > > > > I have (ISP ISP-Router <- DNS W2k Server <-> CISCO-1 router <->
> > Cisco-2
> > > > > router)
> > > >
> > > > What network range does you ISP give you?
> > > >
> > > > (It's odd they are using 172.20.x.y although legal.)
> > > >
> > > > This means they will have to translate for you to reach
> > > > the Internet, but YOU will also need to translate if you
> > > > use a different private range.
> > > >
> > >
> > > The IP's I listed are my internal IP's.
> > > My ISP router IP is 206.something
> > >
> > >
> > >
> > > > > I can talk from segment-2 (CISCO-2) to Exchange running on
Segment-1
> > > > > (CISCO-1) with no problem.
> > > > >
> > > > >
> > > > > Hopefully I have given everything you asked for.  I did try to
> > "simplify"
> > > > > the IP nbrs I orig gave.  I replaced them with actual IP's.  I
wasn't
> > > > trying
> > > > > to be evassive.
> > > > >
> > > > > Do you want the "ipconfig /all" results from the W2k server & a PC
> > from
> > > > both
> > > > > sides of the segment?
> > > > >
> > > > > Thank you, I do appreciate the patience & help!
> > > > > Bill
> > > > >
> > > > > > -- 
> > > > > > Herb Martin
> > > > > >
> > > > > >
> > > > > >
> > > >
> > > >
> > > >
> >
> >
> >
> ================================================
> ================================================
> ================================================
> Router-1
> User Access Verification
>
> Password:
> hhwp_r1>enable
> Password:
> hhwp_r1#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname hhwp_r1
> !
> boot system flash 1:aaa1582.bin
> no logging console
> enable secret 5 $1$PyQl$mcp79woaaeEPCkRmFeg0e0
> enable password ********
> !
> !
> !
> !
> !
> clock timezone EST -5
> clock summer-time EDT recurring
> ip subnet-zero
> no ip domain-lookup
> !
> ipx routing 0003.e3e2.b820
> !
> !
> !
> interface FastEthernet0/0
>  ip address 172.20.100.10 255.255.0.0
>  no ip mroute-cache
>  speed auto
>  half-duplex
>  ipx network 2B3FE51F
>  no mop enabled
>  bridge-group 1
> !
> interface Serial0/0
>  ip address 192.168.1.1 255.255.255.0
>  no ip mroute-cache
>  ipx network 1234567A
>  no fair-queue
>  bridge-group 1
> !
> router eigrp 100
>  network 10.0.0.0
>  network 172.20.0.0
>  network 192.168.1.0
>  no auto-summary
>  no eigrp log-neighbor-changes
> !
> router igrp 1
>  redistribute connected
>  network 172.20.0.0
>  network 172.21.0.0
>  network 192.168.1.0
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 192.168.1.2
> no ip http server
> !
> dialer-list 1 protocol ip permit
> dialer-list 1 protocol ipx permit
> !
> !
> !
> bridge 1 protocol dec
> !
> line con 0
>  exec-timeout 0 0
>  transport input none
> line aux 0
> line vty 0 4
>  password ********
>  login
> !
> end
>
> hhwp_r1#
>
> ================================================
>
>
> Router-2
> User Access Verification
>
> Password:
> hhwp_r2>enable
> Password:
> hhwp_r2#sh run
> Building configuration...
>
> Current configuration:
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname hhwp_r2
> !
> boot system flash 1:aaa1582.bin
> no logging console
> enable secret 5 $1$PyQl$mcp79woaaeEPCkRmFeg0e0
> enable password ********
> !
> !
> !
> !
> !
> clock timezone EST -5
> clock summer-time EDT recurring
> ip subnet-zero
> no ip domain-lookup
> !
> ipx routing 0003.e377.2900
> !
> !
> !
> interface FastEthernet0/0
>  ip address 172.21.100.10 255.255.0.0
>  no ip mroute-cache
>  speed auto
>  half-duplex
>  ipx network 12345678
>  no mop enabled
>  bridge-group 1
> !
> interface Serial0/0
>  ip address 192.168.1.2 255.255.255.0
>  no ip mroute-cache
>  ipx network 1234567A
>  no fair-queue
>  bridge-group 1
> !
> router eigrp 100
>  network 10.0.0.0
>  network 172.21.0.0
>  network 192.168.1.0
>  no auto-summary
>  no eigrp log-neighbor-changes
> !
> router igrp 1
>  redistribute connected
>  network 172.20.0.0
>  network 172.21.0.0
>  network 192.168.1.0
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 192.168.1.1
> no ip http server
> !
> dialer-list 1 protocol ip permit
> dialer-list 1 protocol ipx permit
> !
> !
> !
> bridge 1 protocol dec
> !
> line con 0
>  exec-timeout 0 0
>  transport input none
> line aux 0
> line vty 0 4
>  password *******
>  login
> !
> end
>
> hhwp_r2#
>
>
> ================================================
>
> Segment-1 PC - Works fine!
>
> Windows IP Configuration
>
>
>
>         Host Name . . . . . . . . . . . . : RM16
>
>         Primary Dns Suffix  . . . . . . . : hhwpcac.org
>
>         Node Type . . . . . . . . . . . . : Hybrid
>
>         IP Routing Enabled. . . . . . . . : No
>
>         WINS Proxy Enabled. . . . . . . . : No
>
>         DNS Suffix Search List. . . . . . : hhwpcac.org
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
>         Connection-specific DNS Suffix  . :
>
>         Description . . . . . . . . . . . : Broadcom NetXtreme 57xx
Gigabit
> Controller
>
>         Physical Address. . . . . . . . . : 00-11-43-A9-9F-69
>
>         Dhcp Enabled. . . . . . . . . . . : No
>
>         IP Address. . . . . . . . . . . . : 172.20.16.1
>
>         Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
>         Default Gateway . . . . . . . . . : 172.20.100.200
>
>                                             172.20.100.10
>
>         DNS Servers . . . . . . . . . . . : 172.20.100.2
>
>
>
> ================================================
>
> Segment-2 PC - Works fine except for accessing Internet.
>
>
>
> Windows IP Configuration
>
>
>
>         Host Name . . . . . . . . . . . . : Hats-Dell-2
>
>         Primary Dns Suffix  . . . . . . . :
>
>         Node Type . . . . . . . . . . . . : Hybrid
>
>         IP Routing Enabled. . . . . . . . : No
>
>         WINS Proxy Enabled. . . . . . . . : No
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
>         Connection-specific DNS Suffix  . :
>
>         Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
> Connection
>
>         Physical Address. . . . . . . . . : 00-0C-F1-8C-B8-B6
>
>         Dhcp Enabled. . . . . . . . . . . : No
>
>         IP Address. . . . . . . . . . . . : 172.21.33.11
>
>         Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
>         Default Gateway . . . . . . . . . : 172.21.100.10
>
>                                             172.20.100.200
>
> ================================================
>
>
> DC/DNS Server
>
>
>
> Windows 2000 IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : hhwpnt1
> Primary DNS Suffix  . . . . . . . : hhwpcac.org
> Node Type . . . . . . . . . . . . : Broadcast
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : hhwpcac.org
>
> Ethernet adapter Local Area Connection 3:
>
>
>
> Connection-specific DNS Suffix  . :
> Description . . . . . . . . . . . : Linksys EG1032 v2 Instant Gigabit
> Network Adapter #2
> Physical Address. . . . . . . . . : 00-0C-41-EB-CB-13
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 172.20.100.2
>
> Subnet Mask . . . . . . . . . . . : 255.255.0.0
>
> Default Gateway . . . . . . . . . : 172.21.100.10
>
> DNS Servers . . . . . . . . . . . : 172.20.100.2
>
> ======
> (This for a dial-up proxy server that is also active for some users)
>
> ======
> PPP adapter ABC Net:
>
> Connection-specific DNS Suffix  . :
> Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
>
> Physical Address. . . . . . . . . : 00-53-45-00-00-00
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 209.143.26.111
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.255
>
> Default Gateway . . . . . . . . . : 209.143.26.111
>
> DNS Servers . . . . . . . . . . . : 209.143.0.10
>                                     66.209.140.124
> NetBIOS over Tcpip. . . . . . . . : Disabled
>
>
> ================================================
> ================================================
> ================================================
>

Relevant Pages

  • Re: Stumped: D-Link Network and PPC w/SanDisk WiFi Card
    ... go to the configuration page and insure you have first ... the router configuration and watch it to see if you can see your PPC when it ... network. ...
    (microsoft.public.pocketpc.wireless)
  • Re: Sharing resources with another home computer
    ... that they obtain their proper IP configuration from the router. ... command line can be used to see what IP configuration a computer is obtaining. ... Be careful in that default share permissions give everyone full control. ... > only to network access while ntfs file permissions apply to network and local ...
    (microsoft.public.win2000.networking)
  • Re: XP/98 ptp and Westell DSL router
    ... Whenever I run the network wizard on the XP box I get scared off when we ... firewall configuration? ... When configured as a NAT router on a private LAN, ...
    (microsoft.public.windowsxp.network_web)
  • Re: 2 nic card setup
    ... the configuration requirements are detailed. ... SBS Internal Nic ... 192.168.2.1 (ip of router lan side) ... >>> Ethernet adapter JP Network: ...
    (microsoft.public.windows.server.sbs)
  • Re: Using Remote Desktop From an SBS Domain
    ... After I thought about needing 3389 forwarded on my router to allow me to ... Remote Desktop "out" from a workstation on my SBS network to a host XP ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
Loading