Re: Intra-site DNS problems

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Alex Lovell-Troy (alovell_at_as.arizona.edu)
Date: 01/25/05 

Date: Tue, 25 Jan 2005 08:03:30 -0700

Herb Martin wrote:
> "trehkopf" <trehkopf@email.arizona.edu> wrote in message
> news:eDpbY0mAFHA.3016@tk2msftngp13.phx.gbl...
>
>>I've been trying to setup Active Directory between two sites and I've run
>>into some trouble getting DNS to update correctly. One of the sites is
>
> using
>
>>NAT while the other one has a standard IP address space. The domain
>>controller at each site uses its opposite at the other site for resolution
>>thus the creating the great circle of DNS. After running DCDIAG.exe on the
>>DC behind the NAT it returns an error:
>
>
> Ace is right. Build a VPN between the two
> routers, and setup the routing so that everything
> for the private address goes out (from the other
> site) through the VPN, and vice versa by routing
> the PUBLIC addresses specific to the partner
> site through the VPN.
>
> This assumes you have have a full service router/NAT/
> VPN.
>
> The VPN doesn't get NAT'ed -- it gets treated as a
> separate interface from the underlying NIC.

I'm working on this problem as well and am not totally clear. I would
appreciate it if someone could humor me and fill in the blanks. I'm
basically a UNIX admin working with the original poster.

We have two sites that we want to join with AD, File Replication, and
DFS. Two identical machines are placed at either end of a T1 to
accomplish this. On side A, we have a fully routable class C. On the
other end, we have a Linux firewall that is translating one routable IP
(x.x.x.116) address directly to the Win2k3 server. The Win2k3 server
thinks of itself with a non-routable ip address (10.10.0.55), but we
know that it can respond (via ping and remote desktop) to traffic
directed at the NAT address (x.x.x.116).

If I understand the responses correctly, our problems are currently just
DNS related, but if we proceed with a hack to fix DNS, we will run into
RPC and KRB problems. What I don't understand is at what point in the
transmission will these problems arise. Can RPC and KRB actually tell
that they are being shoved uncerimoniously through the NAT?

Thanks in advance.

-alex

Relevant Pages

  • Re: AD/DNS with NAT
    ... Datacenters host servers as Domain Controllers AD2003, DNS, Exchange ... sites with the Net ID they use and how they are connected (VPN, ... every small offices to use NAT in order to keep the private IP range ... Forget Firewalls and forget NAT. ...
    (microsoft.public.windows.server.networking)
  • Re: Explorer unresponsive when port 445 is blocked from client
    ... To clarify, yes, the AD dns server is visible to the world. ... I'm using ISP-assigned DNS servers; my AD domain is also my Internet ... using VPN connections to tunnel. ... the domain controllers. ...
    (microsoft.public.win2000.active_directory)
  • Re: feeling dizzy about setting up a small remote office.
    ... | dcpromo a new server ... | - installed dns, killed the dns wizard ... | the remote end of the vpn tunnel. ... |> of the VPN router to its public IP address, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Setting Up LMHost File? (DNS problem on VPN).
    ... If routing and name resolution worked before, what is different about the way you have set up the VPN connection? ... We have around 17 remote sites so using a DC for each would be expensive, and I can't see a benefit at the moment. ... also the DNS server. ... which includes the DNS. ...
    (microsoft.public.windows.server.networking)
  • Re: No http access - server 2003
    ... If VPN server is behind a firewall or router, you don't need setup it as a multihomed computer. ... What should I have as the DNS for the WAN and the LAN ports - both the same or what? ...
    (microsoft.public.windows.server.networking)