Re: DNS Configuration Problem
From: Eriq Neale (eon_at_eonconsulting.idonotwantspam.net)
Date: 03/18/05
- Next message: Les Connor [SBS Community Member - SBS MVP]: "Re: Remote Web Workplace"
- Previous message: Les Connor [SBS Community Member - SBS MVP]: "Re: Linksys, SBC, SBS 2003, and internet"
- In reply to: GG: "Re: DNS Configuration Problem"
- Next in thread: Eriq Neale: "Re: DNS Configuration Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 18 Mar 2005 14:27:36 GMT
Hey GG - responses inlie...
On 2005-03-18 01:30:19 -0600, "GG" <news@nospam.assysm.com> said:
> Hi,
>
>> Where did you find documentation that the internal network adapter
>> MUST point to the loopback IP?
>
> I do not read all book on SBS, and I don't know, but I am little logic.
> With a network sniffer I sniff my network and when I configure IP address
> 192.168.16.2 on the nicI watch a lot of DNS frame coming from the
> server for the server destination, when you configure loopback (127.0.0.1)
> on the nic interface you do not get out anymore this kind of DNS request,
> and you save traffic all over you local network.
Just for the sake of curiosity and no to belabor the point, but where
did you have this network sniffer attached? Did you use netmon on the
server watching the internal IP interface?
Just for grins, I ran a netcap trace on an XP workstation connected on
my internal network and did a large number of DNS lookups from my
server for the local network and the internet. How many DNS packets did
I see on my XP NIC? Zero. How many total packets did I capture on the
XP PC? Zero. this is to be expected, as netcap only grabs packets that
are targetted to the local workstation. So, my initial conclusion from
this is that the DNS request packets from the server did not go out on
the net directed to my XP box as a directed packet or as a broadcast
packet.
Granted, that's not much of a test, but at least I know that no
directed or broadcast packets were sent across the net. Now I only have
a hub that connects my server to this workstation, not even a switch,
so the XP box will see any packet that's on the local network. So I run
a real network sniffer on this workstation, Ethereal. I run the same
test - start a capture session on the XP box, run a large number of DNS
queries on the SBS server, and look at the results. Only this time I
make sure I run an ipconfig /flushdns on the server before doin any DNS
queries to make sure there's nothing in the local cache that would
prevent it from doing an actual query. Also, I use a number of both
local and external DNS names that I didn't use in the first pass.
When I look at the Ethereal capture, I see a lot of traffic. SMB
conection requests, NetBIOS packets, LANMAN packets, bu not a single
DNS packet. This tells me that not a single DNS request from the server
made it out on the physical network.
I'm going to make an assumption here. i'm going to guess that you're
basing the paragraph above on dat you saw when running netmon or
another packet analyzer tool on the server itself. When you run one of
those tools on the server and analyze the traffic, you will see DNS
requests arive at the NIC interface on the non-loopback address because
those packets are received there. But just because they show up on a
local trace (which is the expected behavior, BTW) does not mean that
the packet actually went out on the physical network. No, you will not
see the same traffic when you configure DNS to use the loopback
address, because that request is not hitting the adapters IP address.
Bottom line, the processing on the server is exactly the same whether
you use the loopback adapter or the NIC IP address in the DNS
configuration. The server still handles the process internally. The
packet never goes across the wire. Since the packet never goes across
the wire, you argument for using 127.0.0.1 for DNS becomes invalid. I'm
not saying that using 127.0.0.1 for DNS will not work, it will. But
your reasoning for using that address opposed to the NIC adapter's
address no longer holds water.
At this point, it becomes a matter of semantics. Which is better advice
to give: recomend that all network cards on the SBS server and conected
workstations use the internal IP address of the SBS server NIC as teh
DNS serve? Or configure the workstations to use the SBS internal IP
address for DNS, configure the internal NIC on the SBS sever to use
127.0.0.1, and don't configure DNS at all on the external SBS NIC? I
know which way I'm going to continue to configure my clients and
recommend to other consultants out in the SBS world.
> Now try to configure loopback address (127.0.0.1) on your two nic
> and let me know if it does not work correctly.
Again, my point is not that it will not work. I'm simply saying that
your reasoning behind this is not valid. Plus, the word from Microsoft,
both support and development groups, has been to have all computers on
an SBS network, including the server, point to the internal SBS NIC for
DNS. Those people know the product better than anyone. The vast
majority of SBS MVPs also make this recommendation, and they've got the
second-best level of knowledge of the product, specifically when it
comes to actual installation. I have not run aross another SBS person
who says that there are problems with following this standard
configuration. We see people on a daily basis who misconfigure their
network settings, give them the best practice configuration, and their
problems are resolved. If it ain't broke, why "fix" it?
I'm not saying that you shouldn't use 127.0.0.1 for DNS if you want.
Obviously, it works for you. But when it comes to simplicity of
explanation and setup, i can see absolutely no value in telling others
to use that configuration when the best practice configuration works
exactly the same way.
-Eriq
-- Eriq Neale - MCSE, MCSA Messaging, MCP Small/Medium Business, Mac Guru EON Consulting - www.eonconsulting.net Need additional IT insight? E-mail "support at eonconsulting dot net"
- Next message: Les Connor [SBS Community Member - SBS MVP]: "Re: Remote Web Workplace"
- Previous message: Les Connor [SBS Community Member - SBS MVP]: "Re: Linksys, SBC, SBS 2003, and internet"
- In reply to: GG: "Re: DNS Configuration Problem"
- Next in thread: Eriq Neale: "Re: DNS Configuration Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
