DNS issue
-
@Hubtech said:
that just shows that it's not pinging.
No, that's the ping tool unable to look up the DNS entry. Not pinging shows very differently.
-
I removed IPv6 from the NIC and everything resolves now.
This old SBS server is going to be replaced at some point this fall or next winter anyway.
-
@JaredBusch said:
I removed IPv6 from the NIC and everything resolves now.
This old SBS server is going to be replaced at some point this fall or next winter anyway.
Ah, SBS, the Corky from Life Goes On of Microsoft OSes.
BTW, Consider in the future fully, and properly, implementing IPv6 ,especially if you move toward a more modern environment, and I obviously mean along side IPv4. I think it's a shame that a lot of people (Spiceworks users) get Server 2012, all the latest fixins and then want to disable IPv6 without considering the future or any potential benefits (who doesn't love a delicious jumbogram?)
Outside of the US where IPv4 addresses are much more expensive, especially in the second and third world, IPv6 is big time. In Russia, if you want IPv4 internet access, you have to pay more, otherwise you're just on IPv6 and can use one of a billion gateways. China's also big on it, as they've got more people online than the US has all together.
-
No real reason to use IPv6 over IPv4 locally, sure for the WAN it will become a must but that's all handled with NAT. What LAN will ever get big enough to need IPv6?
-
@thecreativeone91 said:
No real reason to use IPv6 over IPv4 locally, sure for the WAN it will become a must but that's all handled with NAT. What LAN will ever get big enough to need IPv6?
Not over, but together for now, why not, especially for future proofing. Secondly, your question about LANs and IPv6 is nonsensical, for a few different reasons:
- IPv6 doesn't need NAT and it was designed to exist without it, thought it does exist, however it works differently in that typically it transforms one part of an address into another. For example, if the internal address is fa30::301a:1001 the external would be 2001::301a:1001.
- Suggesting the LAN isn't big enough really doesn't matter, most LANs aren't big enough for 192.168.0.0/16 either, so that's not even relevant.
- Just as in IPv4, you the size of all of IPv6 has literally nothing to do with the size of your LAN, so the most logical thing would be to allocate just as you would in IPv4. That's why there's subnetting/CIDR (IPv6 only uses CIDR, and you can allocate all the way down to a single 1 address, in spans of 2 ^ 128, which if you need comparison, the same is true with IPv4 but it's 2 ^ 32.) To make things easier, don't use autoconfiguration, and instead make your IPv6 prefixes the same as your IPv4 LAN addresses, so if a machine has 192.168.24.16, you can give it the IPv6 address of 2001::3043:1810, the last bit being hexidecimal of the last two octets of the other address, though there's also a reverse compatible notation for IPv4 addresses wrapped in IPv6, if you're willing to waste time with that.
- IPv4 is not forward compatible, in other words if your LAN is IPv4 only, it won't be able to talk to anything on the IPv6 Internet. There does exist proxies that could do this, but you'd need a machine on the network that's multistack in order to do this, a lot of networks in places with common IPv6 (Russia, China, etc) do have this, so it's not a huge deal, but it does impede non-http traffic or traffic which doesn't typically go well over SOCKS. There's also NAT46, but there are huge technical limitations and really should only be used if no better option, such as multistack, is available.
IPv6 is the future, it's just really far off in the west, however the rest of the world is already converting, and once it's more available with American ISPs, I think it'll creep in a little faster. Most major web sites in America already provide IPv6 support, and as a major provider of adult entertainment on the web, we also provide IPv6 support.
-
I really think IPv6 only WANs are much further off than people keep saying, partially because they've been saying that for years and years. And the other thing is with most connections being Dynamic IPs they aren't as limited on IPv4 as the can recycle the addresses (and do, especially DSL connections which may drop with no traffic). There's also a lot of ISPs transitioning to not using public IPs for consumers (business or home) WAN connections unless they pay for a Static IP meaning thousands of users will be under one Private gateway address off of their wan network (for the ISPs it also has the added benefit of you not being able to open ports/host services without paying).
I have setup IPv4 LANs with IPv6 WANs before as some gear needed wasn't compatible with IPv6, and they didn't wish to upgrade. Many routers will support this using a NAT64/NAT46 with a tunnel. Not something I recommend but can be done.
-
@thecreativeone91 said:
I really think IPv6 only WANs are much further off than people keep saying,
I agree, but I limit that view to the west, because there are places in the world where they're becoming the norm. I think the future is actually set to have both, together, for a very long time. My guess is that American ISPs will start charging more for IPv4 addresses and nothing at all (aside from the service itself) for IPv6 addresses. This model is already in use around the world, and works out well.
partially because they've been saying that for years and years.
Imagine how I feel, I've been promoting and working with IPv6 since about 2001. It's been a long road. To give myself credit though, I was never one of those "we're gonna run out tomorrow" people or "transition is coming very soon," my thoughts were always "this is going to take a while and ISPs and IT departments are going to try to really push it off as long as possible, to the point where it's painful."
And the other thing is with most connections being Dynamic IPs they aren't as limited on IPv4 as the can recycle the addresses (and do, especially DSL connections which may drop with no traffic).
This is true, however even now some ISPs are coming up fantastically short and actually about 2 years ago Cox Communications went through a huge renumbering campaign with business customers in order to lower the total amount of allocated addresses. I imagine this bought them a few extra years. Another thing that can be done, and is typically done already, is that if a customer is dynamic, it will fail over to NAT (which you wrote about in your post as well). I've seen this happen before, where you receive an internal address from your ISP. You can still get online, however, you're behind their NAT. This is also in use in places where IPv4 addresses are extremely limited; America has more than anyone.
Dropping off inactive customers is another stop gap solution, however with the rise of cellphones and other internet devices, especially with streaming, this won't last forever.
If you combine ISP-level NAT, dropping off inactive devices, etc, you still only get a small window, there is the overall technical limitation of IPv4 in of itself. These are all temporary solutions.
I have setup IPv4 LANs with IPv6 WANs before as some gear needed wasn't compatible with IPv6, and they didn't wish to upgrade. Many routers will support this using a NAT64/NAT46 with a tunnel. Not something I recommend but can be done.
NAT64/46 is pretty much a thing that shouldn't be done, I agree, if anything people should be multistack if they are trying to coexist.
I'm totally in favour of people transitioning to using IPv6 and IPv4, so that in 5 to 10 years, probably closer to 10, as western ISPs start to catch up with the rest of the world (this is typical, as by the time most Europeans were using DSL, most Americans still had dial up for many more years) people won't scramble to update their networks. I think though the transition will likely be less of a big deal than other historical ones, because since people are moving more "to the cloud" and web apps, and so on, there's less need for crappy software companies to fix their issues, though a lot of people will still be stuck with old stuff that can't be fixed or was created by a company which refuses to fix it (essentially most niche software companies are like this) and it's good there's things like NAT46.
The point of my post above on the issue though was that the desire to rid a network of IPv6 instead of being multistack, I think is a mistake and instead American IT people need to learn to work with it and get used to the idea of it existing, so they're not left behind, as usual.
-
If the website is hosted externally, and you are using that same domain name internally (guardiananytmie.com) then you may need to set up a delegation for the www subdomain. You would delegate another DNS server (Google's public one or maybe your ISP's) to resolve the subdomain.
I've seen this help many times, so I hope it helps you, too.
-
I haven't really worked with IPv6, what about an internal resource.
Let's assume that the above listed website was internal. Would DNS provide the IPv4 address, and the end point would switch over to that stack?
-
@doyle.jack said:
If the website is hosted externally, and you are using that same domain name internally (guardiananytmie.com) then you may need to set up a delegation for the www subdomain. You would delegate another DNS server (Google's public one or maybe your ISP's) to resolve the subdomain.
Do people not read? I clearly stated that his was not a domain owned by the SBS server....
-
@JaredBusch said:
@doyle.jack said:
If the website is hosted externally, and you are using that same domain name internally (guardiananytmie.com) then you may need to set up a delegation for the www subdomain. You would delegate another DNS server (Google's public one or maybe your ISP's) to resolve the subdomain.
Do people not read? I clearly stated that his was not a domain owned by the SBS server....
And I clearly stated - Let's assume that the above listed website was internal - meaning I AM asking a different question.
-
@Dashrender said:
And I clearly stated - Let's assume that the above listed website was internal - meaning I AM asking a different question.
I was replying to the post prior as well as another person above recommending the same thing.
-
WOW, now I'm the ass - seriously I need new glasses - Sorry @JaredBusch
-
@Dashrender said:
WOW, now I'm the ass - seriously I need new glasses - Sorry @JaredBusch
Coffee helps at this time of the day.
Note: I realize that this is a global forum and I will note that Coffee helps me at any time of the day.
-
There's no CNAME or A record for WWW. Fresh from dig.
C:\Users\v436525\Downloads\BIND9.10.1-P1.x64>dig guardiananytime.com any
; <<>> DiG 9.10.1-P1 <<>> guardiananytime.com any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8836
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;guardiananytime.com. IN ANY;; ANSWER SECTION:
guardiananytime.com. 3553 IN A 63.66.47.183
guardiananytime.com. 86353 IN NS dns1p.prod.gliconline.com.
guardiananytime.com. 86353 IN NS rdrcdns.glic.com.
guardiananytime.com. 86353 IN SOA dns1p.prod.gliconline.com. bnico
lai.glic.com. 2005165536 21600 3600 604800 600;; ADDITIONAL SECTION:
dns1p.prod.gliconline.com. 86353 IN A 63.66.47.140
rdrcdns.glic.com. 86353 IN A 208.253.53.149;; Query time: 260 msec
;; SERVER: 10.1.3.12#53(10.1.3.12)
;; WHEN: Mon Feb 23 11:00:18 Central Standard Time 2015
;; MSG SIZE rcvd: 204Need to either put one in or have whomever hosts it put one in.
-
@doyle.jack Welcome to MangoLassi!
-
@PSX_Defector thanks, that at least means I am not crazy.
So this begs the question of why this works fine on every other network I have tried it on, just the one network where it fails.
But, I do not care at this point as the user can now get there and sign in and do what she needs to do.
Maybe next week I'll have time to care about a 3rd party issue.
-
@JaredBusch said:
@PSX_Defector thanks, that at least means I am not crazy.
So this begs the question of why this works fine on every other network I have tried it on, just the one network where it fails.
Depends on the vendor, maybe your DNS servers are not getting the info properly.
Just slap in a CNAME record on the SBS for www to point to the root domain. It should resolve properly internally then.
-
@PSX_Defector said:
Depends on the vendor, maybe your DNS servers are not getting the info properly.
SBS is using 8.8.8.8 and 8.8.4.4 as the forwarders
@PSX_Defector said:
Just slap in a CNAME record on the SBS for www to point to the root domain. It should resolve properly internally then.
Pulling the IPv6 caused something to make it resolve or that is what I was going to do.
-
@JaredBusch said:
@PSX_Defector said:
Depends on the vendor, maybe your DNS servers are not getting the info properly.
SBS is using 8.8.8.8 and 8.8.4.4 as the forwarders
Strange, maybe the NS is doing some kind of tricks on their end to put in the WWW for the customer. But I can only see what I see.
C:\Users\v436525\Downloads\BIND9.10.1-P1.x64>dig @8.8.8.8 guardiananytime.com an
y; <<>> DiG 9.10.1-P1 <<>> @8.8.8.8 guardiananytime.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50753
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;guardiananytime.com. IN ANY;; ANSWER SECTION:
guardiananytime.com. 21599 IN SOA dns1p.prod.gliconline.com. bnico
lai.glic.com. 2005165536 21600 3600 604800 600
guardiananytime.com. 21599 IN NS rdrcdns.glic.com.
guardiananytime.com. 21599 IN NS dns1p.prod.gliconline.com.
guardiananytime.com. 3599 IN A 63.66.47.183;; Query time: 202 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Feb 23 11:24:07 Central Standard Time 2015
;; MSG SIZE rcvd: 172C:\Users\v436525\Downloads\BIND9.10.1-P1.x64>dig @8.8.4.4 guardiananytime.com an
y; <<>> DiG 9.10.1-P1 <<>> @8.8.4.4 guardiananytime.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51353
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;guardiananytime.com. IN ANY;; ANSWER SECTION:
guardiananytime.com. 21578 IN SOA dns1p.prod.gliconline.com. bnico
lai.glic.com. 2005165536 21600 3600 604800 600
guardiananytime.com. 21578 IN NS rdrcdns.glic.com.
guardiananytime.com. 21578 IN NS dns1p.prod.gliconline.com.
guardiananytime.com. 3578 IN A 63.66.47.183;; Query time: 37 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Mon Feb 23 11:24:28 Central Standard Time 2015
;; MSG SIZE rcvd: 172