Certbot
-
What DNS addresses are your clients getting from DHCP?
-
@aaronstuder said in Certbot:
What DNS addresses are your clients getting from DHCP?
we dont use DHCP. Clients are statically assigned 118.5
-
@alex.olynyk said in Certbot:
we dont use DHCP. Clients are statically assigned 118.5
It just gets better, and better.....
-
@JaredBusch said in Certbot:
128.1 is the only DC/DNS on site so its pointing to 118.5 which is a DC/DNS server at a remote site.
Gods, what a train wreck, but I keep coming back...
The DNS setting in the NIC for a DC (assuming it is also a DNS server) should ALWAYS point to itself first.
It should never point to anything else first.
DNS 1: 127.0.0.1
DNS 2: Some other INTERNAL DNS serverOK I'll disagree here. A DC should always point to another DC first and itself second. The assumption is that the other DC will be up and running while this DC is down. This will allow this DC to boot up faster on the assumption that DNS isn't the first thing that comes up.
I have seen faster reboots because I point to some other DNS server instead itself first.
-
@alex.olynyk said in Certbot:
@aaronstuder said in Certbot:
What DNS addresses are your clients getting from DHCP?
we dont use DHCP. Clients are statically assigned 118.5
While I don't understand your lack of use of DHCP, that shouldn't really matter.
The clients do need to have DNS entries of only DNS servers within your network, they should never have an DNS entry for something outside your network, like google's 8.8.8.8 or your ISPs DNS servers. That will cause all kinds of problems.
-
@Dashrender said in Certbot:
@JaredBusch said in Certbot:
128.1 is the only DC/DNS on site so its pointing to 118.5 which is a DC/DNS server at a remote site.
Gods, what a train wreck, but I keep coming back...
The DNS setting in the NIC for a DC (assuming it is also a DNS server) should ALWAYS point to itself first.
It should never point to anything else first.
DNS 1: 127.0.0.1
DNS 2: Some other INTERNAL DNS serverOK I'll disagree here. A DC should always point to another DC first and itself second. The assumption is that the other DC will be up and running while this DC is down. This will allow this DC to boot up faster on the assumption that DNS isn't the first thing that comes up.
I have seen faster reboots because I point to some other DNS server instead itself first.
Microsoft agrees with you, but I have dealt with too many issue like this to like that answer.
Faster or slower is not really relevant. If you are relying on DC reboot speed for anything in your network, you have some other issues.
Relevant to the topic, his DNS is obviously hosed because it is not resolving right. So set it to 127.0.0.1 first and then secondary to the other DNS server. make sure everything works, then figure out what is going wrong with DNS replication.
Once that is then resolved, you can change the DC to point to the other first again.
-
[192.168.128.1]: PS C:\Windows\system32> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : RV-DC1
Primary Dns Suffix . . . . . . . : ROSE.internal
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ROSE.internalEthernet adapter Local Area Connection 6:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : New Virtual Network
Physical Address. . . . . . . . . : F0-4D-A2-0A-D2-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.128.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.128.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.118.5
NetBIOS over Tcpip. . . . . . . . : Enabled -
@alex.olynyk and what does
nslookupreport now.Come on think man. Can you not post the obvious next question without being led to water?
-
Does it work now?
-
Microsoft Windows [Version 10.0.14342]
(c) 2016 Microsoft Corporation. All rights reserved.C:\Users\Alex>nslookup
Default Server: UnKnown
Address: 192.168.128.1server 192.168.128.1
Default Server: [192.168.128.1]
Address: 192.168.128.1owncloud.roseradiology.com
Server: [192.168.128.1]
Address: 192.168.128.1Non-authoritative answer:
Name: owncloud.roseradiology.com
Address: 209.156.58.217 -
is DNS installed on RV-DC1?
I mean, yeah it's a DC (we think) and the default is to install DNS on all DCs, but you don't have to.
-
@alex.olynyk said in Certbot:
Non-authoritative answer:
Name: owncloud.roseradiology.com
Address: 209.156.58.217This is the part that does not make sense now.
why does it think it's non-authoritative? -
-
@Dashrender said in Certbot:
is DNS installed on RV-DC1?
I mean, yeah it's a DC (we think) and the default is to install DNS on all DCs, but you don't have to.
Actually I take this back. NSLOOKUP I think is telling us that 192.168.128.1 is a DNS server, and we know that RV-DC1 is that IP address from the previous post.
-
@JaredBusch said in Certbot:
@Dashrender Thsi is what he had a couple days ago.
@alex.olynyk said in Certbot:
Yes, but i had to delete the roseradiology.com zone because mail and www were not working internally. I cant do this until I know it works.Even though I added the A records to the zone
-
@Dashrender said in Certbot:
is DNS installed on RV-DC1?
I mean, yeah it's a DC (we think) and the default is to install DNS on all DCs, but you don't have to.
-
@alex.olynyk said in Certbot:
Yes, but i had to delete the roseradiology.com zone because mail and www were not working internally. I cant do this until I know it works.
-
@alex.olynyk said in Certbot:
@JaredBusch said in Certbot:
@Dashrender Thsi is what he had a couple days ago.
@alex.olynyk said in Certbot:
Yes, but i had to delete the roseradiology.com zone because mail and www were not working internally. I cant do this until I know it works.Even though I added the A records to the zone
DUDE - really? we can't help you if you keep removing the changes we tell you to make.
-
you HAVE to suffer downtime to solve this problem.
You really need live support.
Please PM JB and get a contract in place...
