Weitere ähnliche Inhalte Ähnlich wie Advanced DNS/DHCP for Novell eDirectory Environments (20) Advanced DNS/DHCP for Novell eDirectory Environments1. Advanced DNS/DHCP for
eDirectory™ Environments Version 1.5
Allan Hurst Terry DeFreese
Partner and Director of Enterprise Strategy Engineer, Worldwide Support
KIS Novell
allanh@kiscc.com tdefreese@novell.com
2. Housekeeping
• Cell phones, pagers, Treos, Blackberries, etc.,
set them all to stun, please. No noise is
good noise.
• If you have a question, it’s absolutely OK to
ask. It’ll help if you raise your hand first to get
my attention. I’ll try to answer on the fly.
• It’s OK to have fun in here. Honest.
2 © Novell, Inc. All rights reserved.
3. Who are these guys, anyway?
Allan Hurst
• Works for KIS (“Keep IT Simple”)
• Partner and Director of Enterprise Strategy
Master CNE working with Novell products since 1988 (2.0a)
SM
• ®
• One of four partners at KIS, a Novell Platinum Partner and Novell Gold
Training Partner in Fremont, CA, Kansas City, MO, and Cleveland, OH.
• Runs the Enterprise Strategy Practice (network planning, migrations,
upgrades, moves, re-architecting, and clean-up)
• Also runs “The WAP Squad.” (“WAP” stands for …)
• Author of the classic BrainShare presentations, Demystifying DNS and
SLP Made Easy
3 © Novell, Inc. All rights reserved.
4. Who are these guys, anyway?
Terry DeFreese
• Works for Novell Worldwide Support®
• Backline Engineer
• Specializes in DNS/DHCP Issues
4 © Novell, Inc. All rights reserved.
5. Who are you?
• Novell Open Enterprise Server 2 (OES2)
®
administrator and/or network manager
• You already know the basics of DNS and DHCP
• Have moved/are moving to OES, and have some
concerns about maintaining Novell DNS/DHCP on a
Linux-based OES2 server
• Some workstations on your network may have odd
resolving problems
• You may be struggling with integrating both Novell
DNS/DHCP into a network which also contains
Active Directory DNS
5 © Novell, Inc. All rights reserved.
6. Where did this session come from?
• This session is the follow-up to Allan’s session from
previous years, entitled “Demystifying DNS”. Every
year the session was presented, people asked for a
second session with more advanced material.
• Many people are still embarrassed to publicly ask about
the basics of DNS or DHCP.
• It’s OK for you to ask anything about DNS/DHCP that
you wish – that’s what this session is for!
(We may not always have the answers, but this is
how sessions get revised to better meet your needs.)
6 © Novell, Inc. All rights reserved.
7. About This Session
• Resolving DNS Requests • DHCP on OES2 DNS
• Why Johnny Can't Read • DNS & DHCP
Resolve
• DNS & eDirectory™
• Short vs. Long DNS
Names • DNS, eDirectory and
Active Directory
• Suffering With Suffixes
• Adminstering DNS
• Resolving DNS Problems using eDirectory
• DNS on OES2 • Tips & Tricks
7 © Novell, Inc. All rights reserved.
9. Issues in DNS Resolution
• Workstations can’t find server during login
• Workstations can't resolve a "short" DNS name
• Workstations append the wrong DNS suffix to a “short”
DNS name
• Web browsing produces strange errors and results
Let’s review how DNS resolution works...
DNS
DNS
9 © Novell, Inc. All rights reserved. D
10. How a PC Resolves DNS Requests
“What is the
IP address of
http://www.novell.ca?” 1 PC’s local hosts file doesn’t contain the entry, so
the PC asks the LAN’s internal DNS server
Hosts
INTERNAL
DNS SERVER
2 Internal DNS
Server doesn’t
know, so it
queries the
ISP’s DNS
ISP'S DNS
SERVER
4 ISP queries “.ca” 3 ISP’s DNS Server has no
TOP LEVEL TLD server to earthly idea, so it queries
DOMAIN see who handles the root server to find the
SERVER “novell.ca” “.ca” TLD server
FOR “.CA” (NOT SHOWN HERE)
10 © Novell, Inc. All rights reserved.
11. How a PC Resolves DNS Requests
“What is the
IP address of
http://www.novell.ca?” 1 PC’s local hosts file doesn’t contain the entry, so
the PC asks the LAN’s internal DNS server
Hosts
INTERNAL
DNS SERVER
7 Internal DNS server tells PC, 2 Internal DNS
“www.novell.ca = 130.57.4.70” Server doesn’t
ISP queries the name server
6 know, so it
for “novell.ca” (NOT SHOWN HERE) queries the
“www.novell.ca = 130.57.4.70” ISP’s DNS
5 “.ca” TLD server gives out
and passes that information
location of server(s) handling back to internal DNS.
NS duties for “novell.ca”
(NOT SHOWN HERE)
ISP'S DNS
SERVER
4 ISP queries “.ca” 3 ISP’s DNS Server has no
TOP LEVEL TLD server to earthly idea, so it queries
DOMAIN see who handles the root server to find the
SERVER “novell.ca” “.ca” TLD server
FOR “.CA” (NOT SHOWN HERE)
11 © Novell, Inc. All rights reserved.
13. Why Johnny Can’t Read Resolve
Four things must be configured on each workstation:
Example: offissa-ws.cocnino.co.az.us
1. Host name. (e.g., “offissa-ws”)
2. Primary DNS suffix. (e.g., “coconino.co.az.us”)
3. List of DNS servers to use for resolution.
4. DNS suffix search list or search method (for “short”, or “unqualified”
names, meaning the name has no DNS domain attached).
If any of these things aren’t set up correctly, the
workstation will probably not be able to resolve.
13 © Novell, Inc. All rights reserved.
14. Short vs. Long DNS Names
DNS names can be specified in a relative (short) or fully
qualified (long) format. For example:
Relative: fs1
Fully Qualified: fs1.hq.xyzzy.com
With relative names, the workstation (or server) will
append the default DNS suffix.
14 © Novell, Inc. All rights reserved.
15. Short vs. Long DNS Names
Assuming the workstation in the prior example has a
(correct) DNS suffix of “hq.xyzzy.com”, it will interpret a
short name of “fs1” as equivalent to the fully qualified
name, so that:
fs1[.hq.xyzzy.com] = fs1.hq.xyzzy.com
This will only work, however, if the workstation has the
correct DNS suffix.
Much of the DNS troubleshooting work I’ve performed in
the past couple of years has centered around networks
handing out an incorrect DNS suffix.
15 © Novell, Inc. All rights reserved.
17. Where Do DNS Suffixes Come From?
Contrary to popular belief, DNS suffixes do not come
from under a cabbage leaf. They can be assigned to
workstations in various ways.
– DHCP (The preferred method at 90% of my customers)
– ZCM / GPO / AD (For complex installations)
– Manual Assignment (Try to avoid if possible)
When a workstation can’t resolve, the trick is finding out
what the DNS suffix is, and where it’s coming from.
17 © Novell, Inc. All rights reserved.
18. What are My DNS Suffixes?
If your workstations aren’t able to resolve short DNS
names, then you need to know two things:
1. What DNS suffix(es) do I want my workstations to use?
2. What DNS suffix(es) are my workstations actually using?
Hopefully, you already know the answer to question #1.
To determine the answer to question #2, we need to turn
to our old friend, the ipconfig /all command.
Let’s look at a “vanilla” configuration, with no DNS
suffixes explicitly set up on the workstation except for
what it got from DHCP...
18 © Novell, Inc. All rights reserved.
19. “Normal” DHCP-enabled Workstation
C:>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : offisa-ws
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coconino.co.az.us
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : coconino.co.az.us
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-43-0A-E5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.129.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.129.1
DHCP Server . . . . . . . . . . . : 192.168.129.1
DNS Servers . . . . . . . . . . . : 192.168.129.2
192.168.129.20
Lease Obtained. . . . . . . . . . : Saturday, January 30, 2010 4:03:14 PM
Lease Expires . . . . . . . . . . : Sunday, January 31, 2010 4:03:14 PM
19 © Novell, Inc. All rights reserved.
20. “Normal” DHCP-enabled Workstation
C:>ipconfig /all This field shows you what DNS
suffix will be added to short names
Windows IP Configuration by default. If it’s blank or wrong,
Host Name . . . . . . . . . . . . : offisa-ws you’ll have problems.
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : coconino.co.az.us
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : coconino.co.az.us
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-43-0A-E5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.129.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.129.1
DHCP Server . . . . . . . . . . . : 192.168.129.1
DNS Servers . . . . . . . . . . . : 192.168.129.2
192.168.129.20 the DNS suffix assigned to this
This is
Lease Obtained. . . . . . . . . . : Saturday, January network adapter.
30, 2010 4:03:14 PM
Lease Expires . . . . . . . . . . : Sunday, January 31, 2010 4:03:14 PM
20 © Novell, Inc. All rights reserved.
21. “Normal” DHCP-enabled Workstation
C:>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : offisa-ws
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No Watch what happens
WINS Proxy Enabled. . . . . . . . : No to these fields when
DNS Suffix Search List. . . . . . : coconino.co.az.us we try different types
of configurations
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : coconino.co.az.us
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-43-0A-E5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.129.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.129.1
DHCP Server . . . . . . . . . . . : 192.168.129.1
DNS Servers . . . . . . . . . . . : 192.168.129.2
192.168.129.20
Lease Obtained. . . . . . . . . . : Saturday, January 30, 2010 4:03:14 PM
Lease Expires . . . . . . . . . . : Sunday, January 31, 2010 4:03:14 PM
21 © Novell, Inc. All rights reserved.
22. Where are DNS Suffixes Changed?
1. Local Area Connection Properties
Internet Protocol (TCP/IP) Properties
“Advanced” Button
“DNS” Tab
2. My Computer
Properties
Computer Name
"Change" Button
"More" Button
22 © Novell, Inc. All rights reserved.
23. Changing DNS Suffix:
LAN Properties
So what happens
if a DNS suffix is
added here?
23 © Novell, Inc. All rights reserved.
24. Changing DNS Suffix:
Computer Properties
And what happens if
we explicitly define a
DNS suffix here, too?
24 © Novell, Inc. All rights reserved.
25. Result Of Changing DNS Suffix
C:>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : offissa-ws
Primary Dns Suffix . . . . . . . : set-under-system-properties.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : set-under-system-properties.com
dns-suffix-for-this-connection
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : dns-suffix-for-this-connection
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-43-0A-E5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.129.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.129.1
DHCP Server . . . . . . . . . . . : 192.168.129.1
DNS Servers . . . . . . . . . . . : 192.168.129.2
192.168.129.20
Lease Obtained. . . . . . . . . . : Saturday, January 30, 2010 11:33:02 AM
Lease Expires . . . . . . . . . . : Sunday, January 31, 2010 11:33:02 AM
25 © Novell, Inc. All rights reserved.
26. Adding Multiple DNS Suffixes
Here's what: If a DNS
search order is
So what specified, it will
happens if a override the primary
couple of DNS and connection
suffixes are specific DNS suffixes.
added here?
Notice that we haven’t
explicitly specified a
DNS suffix for this
connection; that’s
normally picked up
automatically via DHCP.
26 © Novell, Inc. All rights reserved.
27. Result Of Adding Multiple Suffixes
C:>ipconfig /all These will be searched instead of the
primary or connection specific DNS suffixes
Windows IP Configuration
Host Name . . . . . . . . . . . . : offissa-ws
Primary Dns Suffix . . . . . . . : [blank; we didn’t set this explicitly]
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : appended-dns-suffix-1
appended-dns-suffix-2
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : this-dns-suffix-came-from-dhcp
Description . . . . . . . . . . . : NETGEAR GA311 Gigabit Adapter
Physical Address. . . . . . . . . : 00-0F-B5-43-0A-E5
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.129.203
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.129.1
DHCP Server . . . . . . . . . . . : 192.168.129.1
DNS Servers . . . . . . . . . . . : 192.168.129.2
192.168.129.20
Lease Obtained. . . . . . . . . . : Saturday, January 30, 2010 11:33:02 AM
Lease Expires . . . . . . . . . . : Sunday, January 31, 2010 11:33:02 AM
27 © Novell, Inc. All rights reserved.
29. Troubleshooting Tools for DNS
nslookup
• “Built-in” to Windows and Linux.
• Linux version is deprecated, succeeded by “dig”.
dig
• Preferred tool in Linux.
• Has been ported to Windows; Google “dig for windows”.
29 © Novell, Inc. All rights reserved.
30. Basic nslookup Commands
[hostname] ... Resolve [name] to IP address
[IP address] ... Resolve IP address to hostname
server [hostname or IP] ... Use this DNS server
set type = [mx|a|ns|any] ... Filter for (mx, a, ns, any) records
[domain name] ... List records (filtered results if “set type” used)
exit ... Exit program
30 © Novell, Inc. All rights reserved.
31. Query a Single Name Using nslookup
C:>nslookup
Default Server: ignatz.allanh.com
Address: 192.168.129.2
> server krazy.allanh.com
Default Server: krazy.allanh.com
Address: 192.168.129.20 This is the server that
> www.novell.com was queried
Server: krazy.allanh.com
Address: 192.168.129.20
Indicates that this reply
Non-authoritative answer: came from a server other
Name: www.novell.com
Address: 130.57.5.25 than the authoritative
name server on record
> 130.57.5.25
•Server: krazy.allanh.com
Address: 192.168.129.20 The answer to the query
Name: www.novell.com
Address: 130.57.5.25
31 © Novell, Inc. All rights reserved.
32. Query Name Servers Using nslookup
> set type=ns Answer
> kiscc.com to Query
Server: ignatz.allanh.com
Address: 192.168.129.2
Non-authoritative answer:
kiscc.com nameserver = ns41.domaincontrol.com
kiscc.com nameserver = ns42.domaincontrol.com
ns41.domaincontrol.com internet address = 216.69.185.21
ns42.domaincontrol.com internet address = 208.109.255.21
List of authoritative
name servers
32 © Novell, Inc. All rights reserved.
33. Query MX Records Using nslookup
> set type=mx Answer
> kiscc.com to Query
Server: ignatz.allanh.com
Address: 192.168.129.2
Non-authoritative answer:
kiscc.com MX preference = 10, mail exchanger = mail.kiscc.com
kiscc.com nameserver = ns42.domaincontrol.com
kiscc.com nameserver = ns41.domaincontrol.com
ns41.domaincontrol.com internet address = 216.69.185.21
ns42.domaincontrol.com internet address = 208.109.255.21
List of authoritative
name servers
33 © Novell, Inc. All rights reserved.
34. Basic Problem Resolution
I can't resolve
“krazy.fubar.com”
1 Check the hosts file for spurious entries
Hosts
INTERNAL
DNS SERVER
Basic DNS Troubleshooting: 2 Run
NSLOOKUP
1. Work from one end to the other, one segment at a against the
time. Don't skip segments. internal DNS
server (or
2. Learn to use NSLOOKUP (or DIG). whatever DNS
3. Don't rely on PING to test DNS resolution; you server the
workstation is
never know what it's talking to for information. pointing to)
ISP'S DNS
SERVER
4 Run NSLOOKUP
NAME against the NS of
SERVER FOR
DOMAIN record for the 3 Run NSLOOKUP against
HAVING domain the ISP's DNS server
PROBLEMS
34 © Novell, Inc. All rights reserved.
36. DNS on OES2
DNS under NetWare and OES2 are quite compatible,
®
right down to the (current version of) management tools
such as iManager and/or the Java-based DNS/DHCP
Console.
However, the DNS module on OES2 is not the same as
on “vanilla” SUSE Linux Enterprise Server 10:
®
OES2 SLES 10 (not OES2)
rcnovell-named named
36 © Novell, Inc. All rights reserved.
37. OES2 DNS Command Differences
Here are the basic command differences, taken from the
OES2 DNS/DHCP documentation:
37 © Novell, Inc. All rights reserved.
39. OES2 DHCP ≠NetWare DHCP
DHCP on OES is different than the NetWare version
®
• The OES2 DHCP uses different dhcpLocator and
dhcpGroup objects than NetWare. Please don’t point to
the NetWare objects when installing and configuring
OES2 DHCP
• You’ll also need to download a new version of the Java
console, which should be available from the OES2
server’s default web page
39 © Novell, Inc. All rights reserved.
41. DHCP on OES2
As with the DNS server, the DHCP server on OES2 uses
different commands than you’re probably used to:
41 © Novell, Inc. All rights reserved.
43. DNS and DHCP
If DHCP has been set up correctly, workstations will pick
up a default domain name (“DNS suffix”) that way:
43 © Novell, Inc. All rights reserved.
44. DNS and DHCP – Things To Remember
• When creating a DHCP subnet, a common error is
forgetting to fill out the Domain Name field in iManager.
• If you have more than one DHCP subnet, you may
have more than one subdomain. Make sure each
DHCP subnet is passing the correct subdomain
information to workstation DNS. For example:
192.168.1.x = fubar.com
192.168.2.x = shipping.fubar.com
192.168.3.x = accounting.fubar.com
44 © Novell, Inc. All rights reserved.
46. DNS and eDirectory ™
• Service Location Protocol (SLP) uses DNS to resolve
server and directory agent (DA) names
• If SLP isn’t working, workstations will use DNS to locate
their default server and/or tree
• Servers can synchronize time and eDirectory more
quickly if your network has good internal DNS
• Good internal DNS is critical for moving to OES2
46 © Novell, Inc. All rights reserved.
47. Special Internal DNS “A” Records
Useful for Novell Environments ®
• eDirectory Servers ™
– Each eDirectory server needs an “A” record. This
includes any server running eDirectory.
– This is required for proper SLP operation.
• eDirectory Tree
– SLP requires that the eDirectory tree must have
its own “A” record. This should point to the
server hosting the Master Replica of [Root].
47 © Novell, Inc. All rights reserved.
48. Special Internal DNS “A” Records
Needed for Novell® Environments
• GroupWise ®
– Helps GW clients find the POA quickly
(See TID #10063483)
– “ngwnameserver” = Most accessible* POA’s IP address.
– “ngwnameserver2” = Alternate POA’s IP address.
• ZENworks 7 (not needed for ZCM 10)
®
– Imports workstations automatically.
– (See TID #10056752)
– “zenwsimport” = ZFD inventory server’s IP.
*Which I define as the POA able to respond to a client most quickly.
48 © Novell, Inc. All rights reserved.
50. DNS and Active Directory
Keep your Active Directory DNS domain separate from
your “real” domain name
• I suggest using a “fake” TLD for Active Directory
integrated domains, such as yourdomain.corp, .internal,
or .ad (Warning: Don’t use .local)
You must use Active Directory’s built-in DNS on all AD-
participating servers
• There must be “A” records for all AD-participating
servers in an AD integrated domain
• Only AD-connected devices should be in an integrated
domain
50 © Novell, Inc. All rights reserved.
51. Keeping eDirectory /AD DNS Separate ™
For political reasons, some shops maintain separate
systems for normal DNS and AD (integrated) DNS.
If you need to do this:
– Create your MS network’s integrated DNS using Active
Directory. (e.g., “fubar.corp”)
1. Create your network's “real” DNS domain using NetWare or ®
Linux. (e.g., “fubar.com”)
2. Point Microsoft's DNS to your OES 2 DNS server for
resolution of your “real” DNS domain (e.g., “fubar.com”)
51 © Novell, Inc. All rights reserved.
52. Keeping eDirectory /AD DNS Separate ™
OES 2 Servers
hosting “fubar.com”
Internet
DNS queries for anything
except “fubar.corp”
Windows Servers Answer fubar.corp, pass all
hosting “fubar.corp” else upstream to OES DNS
DNS Queries for all domains
Active Directory
workstations
52 © Novell, Inc. All rights reserved.
53. eDirectory /AD DNS Fault Tolerance ™
If you’re one of the shops that maintains separate DNS
using eDirectory and Active Directory, improve your
DNS fault tolerance by pointing the two systems at
each other.
If for any reason your Active Directory domain
controllers go down, workstations (and servers) can
resolve through eDirectory...and vice-versa for non-AD
systems.
This is more easily explained with a diagram...
53 © Novell, Inc. All rights reserved.
54. eDirectory /AD DNS Fault Tolerance ™
Primary: “fubar.com” Secondary: “fubar.com”
Secondary: “fubar.corp” Primary: “fubar.corp” [AD Integrated)
OES2 Regardless of
whether or not
Windows
it’s in AD, any
device in this
configuration
can resolve for
either domain.
Non-AD AD-Based Non-AD AD-Based
Device Device Device Device
54 © Novell, Inc. All rights reserved.
56. Classic Best Practices
for eDirectory DNS ™
• Create a separate eDirectory container … such as
“DNSDHCP”. Place the container high in the tree,
preferably above where your servers are kept
• Install all DNS and DHCP objects and services inside
this new DNSDHCP container
• In large/busy networks, split off the DNSDHCP
container as a separate partition
• Place replicas of the DNSDHCP partition on each DNS
and/or DHCP server, plus whatever is needed for at
least 3 copies
56 © Novell, Inc. All rights reserved.
57. DNS Administration
iManager can be used for DNS/DHCP creation and
management
Be aware! iManager has separate plug-ins for NetWare ®
vs. Linux DHCP
The (Java-based) DNS/DHCP Console will manage
either platform...assuming you’re running the most
current version
Similar to iManager, the DNS/DHCP Console has
separate tabs for NetWare vs. Linux
57 © Novell, Inc. All rights reserved.
59. “My Reverse DNS Doesn’t Work”
When creating an IN-ADDR-ARPA zone in the
DNS/DHCP Console, enter only the network octets
Example: For
192.168.129.0,
leave this blank.
59 © Novell, Inc. All rights reserved.
60. Internal DNS for External Devices
Internal DNS must also contain “A” records for your
external services, or your internal workstations won’t be
able to resolve them
Not adding “www” internally is a common error
60 © Novell, Inc. All rights reserved.
61. DNS for DMZ Devices
Internet
gw.xyzzy.com
243.128.24.1 “Where is
gw.xyzzy.com?”
DMZ
External DNS
Server
“It’s at
243.128.24.1”
Internal DNS
Server
“Where is
gw.xyzzy.com?”
LAN
“It’s at
243.128.24.1”
61 © Novell, Inc. All rights reserved.
62. Internal/External DNS Records
If you have a publicly-available server inside your firewall
using NAT, remember to add an internal “A” record
pointing to the internal IP address
62 © Novell, Inc. All rights reserved.
63. DNS for Internal/Exernal Devices
Firewall
using NAT
243.128.24.1
Internet
10.2.0.43
“Where is
gw.xyzzy.com?”
External
DNS Server
gw.xyzzy.com
10.2.0.43
“It’s at
243.128.24.1”
LAN Internal
DNS Server
“Where is
gw.xyzzy.com?”
“It’s at
10.2.0.43”
63 © Novell, Inc. All rights reserved.
64. DNS/DHCP Resources
http://tinyurl.com/oes2dnsdhcp
Quick link to OES2 DNS/DHCP Documentation (PDF)
http://tinyurl.com/nw-to-oes2-lessons-learned
Great article (not by me) on NetWare/OES2 migration pitfalls
http://www.zytrax.com/books/dns/
“DNS For Rocket Scientists”... my favorite DNS reference text
64 © Novell, Inc. All rights reserved.
65. Got Reference?
If you would like an updated copy of this presentation,
please pass me your business card.
On the back, please write any or all of:
Advanced DNS … for this presentation.
Basic DNS … for the classic presentation, Demystifying DNS
SLP … for the classic presentation, SLP Made Easy
65 © Novell, Inc. All rights reserved.
67. Thank You!
Very special thanks to David Powell, my Senior
Network Engineer at KIS, for his invaluable assistance
in proofing this presentation and gently pointing out all
of the things I forgot to add in the first couple of drafts.
Thanks also to NOBUG - the “Novell Oakland Bay Area
®
User Group” (http://www.nobug.us) - for their invaluable
support and feedback in creating, testing,
and refining this presentation.
Support your local NUI & LUG chapters!
67 © Novell, Inc. All rights reserved.
69. Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc.
Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope
of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified,
translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents
of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any
particular purpose. The development, release, and timing of features or functionality described for Novell products
remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity of such revisions or
changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc.
in the United States and other countries. All third-party trademarks are the property of their respective owners.