Hi, does anyone know if Messagelabs supports and has settings for the use of DNSSEC (and DANE)?
our inbound email is routed through Messagelabs and is required to have DNSSEC, but currently it isn’t.
Check and modify if relevant ,XMS configured DNS server(s) IP-addr
Example of XMS DNS server(s) configured IP_Addr:
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: 10.64.224.2
Example of reconfiguring the XMS DNS server(s) IP_Addr
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: 10.64.224.2
xmcli (tech)> modify-dns-servers secondary=””
xmcli (tech)> show-dns-servers
Primary: 10.64.224.1
Secondary: None
Note: You need to have a primary DNS server configured before adding or removing secondary DNS server
xmcli (admin)> show-dns-servers
Primary: none
Secondary: none
xmcli (tech)> modify-dns-servers secondary=”10.64.224.1″
The new secondary DNS server will be: “10.64.224.1”
Are you sure? (Yes/NO):yes
***XMX Completion Code: must_first_specify_primary_dns
Hi out there,
IHAC who tries to configure the delegations for smartconnet in a bind9 env.
I have sent the config steps from the artikel 000468688 to the customer. These seems really old. The customer is worried about the lines:
forwarders{}
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
is this really necessary? The customer refused disabeling dnssec!
do we have a more actual version of the steps, nessesary for using bind9 with smartconnect on Onefs 8.1.
any hints welcome
regards Uwe
Event ID 6536 — DNS Server Zone Transfer
Updated: November 13, 2007
Applies To: Windows Server 2008
Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone’s primary master server or another secondary server. This process is known as zone transfer.
Event Details
| Product: | Windows Operating System |
| ID: | 6536 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.0 |
| Symbolic Name: | DNS_EVENT_IXFR_BAD_RESPONSE |
| Message: | Invalid IXFR (Incremental Zone Transfer) response from master DNS server at %2 during attempted incremental transfer of zone %1. Check the DNS server at %2, and verify its is running as a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation. |
Resolve
Confirm the service version
Check the source DNS server and confirm that it is running the DNS Server service on at least Windows 2000 Server or another DNS server implementation that is compatible with incremental zone transfer (IXFR).
Verify
Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone.
To view the serial number for a zone:
Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers.
Related Management Information
Event ID 6535 — DNS Server Zone Transfer
Updated: November 13, 2007
Applies To: Windows Server 2008
Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone’s primary master server or another secondary server. This process is known as zone transfer.
Event Details
| Product: | Windows Operating System |
| ID: | 6535 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.0 |
| Symbolic Name: | DNS_EVENT_IXFR_UNSUPPORTED |
| Message: | The master DNS server at %2 responded to IXFR (Incremental Zone Transfer) request for zone %1 with an invalid (FORMAT ERROR) response. DNS server performance and network bandwidth will both be improved by upgrading the DNS server at %2 to a run as either a Windows 2000 or later Microsoft DNS server or another IXFR-compatible DNS server implementation. |
Resolve
Confirm the service version
Check the source DNS server and confirm that it is running the DNS Server service on at least Windows 2000 Server or another DNS server implementation that is compatible with incremental zone transfer (IXFR).
Verify
Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone.
To view the serial number for a zone:
Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers.
Related Management Information
Event ID 6523 — DNS Server Zone Transfer
Updated: November 13, 2007
Applies To: Windows Server 2008
Domain Name System (DNS) enhances fault tolerance and load balancing by providing for server redundancy. For any given zone, a DNS server can act as a primary master server, which is the authority for a zone, or as a secondary server, which obtains its zone data from the zone’s primary master server or another secondary server. This process is known as zone transfer.
Event Details
| Product: | Windows Operating System |
| ID: | 6523 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.0 |
| Symbolic Name: | DNS_EVENT_XFR_MASTER_UNAVAILABLE |
| Message: | Zone %1 failed zone refresh check. Unable to connect to master DNS server at %2 to receive zone transfer. Check that the zone contains correct IP address for the master server or if network failure has occurred. For more information, see “To update the master server for a secondary zone” in the online Help. If available, you can specify more than one master server in the list for this zone. |
Resolve
Check the master DNS server
If a zone transfer for a secondary zone on the local DNS server is failing, check that the zone is configured to use the correct master server.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To check the master server for a secondary zone:
If the configuration of the zone at the master DNS server appears to be correct, ensure that the master DNS server is functioning properly and that it can be accessed by the secondary DNS server.
Verify
Verify that all DNS servers that are authoritative for a zone have the same serial number for the zone.
To view the serial number for a zone:
Note: If dynamic updates are enabled for the zone, or if an administrator changes the zone between the time that you check the master and secondary servers, the serial number on the master server can be slightly higher than the number on secondary servers.
Related Management Information
Event ID 5500 — DNS Server Message Processing
Updated: November 25, 2009
Applies To: Windows Server 2008 R2
These events represent problems processing data received by the DNS server that may or may not have a negative effect on server functionality.
Event Details
| Product: | Windows Operating System |
| ID: | 5500 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.1 |
| Symbolic Name: | DNS_EVENT_BAD_QUERY |
| Message: | The DNS server received an invalid DNS query from %1. The query was rejected or ignored. The event data contains the DNS packet. |
Resolve
This is a normal condition. No further action is required.
Related Management Information
Event ID 5107 — DNS Server Configuration
Updated: November 13, 2007
Applies To: Windows Server 2008
The DNS server configuration consists of the settings that determine how the DNS server will function on a network and how those settings are stored and retrieved when they are needed.
Event Details
| Product: | Windows Operating System |
| ID: | 5107 |
| Source: | Microsoft-Windows-DNS-Server-Service |
| Version: | 6.0 |
| Symbolic Name: | DNS_EVENT_CNAME_LOOP |
| Message: | The DNS server created CNAME (alias) loop caching CNAME resource records (RRs). The record is ignored, since CNAME loops are not allowed. |
Resolve
Correct the configuration file
To correct the configuration file, use a text editor (such as Notepad) to open the indicated file, which is located in %SystemRoot%\System32\Dns. Correct the line that is specified in the warning or error event message, and then restart the DNS server.
Before you change the configuration file, make a copy of the file in case it is necessary to revert to the previous version of the file.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To restart the DNS server:
Note: This problem might have been caused by errors that were introduced to the configuration file during previous attempts to edit the configuration file manually. To avoid similar problems in the future, use Server Manager or the dnscmd command to modify the configuration file.
Verify
To verify that the Domain Name System (DNS) configuration is correct, verify that all configuration settings are correct, check the event log for events that indicate continuing problems, and then verify that DNS client computers are able to resolve names properly.
To verify DNS configuration settings:
To verify that DNS client computers can resolve names properly:
If the client can resolve the name, the ping command responds with the following message:
Pinging
hostname [ip_address]
Note: The name resolution is successful even if the ping command reports that the destination is unreachable.
If the client cannot resolve the name, the ping command responds with the following message:
Ping request could not find host
hostname
Related Management Information