DNS

DNS CASA Repair Script

A common reason for  Novell DNS to fail to update records or even fail to load is do to CASA credentials for the DNS proxy user.

When troubleshooting Novell DNS issues start with the /var/opt/novell/log/named/named.run log.
If novell-named fails to start or update records and CASA Error has occured, error:No credential is retrived from CASA is seen in the log, it is almost a guarantee the reason is the dns-ldap key is missing, the password is incorrect for the proxy user, or the user name is incorrect.
Below is a sample of a named.run log demonstrating what is seen when CASA credentials in invalid or missing.
Look for the starting of named and the CASA Error

19-Nov-2013 15:30:13.489 general: main: notice: starting BIND 9.3.2 -u named
19-Nov-2013 15:30:13.490 general: server: info: found 4 CPUs, using 4 worker threads
19-Nov-2013 15:30:13.500 general: dns/message: error: Credential Not found
19-Nov-2013… Continue reading

DSfW and eDirectory Health Check

It is a good idea to periodically check the health of DSfW and eDirectory servers.

This video concentrates on a script I wrote that can be ran on both eDirectory and DSfW servers.

The script demonstrated in this video is called dsfw_edir_healthchk.sh.  To get the latest version of the script click on the DSfW Health Check link in the download section on DSfWDude.com.

A great TID to start off with for a eDirectory health check is TID 3564075.
On a DSfW server start off with an eDirectory health check as well as TID 7001884 which has DSfW specific commands to check the health and overall operation of a DSfW server.

The script does most of the suggestions in both TIDs mentioned above plus a few more checks.

For eDirectory there are 8 checks the script does and… Continue reading

Diagnostic tool for DNS Records

The DSfW team has a great tool called check-dns.pl to help diagnose DNS issue with DSfW.

The tool validates essential records for forward and reverse lookups.  This tool can be found at Novell Coolsolutions.

The tool might incorrectly report PDC and DC records if there is more than one Domain Controller.  The Coolsolutions article will be updated with a new check-dns.pl to address this issue.

Until the Coolsolutions article is updated you can download it from dsfwdude.com.

Download

Open Enterprise Server 11 SP1 is released

Open Enterprise Server 11 SP1 has been released today

LearnEventually, hopefully in the next update or two to more about OES11SP1 here

The download links for OES11 SP1 are:

Download link: http://download.novell.com/SummaryFree.jsp?buildid=rmqoq2iehSQ~
Documentation: http://www.novell.com/documentation/oes11/

As far as Domain Services for Windows goes, the install will now allow you to choose between a simplified install or the standard.  The simplified install of DSfW reduces the number of screen, removing many of the screens that most people click next on with out any changes too.  The install is also more intuitive.  If follows along with the type of DSfW install you are doing instead of starting with the eDirectory configuration.

OES11SP1 has also improved gposync.  This should help reduce issues with gopsync not working correctly or properly syncing gpos out to the ADC DSfW servers.

OES11SP1 migrations for DSfW servers are now supported.  The supported migrations are:… Continue reading

How to find all DNS Locator objects

When installing DSfW into an environment were Novell DNS is already in use, be sure to use the existing DNS Locator object.  It will simplify management for the all the zones and DNS servers.  The locator object is used by the DNS/DHCP Console to return all zones and DNS servers the locator object knows about.  If there are multiple locator objects then the first locator object discovered by the DNS/DHCP Console will be used.  What will happen is only zones and DNS servers the DNS Loctor object knows about will be displayed and managed in the DNS/DHCP Console.  This makes managing DNS difficult.  Before installing doe a quick search for existing locator objects.

Do the following search to discover existing locator objects

ldapsearch -x -b “” -s sub objectClass=dNIPlocator

How to merge DNS zones

The creation of the DSfW domain will create a DNS zone for the domain along with the reverse zone.  If there is already a zone with the same name then merging the zones is necessary.

This video shows how to use the DNS/DHCP Console to export, merge, and import zones.

How to create DNS forwarders

In order to create a cross forest trust both the DSfW server and the AD server need to resolve each others domains.  The video will show you how to create a forward and reverse forwarder for only the AD zone (domain) to the AD server and how to put a forwarder on the AD server to the DSfW DNS server.

 

Novell DNS Tools – iManager and DNS/DHCP Console

The Novell DNS DHCP Console is what most prefer to use to  manager Novell DNS. It allows for easy viewing, modification, and creation of zones, records, and DNS servers.

 

If there are more than one dns locator objects in the tree use the -C switch after the executable to specify which locator object to use.

-C OESSystemobjects.novell

If updates made in the DNS/DHCP tool are not fast enough for you, loo at the novell_dyn_reconfigure setting on the DNS server object or restart novell-named.

At 6:51 on the video this setting is displayed.  15 minutes is recommend .  If the reconfigure is set to 5 minutes in a large environment, the reconfigure might not finish updating cache before the the process is started again.

 

iManager is the second tool available to use to manage DNS and DHCP.  The second video will… Continue reading

Categories