Tag Archives: The DNS server

Event ID 407, 408 – when NAT is used as a DNS server

QUESTION NO: 211

You are the administrator of TestKing’s network, which consists of a single Windows 2000 Domain. The

relevant portion of its configuration is shown in the exhibit.

You configure a Windows 2000 Server computer named NAT1 as the DNS server for the domain. You

install Routing and Remote Access on NAT1. You configure NAT1 to provide network address

translation services for client computers to access the Internet.

Users now report that they cannot log on to the domain or access network resources. On investigation,

you discover that you cannot query NAT1 for name resolution. In the application event log on NAT1, you

find the following event messages:

Event ID: 407

Source: DNS

Description: DNS server could not bind a datagram (UDP) socket to

192.168.0.1. The data is the error.

Event ID: 408

Source: DNS

Description: DNS server could not open socket for address 192.168.0.1.

Verify that this is a valid IP address on this machine.

How should you correct this problem?

A. Disable the DNS proxy functionality on NAT1

B. Enable the DNS proxy functionality on NAT1

C. Reconfigure the DNS server service not to listen on the internal address of NAT1.

D. Reconfigure the DNS server service not to listen on the external address of NAT1.

Answer: C

Explanation: This problem can occur when you have a NAT server that also is used as a DNS server. NAT has

a DNS Proxy setting that enables DHCP clients to direct DNS queries to the NAT server. The client DNS

queries are then forwarded to the NAT server’s configured DNS server. The DNS Proxy and the DNS Server

service cannot coexist on the same host, if the host is using the same interface and IP address with the default

settings.

There are three methods to overcome this problem:

1. Reconfigure the DNS server service not to listen on the internal address. This is the solution in this scenario.

2. Install NAT and DNS on different servers. We cannot change this configuration here since this option is not

listed.

3. Use the DHCP server Service in NAT, NOT the DHCP Allocator and DNS Proxy.

Reference: JSI Tip 3284, Your DNS Event Log reports Event Ids 407 and 408

Incorrect Answers:

A: We could disable both the DNS proxy functionality and the DHCP allocator.

B: The DNS proxy function on the NAT server is partly to blame. Enabling it will not help.

D: We must configure the DNS server not to listen to the internal address, not the external address.

DNS server reported an error and shut down IPv6 and directory permissions

1、ipv6
[root@dns02 ~]# tail -f /var/log/messages Apr 19 10:17:27 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:503:ba3e::2:30#53

Apr 19 10:17:27 localhost named[5470]: validating @0x7fc4bc0008c0: . NS: no valid signature found

Apr 19 10:17:27 localhost named[5470]: error (no valid RRSIG) resolving ‘. /NS/IN’: 192.58.128.30#53

Apr 19 10:17:27 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:7fd::1#53

Apr 19 10:17:27 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:500:1::53#53

Apr 19 10:17:29 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:7fe::53#53

Apr 19 10:17:29 localhost named[5470]: validating @0x7fc5240008c0: . NS: no valid signature found

Apr 19 10:17:29 localhost named[5470]: error (no valid RRSIG) resolving ‘. /NS/IN’: 192.33.4.12#53

Apr 19 10:17:31 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:500:12::d0d#53

Apr 19 10:17:31 localhost named[5470]: error (network unreachable) resolving ‘. /NS/IN’: 2001:500:a8::e#53

Add
[root@dns02 slaves]# cat /etc/sysconfig/named
OPTIONS=”-4″

2. Authority
Apr 19 10:40:01 localhost named[21023]: dynamic/managed-keys.bind. jnl: open: permission denied
Apr 19 10:40:01 localhost named[21023]: managed-keys-zone ./IN: keyfetch_done:dns_journal_open -> unexpected error
Apr 19 10:40:02 localhost named[20752]: managed-keys-zone ./IN: No DNSKEY RRSIGs found for ‘. ‘: success
[root@dnsmaster named]# chown -R root:named dynamic/

Xcode 5 solves the operation could’t be completed

Company SVN is in the LAN, the general use of SVN.*** com.cn to login, IP for 192.168.80.8
MAC prompt software to update the update, after the restart OF SVN can not be used, the Internet is normal. I have confirmed that the DNS configured by the computer is our company’s DNS server.
So I use the terminal to do something:
1. Ping SVN. * * *. Com. Cn
2. Ping 192.168.80.8
The result analysis: should be DNS has a problem

Enter the local DNS refresh command in the terminal:

sudo dscacheutil -flushcache

It still doesn’t work, and of course it doesn’t even restart the computer in the middle. It might be the DNS server.

Then I decided to use 192.168.80.8 to re-checkout the code and flip the changes over to commit.

It is ok to enter SVN address through the browser, but it is not ok to use Xcode 5. It prompts a bunch of certificate problems, but it is still not ok to allow all of them.

So from the Internet down the question -1012 input command:

      
SVN ls tips at https://192.168.80.8/svn/hhhh/

(R)eject, accept (t)emporarily or accept (p)ermanently?p
Authentication realm: < ‘https://192.168.80.8.xx’ & gt; VisualSVN Server

The Password for
‘y
onghuming
: (User name found to be incorrect)

Select P as prompted

Enter your account password.