Answer the question
In order to leave comments, you need to log in
Setting up DNS ,DHCP, Proxy in a closed network?
Hello. Experienced colleagues, tell me if it’s not difficult to solve my problem, if there is one at all))
Recently, the provider has rattled the infrastructure for us.
3 switches, 20 access points. On one of the switches, a port is selected for the lan. From him I dance.
The system is like this. One physical channel, two networks work (as I understand it, sorry for the noobness).
First network. Open.
The client connects via wi-fi or a wire to the switch, which in turn is connected to a dedicated LAN port.
Here the addresses are as follows:
10.40.xx.xx
255.255.254.0
After receiving the address from dhcp, which is somewhere in the provider’s closet and to which I don’t have access, the client is redirected to the ESIA authorization page, enters data and gets access to the civilized world ... that is, the Internet, without any restrictions in kind of filtering.
Second network. Closed.
Set to static.
The addresses will be the following
10.72.хх.хх
255.255.255.0
The root certificate and proxy server are also used for filtering.
There is no authorization here.
The task is next. There is a domain controller. It is necessary to drive + -40 clients into it and set up a closed network with filtering, block all settings through gpo that not a single pad * a hand could give freedom.
The domain is naturally static.
10.72.xx.7
255.255.255.0
xx.1
dns 10.72.177.7
Filtering works. In order to simplify my work, I came up with dhcp to the domain and add dns, highlighted the addresses, everything seems to be good.
The client received the address. But there is no access to the Internet, the mail does not respond. It's like it's not included in the lan at all. From here I ask you to suggest answers to a couple of questions.
1) What is a baboon and how to set up an Internet for clients.
2) On a server, where all the evil is concentrated in the form of ad, dns, dhcp, in dhcp itself, you can specify that it also assigns a proxy address when renting?
3) Maybe you need to configure in DNS? What redirect. And by the way, in order to drive a computer into a domain, you need to specify the domain's DNS for it, and after it has joined the party in the form of a domain, can the address be removed from the settings? Or will he lose it at the next authorization and not log in?))) Here I am a lamer))
Answer the question
In order to leave comments, you need to log in
If everything is so secure and cool there, then most likely there is no NAT stupidly and there is a proxy current.
respectively, there is no ping or dns
in order to give proxies to clients there are the following
GPO options through active directory
WPAD through dhcp options
WPAD through dns name
But in general, the proxy is of course the last century. buy yourself DPI norms and use NAT
And so, lead from the fields. Morning evenings speak wiser. Or the synergy of the forum helped, but I decided to look with a half-asleep look at the set.settings of the domain, and noticed such small numbers in the form of 8.8.8.8, remove them to hell and voila, the Internet disappeared on the domain.
Useful to smoke man from the provider. I noticed that in order to configure the dns network, the fields in the settings do not need to be filled in at all. You specify the address, a mask, the gateway and all. OK. Only nichrome does not work without them. But it worked before, I know for sure.
I found a dns provider in the mana, pinged, received an answer, registered, the Internet appeared.
I registered it as an alternative dns on the CD, everything seemed to work.
The client previously removed from the domain, registered the address with static + dns provider, lo and behold, it works! To celebrate, he added it to the domain, threw off the network settings so that he would receive the address from dhsp, dns left static:
1. AD
address 2. provider 's address
all pi $ yes the wheel just disappeared again on the client. What kind of poltergeist is that.
Apparently the problem is here:
There is an error in the DNS logs:
The DNS server is waiting for a signal from Active Directory Domain Services (AD DS) that the initial directory synchronization has completed. The DNS Server service cannot be started before initial synchronization is complete because critical DNS data may not yet be replicated to this domain controller. If the AD DS event log shows that there are problems resolving DNS names to addresses, consider adding the IP address of another DNS server for this domain to the list of DNS servers in the computer's IP protocol properties. This event will be logged every two minutes until AD DS reports that the initial sync was successful.
Can anyone suggest what? Or I drive it because there is no second domain and there is no replication between them? I read it on technet.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question