tLDN, 127.0.53.53 and Edge servers

It’s hard to believe in coincidences in IT, but they do sometimes happens.  Last night a client made a firewall change over to newer, bigger hardware, but due to some glitch this morning they had to switch back.  BUT, they can no longer Federate to their sister companies.  Fun scenario, they’re companyA.ca, but they federate with companyA.com and companyA.de, and so on.  To make matters more interesting, they have stub zones on the internal DNS.  No biggie, using public DNS for name resolution anyway.

Suddenly name lookups started resolving everything to 127.0.53.53, which according to ICANN is the code word for name conflict.  It would seem that they brought online some new Top Level Domain Names last night, including .ADS.  Guess what the company is using for their internal domain name space… eyuup, companyA.ads.

You’re thinking, “Ok smart guy, why do I care?”.  Well, my experience and training goes back to OCS (some LCS) and I was mentored by a guru at Microsoft, thank you CG.  I was taught to not ever join the Edge to the domain, and you modify the Primary DNS Suffix of the Edge.  Now, I was taught to use the Internal DNS Namespace, you know the same as the FE’s and all that good stuff.  My good buddy, ML had the foresight when seeing all these new tLDN’s coming, to start using the same namespace as the company SIP domain.  Gee, wish I had.

For some very strange reason, on the Windows 2012 R2 Edge deployed server, all NSLOOKUP’s were appended with companyA.ads, resulting in a failed resolution of 127.0.53.53 for CompanyB.com.companyA.ads.  No suffixes on the NIC’s, in case anyone is wondering.

Resolution Time:  Easy, rename the edge server…  In my training, I always deploy an Edge Pool, even with a single edge being deployed, luckily I did that.  I was able to:

  1. add a “New” edge server with the valid tLDN, same IP addresses and everything.  Publish.
  2. Removed “Old” edge server. Publish. (changes replicate up to edge).
  3. On the Edge, run the Deployment Wizard.  Edge services are removed as a result.
  4. Update Primary DNS Suffix.  Reboot.
  5. Retest NSLOOKUP, yea Success.
  6. run Export-CsConfiguration, copy files up to Edge.
  7. Run the Deployment Wizard again, need to rerun Step 1: Install Local Configuration Store, using the new configuration file.
  8. Run Step 2 and reinstall the Server components.
  9. Double check the Certificate assignments.
  10. Start-CsWindowServices or Reboot.
  11. Bob’s your Uncle.

Practice going forward, using the SIP domain name space for the Edge Server name/suffix.

FYI, .CORP is coming down the pipe, and I believe .DEV is already available.

Leave a Reply

Your email address will not be published. Required fields are marked *