• Facebook
  • Twitter
  • Linkedin
  • Instagram
  • FAQs
  • Careers
  • Privacy Policy
  • Remote Support
The ITeam
  • Home
  • Services
    • Managed IT Services
    • Cybersecurity
      • Email Security
      • Security Training
    • On Demand IT Services
    • Cloud Services
      • BCDR
      • Hosted Services
      • Microsoft Azure
      • Office 365
  • Industry
    • Construction
    • Healthcare
    • Oil & Gas
    • Legal Firm
    • Accounting
    • Clients & Achievements
  • Your ITeam
  • Blog
    • News
  • Contact Us
  • Menu
  • Home
  • Services
    • Managed IT Services
    • Cybersecurity
      • Email Security
      • Security Training
    • On Demand IT Services
    • Cloud Services
      • BCDR
      • Hosted Services
      • Microsoft Azure
      • Office 365
  • Industry
    • Construction
    • Healthcare
    • Oil & Gas
    • Legal Firm
    • Accounting
    • Clients & Achievements
  • Your ITeam
  • Blog
    • News
  • Contact Us

Blog

Why Do We Have More Than One DNS Entry?

January 5, 2015/0 Comments/in Managed IT /by James Wagner

Why Do We Have More Than One DNS Entry

Every once in a while, an ISP will have a problem with their DNS server and someone can’t access a website. 

While troubleshooting the problem, we usually get asked: “If the first server doesn’t give the answer I wanted why didn’t it move to the next one in the list?”  

What is DNS?

In the simplest of terms, Domain Name Service (DNS)is the mechanism that translates human-readable names (www.google.ca) into numbers that devices on the internet understand (173.194.33.56). 

If we didn’t have DNS you would have to enter that ugly number in each time you wanted to access the website. 

It’s a lot easier to remember the name.

Why do you have more than one entry? 

Backup. 

The second and possibly third servers on the list are there in case the first can’t be connected to. 

It means that the first server is either dead, not there or missing. 

“Can’t be connected to” is different from “didn’t provide an answer” or “provided the wrong answer”. 

Here’s why.

DNS isn’t a “general consensus” protocol where you ask each server on the list for the same information and then take the “best answer”. 

That would really slow things down and who’s to say the “best answer” was the one you wanted anyway? 

It tries to connect to the first server on the list and, if the connection is successful, it assumes that the answer it gets back is the correct one – even if that information is wrong or empty or nothing returns at all. 

It stops there and doesn’t try the next one on the list. 

It has an answer – whether you like it or not – why would it continue to look? 

However, if that server doesn’t respond (aka dead, not there, missing) your system will try the next DNS server on the list. 

It will keep doing this until it makes a connection or reaches the end of the list. 

End result. 

If the first server is dead and it successfully connects to the second server will it always try the first server for every new request? No. 

Your system will remember which of the servers worked last time and try that one first the next time – right up until you restart – then the process starts over again.

Why would a DNS server allow connections but not give an answer? 

Usually, this is because that server is too busy to respond to your request. 

Bummer for you because you “connected” so the “blank” answer counts.    

Don’t confuse a “blank” answer with the “wrong answer” though. 

There are a number of reasons why a server might provide you with what it thinks is the right information but it’s not what you were looking for. 

The address is in the middle of changing and the server hasn’t updated its copy (cache) with new information being the most common.

Can’t Access a New Subnet Through The VPN?

December 16, 2014/0 Comments/in Managed IT /by James Wagner

Can’t Access a New Subnet Through The VPN

A VPN (Virtual Private Network) is a way to securely connect two locations together across the internet.

In this case, we’ll be discussing a Lan-to-Lan connection between two offices.

Lan-to-Lan Connection

Your office is expanding and you’ve run out of IP’s.

You consult your network architect and decide to create a separate subnet, Virtual LAN (VLAN) or zone for a group of machines (e.g. a new floor or a development group).

You and the network architect get the new zone up and running and test the connectivity to the servers and internet successfully.

All is good.

A while later one of the staff on the new subnet tries to access a device at a remote office (say a printer) but it fails.

You check from the server and everything works fine.

When you try and ping the device from the machine it doesn’t respond.

You traceroute it and see that it goes out to the internet instead of through the tunnel.

Why?

The routes are all correct.

You can ping the firewall so you know it’s getting to the right location.

Why won’t it go to the remote branch?

Answer: You forgot to change the VPN tunnel to allow the new subnet to pass to the remote location!

Did you remember to add the new network to the tunnel?

Why do you need to do that?

The VPN tunnel works by matching both the source IP and destination IP to see if it needs to encrypt the traffic.

This match is done against an access control list (ACL).

If the VPN can’t match both sides it ignores the connection and lets the firewall handle it on its own.

Just having a route from the new subnet to the firewall is not enough.

How do I fix it?

In this case, you have “old subnet” connecting to “remote subnet” and you’ll need to add “new subnet” connecting to “remote subnet” to the existing tunnel ACL.

Remember to do this on both sides or it won’t work (you have to allow the traffic on the remote side to come back!).

The resultant ACL will contain instructions for “old subnet” connecting to “remote subnet” and “new subnet” connecting to “remote subnet” (reverse on the remote end).

The user can now happily access the remote device because their IP matches the local end and the destination matches the remote side – the traffic is encrypted and the device is reachable.

How do I modify my VPN tunnel to add the new subnet?

There are so many versions of firewalls that I couldn’t possibly go through them all here.

We would recommend contacting your support vendor for assistance.

Page 22 of 22«‹202122

Categories

  • Asset Management
  • Azure
  • BDR
  • Business Continuity
  • Cloud Hosting
  • Cloud Security
  • Compliance
  • Cybersecurity
  • Dental IT
  • Disaster Recovery
  • Email Security
  • Energy IT
  • IoT Security
  • Legal IT
  • Managed IT
  • Mobile Device Management
  • Multifactor Authentication
  • Network Assessment
  • News
  • Office 365
  • Security Alert
  • Small Business IT
  • VCIO

Pages

  • Accounting Firms & Accountants
  • Aruba Networks
  • Blog
  • Business Assesment
  • Careers
  • Clients & Achievements
    • Kemp Orthodontics
    • The Power of Partnership – Wood Group
  • Cloud Services
    • Business Continuity & Disaster Recovery (BCDR)
  • Construction
  • Contact
  • Cybersecurity
  • Email Security
  • Healthcare Clients
  • Hosted Services
  • How to Get the Most from a Managed IT Services Provider
  • IT Development for the Canadian Business
  • IT Services Calgary
  • IT Services FAQ
  • Legal Firm
  • Managed IT Services
  • Managed IT Services in Calgary
  • Microsoft Azure
  • News
  • Office 365
  • Oil & Gas
  • On Demand IT Services
  • Privacy Policy
  • Security Training
  • support
  • Terms Of Service
  • Thank You
  • When is Your Business Ready for Managed IT Services
  • Why setting up a business in Calgary Is a Good Idea
  • Your ITeam

Archives

  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014

CONTACT US

Sales: (403) 750-2540
General Inquiry: (403) 237-7750
Service & Support: (403) 750-2525

Sales Email: sales@theiteam.ca
General Email: info@theiteam.ca
Service & Support: support@theiteam.ca

FIND US

The ITeam IT Support Calgary
Suite 200, 1210 8 Street SW
Calgary, AB T2R 1L3
(403) 750-2540

Office Hours:
Monday to Friday: 8AM to 5PM
(Mountain Standard Time)

OUR SERVICES

  • Managed IT Services
  • On Demand IT Services
  • Hosted Services
  • Clients & Achievements
LinkedIn | FB | Twitter | Instagram
Privacy Policy
Copyright © 2019 The iTeam.ca | All Rights Reserved - Enfold WordPress Theme by Kriesi
  • Facebook
  • Twitter
  • Linkedin
  • Instagram
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK