Over the last few years, I've learned a lot from this forum. Today, I feel like I can give a little back!
Recently, we built a new dmz primarily for performance reasons with our new SA6000 Active/Passive cluster. During this upgrade, we also redesigned our network config and that needed internal and external DNS changes. This is where things got a bit strange.
Being attached to a major university, we're exposed to IPv6 even though we aren't using it internally yet. After building our new cluster and reassigning external DNS to the cluster VIP, we still had some DNS problems. People were still logging in on our passive appliance. Our external DNS provder told us they only publish DNS A records. We don't have the ability with our provider to publish or specify AAAA records. Turns out that our DNS provider was publishing A records, translating them to AAAA records and then publishing everything. Typically, this would work, considering they remove the AAAA record when we remove an A record. That did not happen.
To complicate things, our standard workstation image is non-IPv6 enabled Windows XP. So, our network team did the DNS lookup from our DNS publisher and the outside DNS name was resolving to the correct address. But, when I pointed my new Windows 7 RC to the DNS, behold... 3 records appear. The correct record for A, AAAA and the old, incorrect record for AAAA. Once we contacted them, they removed the old AAAA record and things went back to normal with all users going to the VIP address.
Our network team should have caught this, but they are inundated with tons of other things. My point was to pay attention if you are an IPv4 shop. Make sure your provider isn't publishing AAAA records for you without your knowledge and if they are, make sure they are correct!
Message Edited by bcampbell3 on 05-12-2009 07:05 AM
Ben Campbell Production: Clustered A/P SA 6000 - 6.5R2 Development: SA 2000 - 6.5R2