FIXED - %STACKMGR-5-MAJOR_VERSION_MISMATCH: Major Version Mismatch (Local 1 - Received 7 with neighbor-0 Networking |
- FIXED - %STACKMGR-5-MAJOR_VERSION_MISMATCH: Major Version Mismatch (Local 1 - Received 7 with neighbor-0
- Trying to decide on a NAC solution. FortiNAC and Aruba Clearpass are the front runners
- Windows DHCP/DNS + Multiple VLANs
- Inter-VLAN routing across IPSec VPN
- Pynetbox existing scripts ressources ?
- OSPF Problem
- Cisco IOS-XE built in packet capture
- Help understanding MLAG on Extreme Summit X460-10G
- [Oxidized] Specific credentials on switches when the source is LibreNMS
- Cisco TrustSec
- Proper way of swapping carriers.
- Needing some advice on a network redesign with budget limitations
- Looking for a terminal session manager that also shows icmp ping device status
- Unifi Switch (48 port) Not adopting
- Site-To-Site Tunnel to Azure
- Cisco Asr queue limit TR linecard
- Help with upgrading network for redundancy. Proxmox/Pfsense/Edgeswitch
- Unifi USG Pro 4 - L2TP Client VPN Issue
- Feedback on Frontier Communications SIP Trunk and DIA products
- Cisco Expressway dual NIC setup Jabber
- Use Duplex fiber cable in Simplex installation
- Propagating session information between two firewalls to control access
- SCCM LINK FAILED ISSUE - NETWORK ISSUE?
- Budget router question for coffee shop
- DNS reverse zone management after ISP change
| Posted: 30 Jun 2020 10:34 AM PDT I am posting this here to maybe, possibly, help someone stay within their scheduled change window. I think a TAC case should be opened for it, but for an immediate fix, read below. I went to install an addition to my 2960x stack and did the normal stack things (power it on, upgrade code to the same revision as current stack, verify not DoA, etc). I then went to connect it up and got flooded messages on both, the current switch and the new switch, stating that there was a major version mismatch. Of course my first thought was I goofed when upgrading the IOS image on it. After I verified the IOS versions matched, I hit the googles with the error and what I was seeing. Most of the results mentioned the IOS image (that I verified) and I found a couple cisco support forum posts and the end recommendation was "RMA". Regardless, I opened a TAC case. The solution (that I can't find anywhere) was to boot into rommon and override the the SM_MAJOR_VERSION setting. So, here are the steps for doing so. As always, I am not responsible for any badness that happens. On both switches to be stacked together, run the command "show platform stack manager all"somewhere down the list you will see: Note the Version(maj.min) If both switches don't match, you will have a bad day stacking them. To fix this boot into rommon on the switch (likely the one on the higher version, since I had never seen anything other than 1.59 until this incident).
Once booted run "show platform stack manager all" If the versions are the same now, plug them together and continue on with life. If they are NOT the same, boot back into rommon and follow these steps:
Once booted, verify with the "show platform stack manager all" I hope this saves someone a little bit of time. I have never seen this before in the more than 200 Cisco 2960X switches I have deployed. I doubt it happens all that often. At least now there is a solution here on reddit that can be a starting point. ETA: I want to point out that the version running on my switches is 1.59 (not 1.56 like I used above), however it went to 1.59 on its own (guessing based on the IOS version I am using) after I booted. TAC said use 1.56, so I relayed it and it is what I used and worked. [link] [comments]  |
| Trying to decide on a NAC solution. FortiNAC and Aruba Clearpass are the front runners Posted: 30 Jun 2020 10:26 AM PDT TL;DR - We need a NAC but also planning major infrastructure upgrades that may or may not play a big role in NAC decision. We're looking into a new NAC solution for our company (between 500~750 users, unsure of total devices on the network). We have a main HQ and about 25 branch locations, Checkpoint firewalls and every brand of switch out there so obviously looking for something OS and hardware agnostic. We've seen the in-person demo of Clearpass (it did what they said it would) and we have another big company in town using it as well (who I've spoken with about it) after leaving Cisco's ISE on the curb. I've talked with their IT leadership and they share the same situation we're in of, during their implementation, having legacy hardware (they were essentially 100% Cisco - hence them trying ISE first) and an existing robust internal firewall traffic routing policy already established but looking to dip our toes into NAC just by starting with port security and working our way slowly inwards to more granular control. Our CISSO is looking to move away from checkpoint eventually and both he and I have used fortigate FW's in the past and like them and he asked me to see what I thought of FortiNAC as a competitor to the Aruba offering. The main reason we are still considering Aruba is because we are interested in their SD Branch solution and would potentially be decommissioning all of our legacy switches and routers in our branches in favor of the Aruba switches and SD Branch gateway devices and possibly WAP's as well. If we went that route, one would think that Clearpass would be a no-brainer but any info to the contrary would be appreciated. Our Aruba rep gave us a couple WAP's and a switch to test with with but we only were able to confirm that they performed their basic jobs and were not engaged with pushing policies or anything like that. Single pane of glass oversight of all our branches hardware is our ideal vision here and other than Meraki gear, the Aruba stuff is all we know of offering something like that at an enterprise level and assuming clearpass integrates tightly and easily with the Aruba hardware, it SEEMS like our best option but right now, I'm trying to collect as many opinions and evidence whether or not that's the case or if FortiNAC, Forescout or something else may be a better choice. Some other considerations:
So yeah. Any info, thoughts, experiences with various NAC solutions would be welcomed. [link] [comments]  |
| Windows DHCP/DNS + Multiple VLANs Posted: 30 Jun 2020 05:17 AM PDT Hello, I wanted to separate our VoIP traffic in our office but I'm having a hard time understand the whole concept. I run a Windows 2016 DHCP server with a single scope ATM (10.10.1.0/24). I have a Cisco RV082 router set as DHCP relay to the Windows DHCP server. I have a UniFI 16-Port switch as my main switch. Other switches including the VoIP PBX is connected from here. I want to create a separate VLAN for the VoIP. Been reading the net and found some articles that I should create a new scope on my Windows DHCP server. So I created a new scope, 10.10.4.0/24. And I'm lost.. what should I do next? Do I have to do something on the router? Thanks. [link] [comments]  |
| Inter-VLAN routing across IPSec VPN Posted: 30 Jun 2020 06:38 AM PDT Hello everyone, So I have the following scenario in office 1: 1 VPN for employees 1 VPN for servers Inter-VLAN routing is allowed between those two VLANS so employees can authenticate using AD in the DC and use the DC's DNS server. Now in office 2 I have an employee VLAN, and I'd like the employees there to be able to reach the servers VLAN in office 1 so they use the AD and DNS server in office 1 as if they were there. How could I do that? I thought of making an IPSec VPN from office 2 to office 1 setting the servers VLAN subnet as the remote subnet in the tunnel configuration, and then a tunnel from office 1 to office 2 setting the remote subnet as the one for employees in the configuration. Employees VLAN in office 2 should be able to speak with servers vlan in office 1, and servers vlan in office 1 should be able to speak to employees vlan in office 2. Is that correct? Thank you [link] [comments]  |
| Pynetbox existing scripts ressources ? Posted: 30 Jun 2020 11:39 AM PDT Hi, New to netbox and finding myself a little bit too lazy (do not blame me), so I tried to look around for pynetbox scripts that people would have shared, but could not find useful ressources. I found the netbox_agent but it crashes on my VM. I found the netbox_scanner which does not really scan (trying to get nmap to end one day in my infrastructure) Does anyone have good gist or useful suite generic scripts available which could help the discovery, initializing netbox site, etc? Thanks [link] [comments]  |
| Posted: 30 Jun 2020 09:44 AM PDT So we have a Cisco 9300-24P that is not behaving as we would expect it to. There is OSPF on 3 VRFs, and two of them send all the routs through to the DEFAULT VRF. The problem, is that DEFAUNT VRF doesn't show the routes in show ip route ospf. It appears to be in the DB as a type 7, but is not in use. I am not the best when it comes to OSPF and I have tried looking at a few things but I can't seem to figure out why is isn't showing up. It sees the neighbor properly and says it is synced. I'm not sure where to go from here and I am hoping you can help. [link] [comments]  |
| Cisco IOS-XE built in packet capture Posted: 30 Jun 2020 12:07 PM PDT Question: Does the built in packet capture in IOS-XE 03.06.08.E on a C3850 capture packets before or after an ACL would filter them on an ingress port? Situation: I'm trying to troubleshoot an issue where certain devices are failing to reach the internet. The traffic enters our network from a VPLS hits a route map which routes it to a Cisco 3850 which has an insanely messy PBR config, which should then pass to our firewall. I've ran packet captures on the tunnel interface of the router and verified that traffic from the VPLS (10.0.0.1/24) is reaching this end of the tunnel. I've also verified that the desired traffic is egressing the correct physical interface of the router. On the 3850 I have a packet capture created with I start the packet capture on the 3850 and the router, then run The packet capture from the egress interface of the router shows all traffic to and from 10.0.0.0/24, including my pings to 1.1.1.1 as well as DNS and other Windows stuff to the LAN subnet (10.162.0.0/16). The packet capture from the ingress interface of the 3850 shows the traffic from 10.0.0.1 to 10.162.0.0/16, but no traffic destined to 1.1.1.1 or any other non-RFC1918 address. Does the built in packet capture in IOS-XE capture packets before or after they would be filtered by an ACL? Gig1/0/5 is a routed port. No ACL appears to have been applied directly to the port. Hardware is a Cisco WS-C3850-24T running IOS-XE 03.06.08.E [link] [comments]  |
| Help understanding MLAG on Extreme Summit X460-10G Posted: 30 Jun 2020 08:51 AM PDT Hey /Networking! First thing's first, I hope everyone is doing well and staying safe, and thanks in advance for any responses. I'm a Brocade/Cisco/FortiNet guy, got tossed on a project utilizing Extreme Summit series gear and got a bit confused when it comes to stacking/MLAG configs. The architecture in question is simple, 2 FortiGates in HA up top, I'd like to run 10GIG down to a pair of Summit X460-10G switches below in full mesh. Normally with a Brocade or Cisco I'd just stack the suckers and spin up my MCLAG/VPC and call it a day. On these Extreme switches, it seems you don't need to "Stack" the gear to have an MLAG, it forms peer membership over L3 and provides some sort of magic unicorn fart MLAG compatibility. My question is, should I be stacking these switches before proceeding with this architecture? Or is the multi-switch link agg peer method reliable enough to run with? Thanks in advance all. [link] [comments]  |
| [Oxidized] Specific credentials on switches when the source is LibreNMS Posted: 29 Jun 2020 11:07 PM PDT Hello ! I have many procurve switches but some have a different password. Where can I tell Oxidized / LibreNMS to use a different password for one switch ? Thank you ! [link] [comments]  |
| Posted: 30 Jun 2020 12:12 PM PDT I'd like to know if anyone has hands on with trustsec. Reason I ask is because I've done some reading about how it works and it doesn't seem to me like it solves any problems. Essentially, they've moved your ACLs that would normally be applied on your distribution block into the ISE, and setup access controls within the ISE. So I'm assuming you would just add relevant subnets of new buildings into the respective tag values to apply your access policy for new sites (as opposed to add it to a VLAN SVI on site). Then it seems that the tags are only evaluated (policy enforcement) for access control at the egress point. So what they've done is made it so your denied traffic consumes bandwidth across your network, taking a path it's not permitted to take, then dropping it once it gets there. I really must be missing something here, as this is just illogical. Is anyone using it, and if so is it helping you (and in what way it is helping you)? I'd like to understand the benefits as I only see drawbacks after reading about it. [link] [comments]  |
| Proper way of swapping carriers. Posted: 30 Jun 2020 03:06 PM PDT Hi guys, Lets say you have two edge routers, iBGP between them, each with their own eBGP ISP uplink. Edge router (A) with ISP(X) and Edge router (B) with ISP (Y) and they are taking full table. Edge router A with ISP (X) is preferred primary using LocalPref. Now lets say you want to swap out ISP (Y) with ISP (Z) for my secondary. What should be the least impactful way of doing this? [link] [comments]  |
| Needing some advice on a network redesign with budget limitations Posted: 30 Jun 2020 08:18 AM PDT Hello, I have a school building that is very large and long, as it has had many additions over the years. Before my time here it was setup as a daisy chain of uplinks between each IDF, which ends up being around 8 hops by the time you get to the other end of the building. This wasn't a problem till devices grew on the network, then it became very slow and other services had problems. Even with vlans and QoS profiles set, voip calls drop and intranet services are slow. From the MDF to each IDF is old multimode 1Ge fiber that is connected to all Extreme Networks switches, mainly x440's or x460's. I would like to install new fiber runs from a new MDF location to each IDF, instead of the current daisy chain to eliminate hops. That way there is just one hop to the MDF. Due to budget cuts as a result of the pandemic, we will have to do this as cheap as possible and maybe a phased approach. I am thinking that we could buy pre-terminated fiber and run that to the locations ourselves and cut out hiring a company to do the work. My problem is I don't know what type of fiber to install. We would like to go to 10Ge, but if I am installing new fiber I will need it to work with my existing 1Ge switches and their SFP ports. If I install single mode it won't work with my existing switches as they can only do multimode. Unless I just get the single mode cable installed and wait for the money to become available for new switches to run it. If money becomes available later in the year, I would like to buy new switching at each location to support 10Ge uplinks. Extreme switches run about 3k and you have to pay another $500 just to enable 10Ge on SFP+ ports. I am happy with Extreme's products but we are also in a budget crunch. Does anyone have recommendations on switching that may lower the cost but also get us to 10Ge? Any advice would be appreciated, thank you! [link] [comments]  |
| Looking for a terminal session manager that also shows icmp ping device status Posted: 30 Jun 2020 08:06 AM PDT I'm trying to find software that does a few things in one package. My goal is to have one place I can visually monitor status of several types of devices, and quickly initiate ssh sessions to multiple devices at a time. On top of all the standard things most terminal software does, I'm looking for...
So far I've briefly tried
Anyone ever looked for something similar? Am I asking too much? Am I approaching this from the wrong angle? Any help is greatly appreciated. [link] [comments]  |
| Unifi Switch (48 port) Not adopting Posted: 30 Jun 2020 01:47 PM PDT Hello, I have an UniFi Network Switch with 2 AP coming off. The Switch is connected to a 1 GB modem/router provided by Comcast. The Switch goes to a computer lab. The Switch was working fine a few days ago and I went into the lab today and the switch was not providing internet. I did some troubleshooting and when opening the UniFi Network controller I noticed that the Adoption Failed on the Switch. I unplugged the switch and even did a reset and for some reason, the switch is still not adopting. There is internet from the modem router though. Any ideas? I have never encountered this before. Could the switch be faulty? [link] [comments]  |
| Posted: 30 Jun 2020 01:25 PM PDT We are attempting to establish a Site-To-Site tunnel from our Cisco Firepower 2110 to the Azure cloud using an IKEv2 IPSEC tunnel. Phase one of the tunnel is working without issue, but when we try to establish the IPSEC or Phase 2 part of the tunnel it fails and the Azure side says that there wasn't a matching proposal. I am almost totally sure we have the correct proposals on our side because we used the script Azure spit out for us to use in our ASA. Any help on this one would be greatly appreciated as I am stumped at this point. This is our config for the tunnel below PHASE 1: Working fine, establishes without issue. crypto ikev2 policy 1 encryption aes-256 integrity sha group 5 2 prf sha lifetime seconds 86400 PHASE 2: Will not establish due to a "policy mismatch". crypto ipsec ikev2 ipsec-proposal Azure protocol esp encryption aes-256 protocol esp integrity sha-256 crypto ipsec profile Azure set ikev2 ipsec-proposal Azure crypto ipsec security-association pmtu-aging infinite group-policy 52.152.192.184 internal group-policy 52.152.192.184 attributes vpn-tunnel-protocol ikev2 tunnel-group 52.152.192.184 type ipsec-l2l tunnel-group 52.152.192.184 general-attributes default-group-policy 52.152.192.184 tunnel-group 52.152.192.184 ipsec-attributes ikev2 remote-authentication pre-shared-key ******** ikev2 local-authentication pre-shared-key ********* no tunnel-group-map enable peer-ip tunnel-group-map default-group 52.152.192.184 ! crypto map outside500_map 1 match address outside500_cryptomap_1 crypto map outside500_map 1 set peer 52.152.192.184 crypto map outside500_map 1 set ikev2 ipsec-proposal Azure crypto map outside500_map 1 set ikev2 pre-shared-key ***** crypto map outside500_map interface outside500 crypto ikev2 enable outside [link] [comments]  |
| Cisco Asr queue limit TR linecard Posted: 30 Jun 2020 01:50 AM PDT Having a cisco asr 9k with a tr linecard and 2 physical links in a bundle interface. Now creating subinterfaces on that be interface. How many service-policies can be applied on the subinterfaces? Cisco doc says 8 queues per port on tr cards. Already have 10 subinterfaces with 'service-policy input / service-policy output). Maybe 16 because of 2 phy ports in the be? [link] [comments]  |
| Help with upgrading network for redundancy. Proxmox/Pfsense/Edgeswitch Posted: 30 Jun 2020 12:02 PM PDT Our company has been growing and so I received the go-ahead for upgrades. I am an engineer, however not in the IT field. I have self taught myself everything IT related so I lack professional experience and so I turn to you guys for advice before going down the wrong rabbit hole. Some background: We have an Edgerouter er8-pro handling our routing/firewall/vpn-tunnels which went into a 48p unmanaged switch. From there we have a star pattern with additional smaller switches to pool our workstations together. In no situation is there >2 switches between Router/Wrkstn. Facts:
Current Goal: My idea is to get rid of the Edgerouter and start building up the redundancy. I am in the process of setting up the pfSense VM for the switch over. Redundancy plan is to have the server connected to both switches. Each switch will have one of the WANs. All of the star-switches will also have a 2nd cable going to 2nd switch. The 2 switches will be connected with a 10g SFP+ fiber as a Trunk. Since the Synology has 4 NICs, I can split that between the 2 switches in a LAGG. I will also build a secondary system for Proxmox HA. Now for some questions: Does any of this seem cringe worthy? From my perspective there won't be a single point of failure that brings down the whole network. pfSense LAN - My assumption is that I will setup a LAGG so that it can be connected to both switches. Question is, should this be done on pfSense side, or should i setup bonding on the Proxmox linux bridge? Any issues with having the switches setup this way or will they explode :D ? Any advice or comments will be greatly appreciated. I do have the option to purchase extra equipment, but please refrain from suggesting a $10k expense and turning everything upside down. Thanks [link] [comments]  |
| Unifi USG Pro 4 - L2TP Client VPN Issue Posted: 29 Jun 2020 10:44 PM PDT Hello! I am at the end of my rope with this one. I know I'm missing something silly. Here's what's going on. I have a unifi USG pro 4, it has a public address (no double NAT) running a client VPN server. Whenever I try to connect from Mac OS or Windows I get the same error message when looking at swanctl --log 03[ENC] invalid ID_V1 payload length, decryption failed? 03[ENC] could not decrypt payloads 03[IKE] message parsing failed I've verified bi-directional communication between the client and USG, and checked the shared secret on both sides to make sure they match. This problem occurs regardless of whether the built in USG radius server is being used or a windows NPS server we have configured. In fact, it fails before it even gets to user authentication. I've checked client settings and they appear to match Ubiquiti's documentation. Here is ubiquiti's documentation on the setup. Everything I have found on that error message listed above has said it's either a shared secret mismatch or firmware/software issue. My USG was running the latest, 4.51 and I rolled it back to 4.50 for kicks, same result. I could use some creative ideas :) Thanks in advance C [link] [comments]  |
| Feedback on Frontier Communications SIP Trunk and DIA products Posted: 30 Jun 2020 09:46 AM PDT I have a customer that is considering using Frontier Communications for their Enterprise SIP provider, and for DIA connections at two Datacenters. The primary datacenter is in Southern California, and the Secondary is in Texas. The DIA connection is 1gbps fiber. The SIP Trunk would support roughly 800-1000 phones that are heavily used. The business deals with medical claim intakes, so their workforce spends a vast majority of their time taking phone calls. For that reason, they require rock solid connectivity, and reliable technical support. I've never used Frontier for Business class service. But I'm sure there are plenty of engineers on this sub who have. Can I get some feedback on your opinions of them as a provider? [link] [comments]  |
| Cisco Expressway dual NIC setup Jabber Posted: 30 Jun 2020 09:38 AM PDT We have Cisco Jabber deployed with MRA via Expressway E and C with the E using dual NIC deployment with each interface in a separate DMZ zone. We are experiencing some weird issues where certain calls intitiated from an external Jabber client via MRA fail. The dual NIC deployment on the Expressway E has one NIC in one DMZ facing the internet with an IP NATd on our firewall and the other NIC facing the internal network in another DMZ zone. The internal NIC I understand is only supposed to communicate with the Expressway C (the secure traversal zone?) which has IP on the same network as our Call Manager servers. When troubleshooting we check our firewall logs to look for traffic from the Expressway E internal IP to the Expressway C IP we see nothing. We see some traffic in the opposite direction, Expressway C to E. When running ping/traceroute from the Expressway E internal IP to the Expressway C IP we see traffic takes the correct route and is logged on our firewall but we don't actually see call traffic logged ever. Somehow majority of calls placed from Jabber client over MRA still work so not sure how this traffic is getting through our firewall without being logged? [link] [comments]  |
| Use Duplex fiber cable in Simplex installation Posted: 30 Jun 2020 05:32 AM PDT I'm discussing the following with a colleague and we haven't been able to find our answer through Google. If we have an installation that has two BiDi Singlemode SFP modules in each end (different wavelength), but we only have a Duplex Singlemode fiber cable (2 strands of fiber together) at our disposal. Is it possible to use just one of these fibers (temporarily) and let the other strand of fiber be left unused, or is a Simplex Singlemode fiber cable required? To simplify the question: Is a duplex singlemode fiber cable simply two simplex singlemode fiber cables stuck together? [link] [comments]  |
| Propagating session information between two firewalls to control access Posted: 30 Jun 2020 09:12 AM PDT Suppose I have a simple network like this: Supplicant - FW1 - Server Upon authenticating to the network, FW1 uses some magic to apply an ACL to the supplicant's IP, and access to Server is permitted and everything's good in the neighborhood. Now suppose I need to throw in another firewall for whatever reason, so now we have: Supplicant - FW1 - FW2 - Server Provided everyone's talking Cisco and there's ISE or whatever, the authenticator can inject SGT into the supp's frame and I think everything would Just Work. However, suppose not everyone's talking Cisco. Is there some way to inject SGT tags into a frame (or something equivalent) with RADIUS? Some other vendor-agnostic way to pass session information around for this purpose? (ORRRRR is this unnecessary and should we just control access using FW1, which is closest to the source of the traffic?) [link] [comments]  |
| SCCM LINK FAILED ISSUE - NETWORK ISSUE? Posted: 30 Jun 2020 08:42 AM PDT Hi, Encountered this SSCM link failed issue and would like to verify what could be the root cause of this issue? We have 1 parent and 2 child servers and this issue is only encountered between parent1 and child2 while connection from parent to child1 is stable. Each servers (parent,child) is located in different site and using different transport medium (mpls, tunnel). Diagram: https://ibb.co/4ZQY9pW Now the issue here is we don't manage the Server and I not that familiar in troubleshooting this type of application/setup. During the issue we can able to validated that ping is working fine and other protocols like RDP from parent1 to child2 while we still see this link failed from SCCM status. Checked also that there no network issue and this is the only issue reported between the site. No link error, congestion, routing issue between parent1 and child2. Also no filtering is being applied that may affect the communication as this issue happens in sometime. With that, I would like to ask what could be the issue here? Anyone here can shed some light in how this sccm syncronization works? 1, What protocol is being use to check the link status from SCCM parent and child2?
Please share on input and idea how to troubleshoot this. Thank you [link] [comments]  |
| Budget router question for coffee shop Posted: 30 Jun 2020 04:36 AM PDT Hello guys, my friend is working at a webshop which has a small coffee shop too. They asked me to help them out. They want 2 wifies - one for the webshop and one for the coffee shop for guests. I told theme they should keep the modem at the webshop part and that they should buy a router to connect it with the modem and have a guest wi-fi for the coffee shop. My question would be : what budget router do you guys think would be the best fit ( the coffee shop's capacity is around 10-20 ppl). They didn't say how much they want to spend on it, i guess they want the less expensive thing. [link] [comments]  |
| DNS reverse zone management after ISP change Posted: 30 Jun 2020 01:20 AM PDT Hi all, I tried to google to answer my question, but since I am not sure if my theory is correct, I would appreciate to get a second opinion from the seasoned DNS masters of Reddit. We are changing our ISP soon and the new ISP is only able to manage the reverse zone. The contract with our current ISP (who also managed our DNS) is valid until September, so our plan is to leave the forward zones with the current ISP until after the major change. We will get new public IPs assigned and the new ISP will take care of the PTR records. We will inform our current ISP of the new IPs so they can update the A records. Now, I am not sure if I have to inform the current ISP that they have to remove (if that is the correct term) the reverse zones from their management since the new ISP will take this over or if we can just let them know which changes they have to implement for the forward zone and thats it. I checked our domains in Google dig and couldn't find any PTR records there, so I guess we don't have to specifically tell them to stop managing the reverse zone? I kinda inherited all the infrastructure from a guy who was recently retired and unfortunately neither he nor anyone else could tell me what the current ISP was exactly managing for us in terms of DNS. What is the best path forward here, so that the change will complete smoothly? Thanks a lot! [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment