Upgraded Windows 2008 R2 servers = No DNS Servers.
That is a bad thing, not having DNS available, as best practice for years now has been:
“Don’t link to a computer’s IP address, link to it’s computer name (and DNS will do the rest).”
So when the customer lost their DNS servers, they couldn’t log onto the network, as their desktop computers couldn’t find a server.
And in my little bit of the support empire, customer’s couldn’t receive emails on their BlackBerries. The BlackBerry Server couldn’t find the Email server, so no messages were being delivered.
The short-term fix? Adding the mail server IP address to the BlackBerry Server HOSTS file, got the mail flowing again. The long-term fix? Stop the CheckPoint SmartDefense product from checking the DNS protocol.
(it’s a shame the customer can’t use OpenDNS, which I wrote about here.)
And the prize goes to The Angry Technician, who wondered about how CheckPoint would interact with DNSSEC. DNSSEC support was introduced in Windows 2008 R2 …