Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Forwarding ISP's Ip

Posted on 2004-10-07
10
Medium Priority
?
256 Views
Last Modified: 2010-05-18
I have a single DC running DNS and DHCP on them. In DHCP I have the scope configuration  listing the ISP's DNS address along with my DNS server. I want to be able to forward the ISP address thru DNS and have my DNS server listed as the only DNS server on my lan. I can do this right???  If I have DHCP only list the dc as the DNS server and have the ISP's address listed as a forwarder my internet stops working on all 4 of my subnets. I don't have a root zone "." listed so I am at a loss. We do have a PIX box doing NAT but we just got that installed so I know very little about it. Where should I start on this one?
0
Comment
Question by:Backbiter
  • 6
  • 4
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258854
well i would say to make sure that the PIX is forwarding port 53, but if you had internet connectivity ever, then i would say that it is already working.

Here's what you should do...

Set DHCP to only hand out your DC as the DNS server.  Delete all forwarders from your DNS settings.  Clear your DNS cache.  goto a client, type "ipconfig /release"  and then "ipconfig /renew"  then type "nslookup www.google.com" and see if it resolves.  Windows Server doesn't need forwarders.  if the nslookup fails, then try this "nslookup -d2 www.google.com" and post results.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258897
make sure you uncheck "enable forwarders"
0
 

Author Comment

by:Backbiter
ID: 12259926

C:\>nslookup www.google.com
Server:  apollo.misd.local
Address:  172.16.11.4

DNS request timed out.
    timeout was 2 seconds.
*** Request to apollo.misd.local timed-out

C:\>nslookup -d2 www.google.com
------------
SendRequest(), len 42
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (73 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.11.16.172.in-addr.arpa
        type = PTR, class = IN, dlen = 19
        name = apollo.misd.local
        ttl = 1200 (20 mins)

------------
Server:  apollo.misd.local
Address:  172.16.11.4

------------
SendRequest(), len 43
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN

------------
------------
Got answer (106 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  misd.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = apollo.misd.local
        responsible mail addr = hostmaster
        serial  = 1743
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to apollo.misd.local timed-out

C:\>
Here are the results that I came up with . The internet service works fine as long as we have the ISP address in Name Servers. Not sure exactly what the above is saying so please diagnose for me...and thank you for your help.
Ben
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260052
on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

also on the monitoring tab, try running a recursive query to other DNS servers.  Are you sure your Server has internet access?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260061
>>on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

I mean, uncheck it.
0
 

Author Comment

by:Backbiter
ID: 12261026
The server does not have internet access. I should have mentioned that. The "do not use recursion" is unchecked and it fails the recursive test. Thanks.
0
 

Author Comment

by:Backbiter
ID: 12261030
Also the dns server is on a 172.16.11.x subnet.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 1000 total points
ID: 12261267
well, the server needs internet access.

If you are asking your clients to use only the DNS server for DNS name resolution, and then asking your DNS server to forward unknown requests to an IP address on the internet, it will need access to the internet.
0
 

Author Comment

by:Backbiter
ID: 12262646
Thanks, makes good sense to me...now :)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12262947
thanks.  glad to help
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question