Solved

Forwarding ISP's Ip

Posted on 2004-10-07
10
239 Views
Last Modified: 2010-05-18
I have a single DC running DNS and DHCP on them. In DHCP I have the scope configuration  listing the ISP's DNS address along with my DNS server. I want to be able to forward the ISP address thru DNS and have my DNS server listed as the only DNS server on my lan. I can do this right???  If I have DHCP only list the dc as the DNS server and have the ISP's address listed as a forwarder my internet stops working on all 4 of my subnets. I don't have a root zone "." listed so I am at a loss. We do have a PIX box doing NAT but we just got that installed so I know very little about it. Where should I start on this one?
0
Comment
Question by:Backbiter
  • 6
  • 4
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258854
well i would say to make sure that the PIX is forwarding port 53, but if you had internet connectivity ever, then i would say that it is already working.

Here's what you should do...

Set DHCP to only hand out your DC as the DNS server.  Delete all forwarders from your DNS settings.  Clear your DNS cache.  goto a client, type "ipconfig /release"  and then "ipconfig /renew"  then type "nslookup www.google.com" and see if it resolves.  Windows Server doesn't need forwarders.  if the nslookup fails, then try this "nslookup -d2 www.google.com" and post results.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258897
make sure you uncheck "enable forwarders"
0
 

Author Comment

by:Backbiter
ID: 12259926

C:\>nslookup www.google.com
Server:  apollo.misd.local
Address:  172.16.11.4

DNS request timed out.
    timeout was 2 seconds.
*** Request to apollo.misd.local timed-out

C:\>nslookup -d2 www.google.com
------------
SendRequest(), len 42
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (73 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.11.16.172.in-addr.arpa
        type = PTR, class = IN, dlen = 19
        name = apollo.misd.local
        ttl = 1200 (20 mins)

------------
Server:  apollo.misd.local
Address:  172.16.11.4

------------
SendRequest(), len 43
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN

------------
------------
Got answer (106 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  misd.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = apollo.misd.local
        responsible mail addr = hostmaster
        serial  = 1743
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to apollo.misd.local timed-out

C:\>
Here are the results that I came up with . The internet service works fine as long as we have the ISP address in Name Servers. Not sure exactly what the above is saying so please diagnose for me...and thank you for your help.
Ben
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260052
on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

also on the monitoring tab, try running a recursive query to other DNS servers.  Are you sure your Server has internet access?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260061
>>on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

I mean, uncheck it.
0
 

Author Comment

by:Backbiter
ID: 12261026
The server does not have internet access. I should have mentioned that. The "do not use recursion" is unchecked and it fails the recursive test. Thanks.
0
 

Author Comment

by:Backbiter
ID: 12261030
Also the dns server is on a 172.16.11.x subnet.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12261267
well, the server needs internet access.

If you are asking your clients to use only the DNS server for DNS name resolution, and then asking your DNS server to forward unknown requests to an IP address on the internet, it will need access to the internet.
0
 

Author Comment

by:Backbiter
ID: 12262646
Thanks, makes good sense to me...now :)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12262947
thanks.  glad to help
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question