Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Forwarding ISP's Ip

Posted on 2004-10-07
10
Medium Priority
?
252 Views
Last Modified: 2010-05-18
I have a single DC running DNS and DHCP on them. In DHCP I have the scope configuration  listing the ISP's DNS address along with my DNS server. I want to be able to forward the ISP address thru DNS and have my DNS server listed as the only DNS server on my lan. I can do this right???  If I have DHCP only list the dc as the DNS server and have the ISP's address listed as a forwarder my internet stops working on all 4 of my subnets. I don't have a root zone "." listed so I am at a loss. We do have a PIX box doing NAT but we just got that installed so I know very little about it. Where should I start on this one?
0
Comment
Question by:Backbiter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258854
well i would say to make sure that the PIX is forwarding port 53, but if you had internet connectivity ever, then i would say that it is already working.

Here's what you should do...

Set DHCP to only hand out your DC as the DNS server.  Delete all forwarders from your DNS settings.  Clear your DNS cache.  goto a client, type "ipconfig /release"  and then "ipconfig /renew"  then type "nslookup www.google.com" and see if it resolves.  Windows Server doesn't need forwarders.  if the nslookup fails, then try this "nslookup -d2 www.google.com" and post results.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258897
make sure you uncheck "enable forwarders"
0
 

Author Comment

by:Backbiter
ID: 12259926

C:\>nslookup www.google.com
Server:  apollo.misd.local
Address:  172.16.11.4

DNS request timed out.
    timeout was 2 seconds.
*** Request to apollo.misd.local timed-out

C:\>nslookup -d2 www.google.com
------------
SendRequest(), len 42
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (73 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.11.16.172.in-addr.arpa
        type = PTR, class = IN, dlen = 19
        name = apollo.misd.local
        ttl = 1200 (20 mins)

------------
Server:  apollo.misd.local
Address:  172.16.11.4

------------
SendRequest(), len 43
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN

------------
------------
Got answer (106 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  misd.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = apollo.misd.local
        responsible mail addr = hostmaster
        serial  = 1743
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to apollo.misd.local timed-out

C:\>
Here are the results that I came up with . The internet service works fine as long as we have the ISP address in Name Servers. Not sure exactly what the above is saying so please diagnose for me...and thank you for your help.
Ben
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260052
on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

also on the monitoring tab, try running a recursive query to other DNS servers.  Are you sure your Server has internet access?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260061
>>on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

I mean, uncheck it.
0
 

Author Comment

by:Backbiter
ID: 12261026
The server does not have internet access. I should have mentioned that. The "do not use recursion" is unchecked and it fails the recursive test. Thanks.
0
 

Author Comment

by:Backbiter
ID: 12261030
Also the dns server is on a 172.16.11.x subnet.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 1000 total points
ID: 12261267
well, the server needs internet access.

If you are asking your clients to use only the DNS server for DNS name resolution, and then asking your DNS server to forward unknown requests to an IP address on the internet, it will need access to the internet.
0
 

Author Comment

by:Backbiter
ID: 12262646
Thanks, makes good sense to me...now :)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12262947
thanks.  glad to help
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question