Solved

Forwarding ISP's Ip

Posted on 2004-10-07
10
228 Views
Last Modified: 2010-05-18
I have a single DC running DNS and DHCP on them. In DHCP I have the scope configuration  listing the ISP's DNS address along with my DNS server. I want to be able to forward the ISP address thru DNS and have my DNS server listed as the only DNS server on my lan. I can do this right???  If I have DHCP only list the dc as the DNS server and have the ISP's address listed as a forwarder my internet stops working on all 4 of my subnets. I don't have a root zone "." listed so I am at a loss. We do have a PIX box doing NAT but we just got that installed so I know very little about it. Where should I start on this one?
0
Comment
Question by:Backbiter
  • 6
  • 4
10 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258854
well i would say to make sure that the PIX is forwarding port 53, but if you had internet connectivity ever, then i would say that it is already working.

Here's what you should do...

Set DHCP to only hand out your DC as the DNS server.  Delete all forwarders from your DNS settings.  Clear your DNS cache.  goto a client, type "ipconfig /release"  and then "ipconfig /renew"  then type "nslookup www.google.com" and see if it resolves.  Windows Server doesn't need forwarders.  if the nslookup fails, then try this "nslookup -d2 www.google.com" and post results.
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12258897
make sure you uncheck "enable forwarders"
0
 

Author Comment

by:Backbiter
ID: 12259926

C:\>nslookup www.google.com
Server:  apollo.misd.local
Address:  172.16.11.4

DNS request timed out.
    timeout was 2 seconds.
*** Request to apollo.misd.local timed-out

C:\>nslookup -d2 www.google.com
------------
SendRequest(), len 42
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (73 bytes):
    HEADER:
        opcode = QUERY, id = 1, rcode = NOERROR
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        4.11.16.172.in-addr.arpa, type = PTR, class = IN
    ANSWERS:
    ->  4.11.16.172.in-addr.arpa
        type = PTR, class = IN, dlen = 19
        name = apollo.misd.local
        ttl = 1200 (20 mins)

------------
Server:  apollo.misd.local
Address:  172.16.11.4

------------
SendRequest(), len 43
    HEADER:
        opcode = QUERY, id = 2, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN

------------
------------
Got answer (106 bytes):
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        www.google.com.MISD.local, type = A, class = IN
    AUTHORITY RECORDS:
    ->  misd.local
        type = SOA, class = IN, dlen = 41
        ttl = 3600 (1 hour)
        primary name server = apollo.misd.local
        responsible mail addr = hostmaster
        serial  = 1743
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 32
    HEADER:
        opcode = QUERY, id = 3, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0

    QUESTIONS:
        www.google.com, type = A, class = IN

------------
DNS request timed out.
    timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to apollo.misd.local timed-out

C:\>
Here are the results that I came up with . The internet service works fine as long as we have the ISP address in Name Servers. Not sure exactly what the above is saying so please diagnose for me...and thank you for your help.
Ben
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260052
on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

also on the monitoring tab, try running a recursive query to other DNS servers.  Are you sure your Server has internet access?
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12260061
>>on the forwarders tab for the DNS server, do you have checked "do not use recursion"?  if so disable it.

I mean, uncheck it.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Backbiter
ID: 12261026
The server does not have internet access. I should have mentioned that. The "do not use recursion" is unchecked and it fails the recursive test. Thanks.
0
 

Author Comment

by:Backbiter
ID: 12261030
Also the dns server is on a 172.16.11.x subnet.
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12261267
well, the server needs internet access.

If you are asking your clients to use only the DNS server for DNS name resolution, and then asking your DNS server to forward unknown requests to an IP address on the internet, it will need access to the internet.
0
 

Author Comment

by:Backbiter
ID: 12262646
Thanks, makes good sense to me...now :)
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12262947
thanks.  glad to help
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now