SBS 2003 w/ Sonicwall TZ 170 - Unable to resolve domain names

I'm sure there's an easy answer to this one, but it has me scratching my head. I'm setting up a network with SBS 2003 and a Sonicwall TZ 170 behind our ISP's router. The problem is, I can't get the Sonicwall to allow me to resolve domain names.

Here's my setup:

Sonicwall:
Wan IP - xx.xxx.xxx.162
Subnet - 255.255.255.224
Wan Router: xx.xxx.xxx.161
LAN IP Address - 192.168.1.1
LAN Subnet - 255.255.255.0

SBS 2003 NIC 1(Internal Network):
IP - 192.168.0.2
Subnet - 255.255.255.0
Default Gateway: Blank
Preferred DNS: 192.168.0.2 (forwarder set to 192.168.1.1)

SBS 2003 NIC 2(External to Sonicwall):
IP - 192.168.1.10
Subnet - 255.255.255.0
Default Gateway: 192.168.1.1
Preferred DNS: 192.168.0.2

Using the DNS Name Lookup utility on the Sonicwall I can resolve any domain I pick. The problem occurs trying to access a webpage from the server - the request times out looking for the DNS server.

The Sonicwall log shows:
UDP Packet from LAN dropped
Source: 192.168.1.10, 1068, LAN
Destination: 192.168.1.1, 53, LAN
Notes: Name Service (DNS)

I've tried creating a number of different rules such as (format is Source-Destination-Service-Action):
1) LAN-LAN-Name Service(DNS)-Allow
2) LAN-WAN-Name Service(DNS)-Allow
3) LAN-192.168.1.1(LAN)-Name Service(DNS)-Allow

Please tell me it's just something stupid on my part and let me be done with it!

Thanks!!
kbayerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MarkMoloughneyCommented:
It's something stupid on your part.  There.  I told you.  But seriously, it probably is.  Have you tried making a rule opening ALL PORTS in both directions as a test?  This sometimes helps.  

And is the request really timing out looking for DNS?  How do you know this?  Can you manually type the IP address and it works?  If it doesn't work maybe your Port 80 is blocked.  Something to think about.  

Also your preferred DNS for external is pointing to the internal NICs IP on a different network.  Does this machine have DNS?  If so try changing the IP to the 1.10 IP since it is the same machine anyway and this will be on the same network.

Tell me what you are trying to accomplish with this set up.  Because it is very confusing...  Are you just trying to use the SBS 2003 as a bridge for the two networks?

Mark
0
kbayerAuthor Commented:
Alright, now that we know it's something stupid, we 've gotten that out of the way!

I can access sites manually typing in their IP addresses from the browser so I know that isn't the problem.

Opening all ports (rule was set up: Source: *, Destination: *, Service: Any, Action: Allow) didn't work. I guess I'm just assuming it times out because it can never find the servers - I don't know for sure.

I know the preferred DNS points to the other NIC and it does have DNS running on it (with a DNS forwarder to the Sonicwall). The setup is actually the suggested setup for a multihomed server with a firewall/router on Smallbizserver.net <A Href="http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx"> (http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx)</A>

The log continues to list the DNS request as being dropped:
UDP Packet from LAN dropped
Source: 192.168.1.10, 1068, LAN
Destination: 192.168.1.1, 53, LAN
Notes: Name Service (DNS)

(Note that the source is from the external NIC's IP)

Thanks.
0
MarkMoloughneyCommented:
What is the purpose of this server?  What are you trying to do with it?  A webserver, mailserver?  And why the 2 internal IP ranges on different nics.  Explain to me what it is you are trying to do.  

Mark
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

kbayerAuthor Commented:
It's a file and Exchange server for a small company network.

The first NIC (internal network) connects to a hub for the networked computers, the second (external) connects to the firewall to sgregated the rest of the network from the Internet.

0
MarkMoloughneyCommented:
Does your Server has microsoft's ISA server installed?  Because thats necessary for the documents you referenced earlier.

So the Internal Network NIC and clients attached there to you do not want to allow internet access and the External NIC that connects to the firewall you do want connected to the network?  

Mark
0
kbayerAuthor Commented:
I've actually read a number of posts with the same configuration and SBS 2003 Standard (no ISA) and everytihng worked fine.

The networked computers will access the DNS and Internet through the SBS server, which will  do so by using the external card to the firewall.

How would you suggest I set the network up, Mark?
0
MarkMoloughneyCommented:
I am not sure I know what you want to do but here goes..

You have 2 LANs.  One you want to be restricted from accessing the internet but have full access to the exchange server and file sharing.  The other LAN you want to give full access to the internet and to the file server and exchange server.

Is this correct?


Mark
0
MarkMoloughneyCommented:
What is the IP address of the DNS server?

Mark
0
Rant32Commented:
The SBS is using the SonicWALL as DNS server? IIRC this is an option that has to be enabled on the SonicWALL.

Personally, I have bad experiences using static DNS forwarders. Windows Server 2003 can use root hints to find its DNS Servers!

If you have a '.' (dot) domain in the  DNS console, remove it (seriously). Restart the DNS console, it should be gone.

Make sure that the use of forwarders is disabled on the properties tab of the DNS server.

Now, try accessing a web site again. The server should now look for nameservers by itself, caching the TLD's so root servers don't get burdened.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kbayerAuthor Commented:
Thanks guys, I think I got it figured out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.