Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SBS 2003 w/ Sonicwall TZ 170 - Unable to resolve domain names

Posted on 2006-03-24
10
Medium Priority
?
761 Views
Last Modified: 2008-02-01
I'm sure there's an easy answer to this one, but it has me scratching my head. I'm setting up a network with SBS 2003 and a Sonicwall TZ 170 behind our ISP's router. The problem is, I can't get the Sonicwall to allow me to resolve domain names.

Here's my setup:

Sonicwall:
Wan IP - xx.xxx.xxx.162
Subnet - 255.255.255.224
Wan Router: xx.xxx.xxx.161
LAN IP Address - 192.168.1.1
LAN Subnet - 255.255.255.0

SBS 2003 NIC 1(Internal Network):
IP - 192.168.0.2
Subnet - 255.255.255.0
Default Gateway: Blank
Preferred DNS: 192.168.0.2 (forwarder set to 192.168.1.1)

SBS 2003 NIC 2(External to Sonicwall):
IP - 192.168.1.10
Subnet - 255.255.255.0
Default Gateway: 192.168.1.1
Preferred DNS: 192.168.0.2

Using the DNS Name Lookup utility on the Sonicwall I can resolve any domain I pick. The problem occurs trying to access a webpage from the server - the request times out looking for the DNS server.

The Sonicwall log shows:
UDP Packet from LAN dropped
Source: 192.168.1.10, 1068, LAN
Destination: 192.168.1.1, 53, LAN
Notes: Name Service (DNS)

I've tried creating a number of different rules such as (format is Source-Destination-Service-Action):
1) LAN-LAN-Name Service(DNS)-Allow
2) LAN-WAN-Name Service(DNS)-Allow
3) LAN-192.168.1.1(LAN)-Name Service(DNS)-Allow

Please tell me it's just something stupid on my part and let me be done with it!

Thanks!!
0
Comment
Question by:kbayer
  • 5
  • 4
10 Comments
 
LVL 1

Expert Comment

by:MarkMoloughney
ID: 16281973
It's something stupid on your part.  There.  I told you.  But seriously, it probably is.  Have you tried making a rule opening ALL PORTS in both directions as a test?  This sometimes helps.  

And is the request really timing out looking for DNS?  How do you know this?  Can you manually type the IP address and it works?  If it doesn't work maybe your Port 80 is blocked.  Something to think about.  

Also your preferred DNS for external is pointing to the internal NICs IP on a different network.  Does this machine have DNS?  If so try changing the IP to the 1.10 IP since it is the same machine anyway and this will be on the same network.

Tell me what you are trying to accomplish with this set up.  Because it is very confusing...  Are you just trying to use the SBS 2003 as a bridge for the two networks?

Mark
0
 

Author Comment

by:kbayer
ID: 16282283
Alright, now that we know it's something stupid, we 've gotten that out of the way!

I can access sites manually typing in their IP addresses from the browser so I know that isn't the problem.

Opening all ports (rule was set up: Source: *, Destination: *, Service: Any, Action: Allow) didn't work. I guess I'm just assuming it times out because it can never find the servers - I don't know for sure.

I know the preferred DNS points to the other NIC and it does have DNS running on it (with a DNS forwarder to the Sonicwall). The setup is actually the suggested setup for a multihomed server with a firewall/router on Smallbizserver.net <A Href="http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx"> (http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/articleId/76/Two-Nics-a-static-IP-address-ISA-router.aspx)</A>

The log continues to list the DNS request as being dropped:
UDP Packet from LAN dropped
Source: 192.168.1.10, 1068, LAN
Destination: 192.168.1.1, 53, LAN
Notes: Name Service (DNS)

(Note that the source is from the external NIC's IP)

Thanks.
0
 
LVL 1

Expert Comment

by:MarkMoloughney
ID: 16282381
What is the purpose of this server?  What are you trying to do with it?  A webserver, mailserver?  And why the 2 internal IP ranges on different nics.  Explain to me what it is you are trying to do.  

Mark
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:kbayer
ID: 16282769
It's a file and Exchange server for a small company network.

The first NIC (internal network) connects to a hub for the networked computers, the second (external) connects to the firewall to sgregated the rest of the network from the Internet.

0
 
LVL 1

Expert Comment

by:MarkMoloughney
ID: 16282827
Does your Server has microsoft's ISA server installed?  Because thats necessary for the documents you referenced earlier.

So the Internal Network NIC and clients attached there to you do not want to allow internet access and the External NIC that connects to the firewall you do want connected to the network?  

Mark
0
 

Author Comment

by:kbayer
ID: 16283243
I've actually read a number of posts with the same configuration and SBS 2003 Standard (no ISA) and everytihng worked fine.

The networked computers will access the DNS and Internet through the SBS server, which will  do so by using the external card to the firewall.

How would you suggest I set the network up, Mark?
0
 
LVL 1

Expert Comment

by:MarkMoloughney
ID: 16283339
I am not sure I know what you want to do but here goes..

You have 2 LANs.  One you want to be restricted from accessing the internet but have full access to the exchange server and file sharing.  The other LAN you want to give full access to the internet and to the file server and exchange server.

Is this correct?


Mark
0
 
LVL 1

Expert Comment

by:MarkMoloughney
ID: 16283375
What is the IP address of the DNS server?

Mark
0
 
LVL 12

Accepted Solution

by:
Rant32 earned 750 total points
ID: 16283590
The SBS is using the SonicWALL as DNS server? IIRC this is an option that has to be enabled on the SonicWALL.

Personally, I have bad experiences using static DNS forwarders. Windows Server 2003 can use root hints to find its DNS Servers!

If you have a '.' (dot) domain in the  DNS console, remove it (seriously). Restart the DNS console, it should be gone.

Make sure that the use of forwarders is disabled on the properties tab of the DNS server.

Now, try accessing a web site again. The server should now look for nameservers by itself, caching the TLD's so root servers don't get burdened.
0
 

Author Comment

by:kbayer
ID: 16303145
Thanks guys, I think I got it figured out.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question