Solved

How do I configure DNS so my computers can access the internet?

Posted on 2008-10-25
40
867 Views
Last Modified: 2011-10-19
I have a windows 2003 Server running AD and DNS.  I don't understand what forward or reverse lookup zones are though.  How do I tell DNS server to look to my router to get internet DNS information.

Maybe thats a bad way to put it.  I want to be able to browse the web from my server and workstations.  Right now, I can't, but I do have internet access.  I can ping out of the building for example.
0
Comment
Question by:fekdep
  • 17
  • 9
  • 8
  • +2
40 Comments
 
LVL 1

Expert Comment

by:JayPeeAS
ID: 22804107
All you have to do is install the DNS server from Add/Remove Programs, Add WIndows Components and then point your server's DNS to itself and all the workstations to point their DNS Server to the Server's IP address.

You shouldn't need DNS FOrwarders.

Let me know if you need any specifics or if you need detailed instructions on how to do this.
0
 

Author Comment

by:fekdep
ID: 22804184
The DNS is installed.  It was working.  I ran a Windows Update and restarted.  Now nothing.

Not long ago I discovered that the Server was using the router as it's DNS.  I changed the DNS to itself.  I didn't restart.  This is the first restart since then.

Basically my question is this: If DNS is setup on my server and the server looks to itself to resolve names and all of the workstations look to the server to resolve names, how does that DNS server know where google.com is for example? Where does the DNS server get that information from?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22804919
The server will look at root hints to resolve external names if the server doesn't have forwarders setup. Forwarders will forward all external name space resolution to your ISP's DNS servers which is the better solution then root hints. You will get better performance. Also, using root hints is a security risk. If you want to use root hints you need to download the most updated hints from MS Update. Make sure your clients point to your internal DNS server and the server points to itself.


http://technet.microsoft.com/en-us/library/cc782142.aspx

http://technet.microsoft.com/en-us/library/cc773370.aspx
0
 

Author Comment

by:fekdep
ID: 22805071
I followed those instructions.  My router doesn't have a FQDN, I made one up and used it's IP.  Still nothing.

I'm asking here because what I have found on google isn't helping.

Any chance of a step by step?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22805137
You don't want the router to handle DNS for you. You want DNS to do that and you want forwarders to forward the requests.

Go to DNS then right-click your zone

Go to Properties

Select the Forwarders Tab.

Add your ISP DNS servers.
0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22806508
1. you need to configure your router of the network meaning connect it directly to a laptop or some pc and ensure u r getting internet
2. on the DC server recheck ip setting to ensure that router ip your gate way
3. now u should have internet unless u r using any internel (eg. isa) or external proxy(isp proxy) server to access internet
4 if u r using any proxy ensure u set it up on any machine to gain internet access
5. after that use gpo to configure proxy setting for the who network
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22806566
I think you are getting bits and pieces and not the big picture. So, for your reference you can see where a DNS query goes using this info. It helps massively in troubleshooting.

The client sends out a DNS query:
The client has a couple records that it will try to resolve the query by itself:
1) The first place a client looks for is a cached entry. (You can flush the DNS cache by going to the command prompt and typing IPconfig /flushdns)
3) Then if your client doesn't have the cached entry, it will look at the client's C:\Windows\system32\drivers\ect\Host file for resolution. (You can look at and edit the host file with word pad. Check and see that there are no entries, except 1.0.0.127 local host file in that file. Manually configured host files can mess up DNS resolution.)

After the client can't determine its own DNS query it will look at the prefered DNS server: (To determine the prefered DNS server, it will be the first on on the list in an IPconfig /all of the client. The preferred DNS server for all your nodes on that network should be your internal DNS server, **not the router or an outside server**).

1) The first place the server looks for DNS records is its own DNS cache. (You can flush the cash by again going to the command prompt and typing ipconfig /flushdns)
2) Then the server will look at its own C:\Windows\system32\drivers\ect\Host file for resolution.
3)Then, the DNS server will have a list of Host A records for internal LAN queries. (It looks and sounds like you have a list of Host A records).
4) If the DNS server can't find the Host A, it will make an attempt to contact an outisde server. There are two types of contacts. One is a recursive and the other is an iteration query. There are also two types of lists to contact the outside server. One is called a forwarder and the other is called roothints.
---brief explaination of each:
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query

Forwarders use recursive lookups and are usually configured to either your router or to your ISP for outside resolution. (The reason you can use a router for forwarders is because the router will get your ISP's DNS address to look outside your domain for DNS queries automatically)

Root hints use iterative lookups and are a list of public servers that the query goes out to for resolution.

_______________________________________________________________________________
To answer your question on how to get outside resolution:

You will have to enable root hints or configure forwarders. Also, each node has to have a single gateway configured to show your computer the path to the outside. Most likely that is the path to your router.

So, Dariusq is absolutely right. You can configure root hints.


DNS-query.gif
0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22811233
@ChiefIT:
Whole picture!!! Dun u mean the whole book?
0
 

Author Comment

by:fekdep
ID: 22814330
Ok.  I reinstalled DNS so I would have a clean start.  The internet worked right away.  Then, I setup the forwarder and it continued to work.... for a couple of hours.

Now, nothing.


0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22814380
Do an nslookup and post.
0
 

Author Comment

by:fekdep
ID: 22814431
I redid the forwarders and flushed the DNS.  Right now it seams to be working.  

NS lookup:

DNS request timed out.
      timeout was 2 seconds.
***Can't find server name for address 192.168.4.200: Timed Out
Default Server: UnKnown
Adress: 192.168.4.200
0
 
LVL 1

Expert Comment

by:JayPeeAS
ID: 22814534
If you create a PTR record in the reverse lookup zone you'll get a proper nslookup result (without the DNS request time outs)

Is the internet working now?
0
 

Author Comment

by:fekdep
ID: 22814595
I don't know what a PTR record is or how to make one.

The internet is working now.  That said, it worked this morning for a couple of hours.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22815335
Sounds like you have an IP on a client computer that is the same as your gateway.

Go to the command prompt and type:

Ping -a xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is the ip of your gateway. That should resolve the DNS name of the comptuer. Go to that computer, and change its IP.

@sensored2008:
""Whole picture!!! Dun u mean the whole book?""
LOL
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22815450
Sounds like you have an IP on a client computer that is the same as your gateway.

Go to the command prompt and type:

Ping -a xxx.xxx.xxx.xxx

Where xxx.xxx.xxx.xxx is the ip of your gateway. That should resolve the DNS name of the comptuer. Go to that computer, and change its IP.

@sensored2008:
""Whole picture!!! Dun u mean the whole book?""
LOL
0
 

Author Comment

by:fekdep
ID: 22815569
did that, no name came up.

my DHCP scope starts at xxx....201  my gateway is .1
0
 

Author Comment

by:fekdep
ID: 22815627
and the internet stopped working again by the way.

I remove the forwarder and then it works.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22815716
Update your root hints through Windows Update. Lets see if the root hints fail.
0
 

Author Comment

by:fekdep
ID: 22815984
I just did a windows update.  Thats how I got in to this mess.  Prior to doing that on Saturday everything worked just fine.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22815997
Did you install this update KB 958644?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:fekdep
ID: 22816194
I did all available updates.

I'd check now, but naturally I can't do that without an internet connection.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22816245
If you look through your Add Remove Programs do you see this update installed? What AV are your running? This update has been causing network connectivity issues.
0
 

Author Comment

by:fekdep
ID: 22816318
Yes, that update is there.

I'm using McAfee AV with the firewall disabled.
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 22816413
There have been a fix posted yet but you can get free tech support from MS if you are having a problem with an update.

How to obtain help and support for this security update
For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:
http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)
North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:
http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)
For enterprise customers, support for security updates is available through your usual support contacts.
0
 

Author Comment

by:fekdep
ID: 22816724
I don't want to hire someone.  

I've uninstalled that update and restarted the server.  As of now, I have internet access.  For a temporary fix on the workstations I've added the ISP's DNS to the DHCP.  Hopefully that update was the issue.  I'll know soon enough I suppose.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22816800
Even with the update removed users still had issues but hopefully you will be one of the ones that won't. You should remove the internet dns server out of your TCP\IP settings because of Domain problems that will come about if you have external DNS server listed in your internal network's TCP\IP properties. The update problems are free if you call MS.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22817946
Go to Start>>Run>>services.msc and see if the Windows firewall service is on automatic and Started.

I just noticed that even though control pannel said my firewall was off, the service applet was actually ON. Maybe you are having the same issue.

I disabled Windows firewall in services with no fix to the KB problem. My issue started with updates as well. Maybe disabling the firewall will work for you. Of course I can't recommend you disable all firewall in leiu of another firewall. So, the decision is up to you.

0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22819167
are both your router and server acting as dhcp severs
0
 
LVL 5

Expert Comment

by:sensored2008
ID: 22819171
make sure ur router is acting as gateway only not dhcp, if dhcp is enabled there  disable it
0
 

Author Comment

by:fekdep
ID: 22906349
Ok, I'm still having problems with this.  I followed all of the instructions and it worked for a while.

I removed DNS and reinstalled.
I removed my DHCP scope and reconfigured.
My router is not acting as a DHCP server.

My DNS forwards all unknown lookups to my ISP's DNS.

Is there a way to trace from the client side where DNS lookups are going?  DNS seems pretty simple:
COMPUTER asks SERVER "Where is John?"
SERVER responds "John is over there --->"
COMPUTER asks "Where is Google--->"
SERVER responds "I don't know, ask ISP"
ISP responds to COMPUTER "Google is over there ---->"

Case closed.  What is wrong with my setup?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 22906952
Ok. So, your local DNS only points to itself. The clients point to the server for DNS only. You have forwarders setup in DNS. What is happening right now that isn't working.
0
 

Author Comment

by:fekdep
ID: 22907257
Yes.... and no.

As an interim solution I have added the ISP's DNS to the DHCP scope.  These people need a couple of hours to check their mail etc...

However, when it is setup correctly (to the best of my knowledge), the server points to itself for DNS.  The clients point to the server.  The server has a forwarder setup to the ISP's DNS.

What doesn't work is browsing.  All the clients can ping outside of the building but cannot resolve names.  So, I can ping my mail server for example, but not if I ping mail.company.com

Another problem that coincides with this is internal data corruption.  They run a program that connects to the server that is constantly corrupting itself.

Right now, I'm waiting for a call back from Microsoft.  I followed up on your advice there.

Thanks for everything so far.  It has been a lot of help.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22907618
There are only a couple possibilities this could be:

1) Please download and install SP2.

SP1 has a bug in it that chokes the MTU (maximum transfer unit) channels and causes a NIC flood. The flood can result on any of the ports that do the most traffic. You can test this by going in and doing an MTU ping.

http://help.expedient.com/broadband/mtu_ping_test.shtml
http://www.dslreports.com/faq/5793

2) Check your corporate Firewall for a blockage on port 80.

3) Change from forwarders to root hints to make sure the DNS forwarding server is not problem. You may have a forwarder configured of a server that doesn't exist or is down for maintenance. You can test this by going back to root hints servers. To do this disable recursive lookups. You can also try to ping your ISP's DNS server to see if it is on line. You may/may not get a reply. This will depend upon if your ISP has ICMP reply enabled on that server.

4) You may have configured IPv6 on your LAN. A super quick test is to go into the command prompt and type: IPconfig /all. If you see some funky IPs and a line that says toredo tunnel, you are running IPv6. Now, IPv6 can work with DNS, but has to be configured right.

Here is an example of IPv6 on an improperly configured network:
http://www.experts-exchange.com/Networking/Protocols/DNS/Q_23604907.html

0
 

Author Comment

by:fekdep
ID: 22907772
I'm already running SP2.

The ISP DNS server is online.  If I enter it manually on a machine, I have internet.  I also support a another customer in this building using the same provider.  No problems there.

I disabled recursion and renewed a client IP.  I'm dead again.  What is recursion?

No IPv6
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22907905
---Recursive lookup: A recursive lookup is handled by the server. It will go out to a distant server and try to resolve DNS queries that it can't do on for the client. In other words, if the DNS server can't find an internal address, it will go out to other servers and ask them to look for it. If a resolution is provided. The resolution will be passed down to the client from the server. It is recommended to turn off recursive lookups for security reasons and performance reasons.
--Iteration: Iteration is done when the server can't resolve the query and tells the client, "I can't do it, ask another DNS server." The resolution comes from the remote server, not the local server. So, this is basically passing the buck.
---forwarders: forwarders are manually configured DNS servers that your server will forward queries to if your server can't make the resolution. (most folks configure the ISP's DNS server as the forwarders)
---Root Hints: Root Hints are a list of public DNS servers that your server forwards DNS queries to if your server can't resolve the DNS query

Forwarders use recursive lookups and are usually configured to either your router or to your ISP for outside resolution. (The reason you can use a router for forwarders is because the router will get your ISP's DNS address to look outside your domain for DNS queries automatically)

Root hints use iterative lookups and are a list of public servers that the query goes out to for resolution.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22908106
One thing we haven't tried is to reset the winsock
netsh winsock reset

I also know that zone alarm has a problem with DNS some service packs.
0
 

Author Comment

by:fekdep
ID: 22908152
I've got nothing in the way of firewall at the moment.  First thing I went for.

MS is in to the machine doing that voodoo that they doo to screw you.

After I explained that the problem was that I had no internet access they asked me to go to support.microsoft.com/ea  so I don't have much faith that they will help.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22908228
Doing some further research...Was just on a site where:

AVG
AD-Aware
Winsock
and Zone alarm

Were causing the issues.

Also some DLL's were not registered correclty. (Lots of potential fixes here)
http://en.kioskea.net/forum/affich-5044-can-t-browse-but-can-ping?page=4
0
 

Author Comment

by:fekdep
ID: 22995107
In the end there was some Kind of corruption due to an update gone wrong.  Microsoft took care of the problem.
0
 

Author Closing Comment

by:fekdep
ID: 31509973
Thanks for all the help and tutorials.  Ultimately, you were right and I should have called MS earlier.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now