• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

Connectivity problem after changing ISP

One of our clients has changed their ISP and also upgraded their broadband to ADSL 2+.  The new ISP supplied a new router, which they maintain remotely.  Since the change (and upgrade) broadband speeds have been slower than they were but the ISP said that everything looked normal so far as they could see.
Today, we went in and connected a laptop directly to the router.  As the router is not acting as a DHCP server, we manually added the ip, sm, dg and dns addresses.  For DNS, we used the Google free DNS of 8.8.8.8 and the broadband speed measured on the laptop was much faster.  We then changed dns on the DHCP server to the ISP’s own dns servers and tested the workstations and they were all much faster.  It probably isn’t a good idea to leave the ISP’s DNS server addresses in DHCP as our client could have a problem should these ever go down, so we would like to put DHCP back to how it was – pointing to the internal DHCP server.
The question is this:  would changing ISP have an effect on the internal DNS Server?  If so, what should we have done to prevent this from happening?

Thanks
0
gerlis
Asked:
gerlis
  • 8
  • 4
  • 3
  • +1
3 Solutions
 
AquatoneCommented:
Hi,

If your internal DNS server was configured to forward external queries to your old ISP's DNS server, then a break may occur.

I would check that. I use OpenDNS' server despite of my ISP; 208.67.222.222, 208.67.220.220

0
 
uescompCommented:
Check your DNS records and see where they are going, you probably have to update the old ones/create new forwarders.
0
 
gerlisAuthor Commented:
Sorry about my lack of experience with DNS.  The DNS server was configured using the wizard and at no time asked for the address to forward queries.  I always assumed it used the gateway (router) for this.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
Hypercat (Deb)Commented:
All internal servers and workstation should always be pointing to your own internal DNS server(s) for name resolution.  In the DNS management console on your DNS server(s), you can right-click on the top level and click Properties.  There will be a forwarders tab there where you can specify external DNS servers that can be used to forward queries for external hosts.  You can either remove the existing forwarders that are set there and replace them with your new ISP's DNS server IP addresses, or simply remove them and let the internal DNS server forward external queries to the root servers.  My preference is for the latter because that way you don't ever run into this situation again if you change ISP's.  If you need additional help following these steps, post back and I'll give you a step-by-step.
0
 
gerlisAuthor Commented:
Thanks for the clear instructions.  The forwarders tab has the address of the router - the new router has the same LAN address as the old one.
0
 
AquatoneCommented:
Set your local DNS server's forwarders settings to point to an Internet DNS server. Works like a charm.
0
 
gerlisAuthor Commented:
Shouldn't the DNS server detect the external host via the router (gateway)?  This appears to work on my other networks, and did on this one until the change or ISP and router.  If not, I'll add some DNS servers; possibly the OpenDNS servers.  But I would like to know if I have been doing this right up till now.

Thanks
0
 
Hypercat (Deb)Commented:
Not really.  That setup may work but it certainly isn't the "correct" way to do it as far as my 25+ years of experience tells me.  That's fine for a home network where you maybe have a couple of standalone PCs attached to a router, but it is not the proper way to set up an AD domain. The DNS server should be set to either use a specific set of external DNS servers as forwarders by IP address, or to use only the root hints.  As I said above, it's perfectly acceptable not to have any forwarders as long as the Root Hints tab of the DNS management console is populated with the root server names and IP addresses (which it normally is by default).
0
 
AquatoneCommented:
It can work either way, providing the router will pass-on the queries for the clients, which doesn't seem to be doing in this case.
0
 
gerlisAuthor Commented:
Thank you.  So does that mean that the router is not working as it should?  That makes sense in that there is a new router supplied by the new ISP.
0
 
AquatoneCommented:
It may be working the way the ISP intended. Seems as if they want DNS traffic all going there way
0
 
Hypercat (Deb)Commented:
Alex, the old router may have been set up to forward DNS queries to the ISP whereas the new one is not.  It depends on how the ISP has set up the router.  I always request the ISP to set the router up in bridge mode and then I have my clients install a separate router behind the ISP's, so that we can control the filtering and firewalling.  If you don't have your own firewall or proxy server behind the ISP's router, then this probably isn't the case in your situation, so you don't have any control over how that router is configured.
0
 
gerlisAuthor Commented:
All appears to be working OK using the ISP's DNS servers.  Strange that I've always been OK just using the router.  I've just emailed the ISP to ask why this doesn't work with their router (or the way they have configured their router) and I'll post back and close the question.

Thanks
0
 
gerlisAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for hypercat's comment http:/Q_27381572.html#36925898
Assisted answer: 250 points for Aquatone's comment http:/Q_27381572.html#36919088
Assisted answer: 250 points for hypercat's comment http:/Q_27381572.html#36920155
Assisted answer: 0 points for gerlis's comment http:/Q_27381572.html#36942411

for the following reason:

All working fine now.  The ISP set there "locked" router to not get DNS dynamically.  Therefore I had to add the ISP's (or possible any other) DNS servers as a forwarder.  This is the first time I have had this issue so I was not really prepared for it.  Thanks for all the help and clarification.
0
 
gerlisAuthor Commented:
Sorry, I appear to have allocated the points incorrectly.  They were intended to be split equally between hypercat and Aquatone.
0
 
gerlisAuthor Commented:
All working fine now.  The ISP set there "locked" router to not get DNS dynamically.  Therefore I had to add the ISP's (or possible any other) DNS servers as a forwarder.  This is the first time I have had this issue so I was not really prepared for it.  Thanks for all the help and clarification.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 8
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now