• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 818
  • Last Modified:

DNS on Windows Small Business Server 2011 works, but not on clients. Help!

Friday, I reconfigured a sonicwall to use an AT&T modem in  bridge mode. Everything on the Sonicwall looks fine, and I'm not seeing any errors. When I connect to the Windows SBS 2011 server, everything seems fine, I can ping internal and external locations fine. When I go to the client computers, all XP professional, I can ping internally fine, external IPs fine, but external DNS is not working. I'm stuck like chuck on this one... looking at the IP settings on a client computer vs. the server, they're identical. What could be messing this up that I'm not seeing? Maybe something in Windows Firewall on the SBS that I need to look for? Is it just ironic or related that this happened at the same time I switched the DSL to bridge mode? Please help as soon as possible, and thanks!
0
bayouexpert
Asked:
bayouexpert
1 Solution
 
Cliff GaliherCommented:
You mentioned that the client and server are the same settings, but that could mean they are both wrong. These machines should ONLY list SBS itself as the DNS server. If you added your ISP DNS settings, either manually, or via DHCP, you must remove them.

-Cliff
0
 
Brian PiercePhotographerCommented:
ALL Machines - including the Server should be the same .... the ONLY DNS server that any of them should have is the SBS server itself.
DNS should contain a forwarder to enable the SBS to resolve external domain names - typically the forwarder will either point at your router or your ISPs DNS server(s).
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Make sure that your SonicWall is _not_ delivering DHCP.
   + We set DNS0: on WAN port to point to SBS.

Make sure that DHCP has the following for Scope Options:
 Domain: YourDomain.Local
 Router: 192.168.99.1 (SonicWall LAN IP)
 DNS Server: 192.168.99.254 (Your SBS IP)

Make sure the SBS NIC has DNS0: Self IP (no ISP DNS servers here please).

Do not drop the ISP's DNS servers or OpenDNS servers anywhere except as an option in Forwarders for the Domain.Local Forward Lookup Zone.

Philip
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
bayouexpertAuthor Commented:
Initially, I thought the above suggestions were my problem, and I then set it up as follows:

Server NIC:

IP: 10.100.1.10
Subnetmask: 255.255.255.0
Gateway: 10.100.1.1 (sonicwall)
DNS: 127.0.0.1

DHCP Scope option:
Router: 10.100.1.1 (Sonicwall LAN)
DNS Server: 10.100.1.10
DNS Domain Name: hutchinsonmd.com
WINS: 10.100.1.10
Wins/NBT Node type: 0x8
Name servers: 10.100.1.10

In the DNS settings, I have the two ISP DNS servers setup as forwarders, with Use Root hints if no forwarders are available checked.

DHCP is disabled on the sonicwall.

After verifying all of these settings earlier, I rebooted the server then the clients. No go.

At this point, I'm almost thinking there's going to be something screwing us up on the Sonicwall, just not sure what? I say this because I think we've covered just about everything on the server/client side.
0
 
bayouexpertAuthor Commented:
Ok, so here's a new finding... I just went to do nslookup, and despite what ipconfig /all tells me, nslook still shows 192.168.1.254 as the name server (and of course times out). Where am I missing it on the client and/or server where this would be configured?
0
 
bayouexpertAuthor Commented:
Also, NSlookup on the server shows the correct address (10.100.1.10) for DNS, it's only on the clients that it shows 192.168.1.254.
0
 
bayouexpertAuthor Commented:
Apparently there was a registry key from a group policy that was setting the DNS... the thing is the group policy is not even active anymore, it looks like the key was just never deleted on the clients. The key that was screwing us up was HKLM>Software>Policies>Microsoft>Windows NT>DNSClient and there was a REG_SZ value with the incorrect DNS servers.This was a policy I setup up with I first set the domain up a long time ago and was playing around with different settings and as stated it's deleted from the DC now... but apparently the key stuck around on the clients. I've deleted the key from all clients and rebooted, and all is working fine now. Crazy stuff... I literally spent hours trying to find this.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
And one most folks would not even consider since the settings are normally delivered via DHCP. :)

GPO delivery for DNS settings?

Philip
0
 
bayouexpertAuthor Commented:
Problem was due to a configuration error I made.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now