DNS on Windows Small Business Server 2011 works, but not on clients. Help!

Friday, I reconfigured a sonicwall to use an AT&T modem in  bridge mode. Everything on the Sonicwall looks fine, and I'm not seeing any errors. When I connect to the Windows SBS 2011 server, everything seems fine, I can ping internal and external locations fine. When I go to the client computers, all XP professional, I can ping internally fine, external IPs fine, but external DNS is not working. I'm stuck like chuck on this one... looking at the IP settings on a client computer vs. the server, they're identical. What could be messing this up that I'm not seeing? Maybe something in Windows Firewall on the SBS that I need to look for? Is it just ironic or related that this happened at the same time I switched the DSL to bridge mode? Please help as soon as possible, and thanks!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
You mentioned that the client and server are the same settings, but that could mean they are both wrong. These machines should ONLY list SBS itself as the DNS server. If you added your ISP DNS settings, either manually, or via DHCP, you must remove them.

Brian PiercePhotographerCommented:
ALL Machines - including the Server should be the same .... the ONLY DNS server that any of them should have is the SBS server itself.
DNS should contain a forwarder to enable the SBS to resolve external domain names - typically the forwarder will either point at your router or your ISPs DNS server(s).
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Make sure that your SonicWall is _not_ delivering DHCP.
   + We set DNS0: on WAN port to point to SBS.

Make sure that DHCP has the following for Scope Options:
 Domain: YourDomain.Local
 Router: (SonicWall LAN IP)
 DNS Server: (Your SBS IP)

Make sure the SBS NIC has DNS0: Self IP (no ISP DNS servers here please).

Do not drop the ISP's DNS servers or OpenDNS servers anywhere except as an option in Forwarders for the Domain.Local Forward Lookup Zone.

Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

bayouexpertAuthor Commented:
Initially, I thought the above suggestions were my problem, and I then set it up as follows:

Server NIC:

Gateway: (sonicwall)

DHCP Scope option:
Router: (Sonicwall LAN)
DNS Server:
DNS Domain Name: hutchinsonmd.com
Wins/NBT Node type: 0x8
Name servers:

In the DNS settings, I have the two ISP DNS servers setup as forwarders, with Use Root hints if no forwarders are available checked.

DHCP is disabled on the sonicwall.

After verifying all of these settings earlier, I rebooted the server then the clients. No go.

At this point, I'm almost thinking there's going to be something screwing us up on the Sonicwall, just not sure what? I say this because I think we've covered just about everything on the server/client side.
bayouexpertAuthor Commented:
Ok, so here's a new finding... I just went to do nslookup, and despite what ipconfig /all tells me, nslook still shows as the name server (and of course times out). Where am I missing it on the client and/or server where this would be configured?
bayouexpertAuthor Commented:
Also, NSlookup on the server shows the correct address ( for DNS, it's only on the clients that it shows
bayouexpertAuthor Commented:
Apparently there was a registry key from a group policy that was setting the DNS... the thing is the group policy is not even active anymore, it looks like the key was just never deleted on the clients. The key that was screwing us up was HKLM>Software>Policies>Microsoft>Windows NT>DNSClient and there was a REG_SZ value with the incorrect DNS servers.This was a policy I setup up with I first set the domain up a long time ago and was playing around with different settings and as stated it's deleted from the DC now... but apparently the key stuck around on the clients. I've deleted the key from all clients and rebooted, and all is working fine now. Crazy stuff... I literally spent hours trying to find this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
And one most folks would not even consider since the settings are normally delivered via DHCP. :)

GPO delivery for DNS settings?

bayouexpertAuthor Commented:
Problem was due to a configuration error I made.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.