SBS 2011 DNS Issues

We have a Small Business Server 2011 implementation with 8 PCs.  All of our users could not get on sites like fedex.com or ups.com.  Most other sites were fine, but when we browse to UPS or Fedex, it redirects to an obviously spoofed Google page with spammy ads.   I change the default DNS settings at the client to point to Google's 8.8.8.8 DNS server and that seemed to fix the problem at the client, but I am worried about the server.  

I ran virus scans on the client and server and did not find any viruses.  SBS 2011 is the DNS server for the network, so I am concerned that something is wrong there.  What steps can I take to fix the DNS settings on the server?
dtervoAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cliff GaliherConnect With a Mentor Commented:
I suspect your server is fine, but you have some DNS poisoning going on.

First thing is first. Client PC's should *always* only point at AD domain controllers for DNS. Otherwise things like security memberships and group policies will begin to fail. So undo the changes you made. If SBS is your only server then it should be the only DNS listing on the client (SBS's DHCP scopes set this up by default, so if you changed from DHCP to manual, simply switch back.)

Secondly, on the SBS server, open the DNS Server snap-in (under Administrative tools) and set up DNS forwarders. Use known "trusted" servers. Google DNS is not a bad choice, nor is OpenDNS. This is where I suspect the problem came from. You likely have ISP DNS servers now, and not all ISPs are good about protecting from poisoning.

Finally, flush the server's DNS cache once you've made the change and retest a known "bad" site from a client machine. If the problem appears resolved then your server was not the issue, but your DNS forwarders (ISP, etc) were and you've taken them out of the loop.

Good luck.

-Cliff
0
 
BelushiLomaxCommented:
First-off, dont point a DC to a public DNS server. It opens you to dns exploits which you may have.

Clean that up to where it only points to your isp or another inter Non-AD Integrated DNS server and restart the dns services and ipconfig /flushdns. Then consider a tool like hijackthis to get some insight to your bho's etc. Also, check your hosts file and make sure it's ok.

run a dcdiag /c /v /f:dcdiag.txt and search for and copy/paste the Error and Warning items
0
 
GeodashCommented:
What are your DNS forwarders pointed to?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.