Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1697
  • Last Modified:

SBS 2011 DNS Issues

We have a Small Business Server 2011 implementation with 8 PCs.  All of our users could not get on sites like fedex.com or ups.com.  Most other sites were fine, but when we browse to UPS or Fedex, it redirects to an obviously spoofed Google page with spammy ads.   I change the default DNS settings at the client to point to Google's 8.8.8.8 DNS server and that seemed to fix the problem at the client, but I am worried about the server.  

I ran virus scans on the client and server and did not find any viruses.  SBS 2011 is the DNS server for the network, so I am concerned that something is wrong there.  What steps can I take to fix the DNS settings on the server?
0
dtervo
Asked:
dtervo
1 Solution
 
BelushiLomaxCommented:
First-off, dont point a DC to a public DNS server. It opens you to dns exploits which you may have.

Clean that up to where it only points to your isp or another inter Non-AD Integrated DNS server and restart the dns services and ipconfig /flushdns. Then consider a tool like hijackthis to get some insight to your bho's etc. Also, check your hosts file and make sure it's ok.

run a dcdiag /c /v /f:dcdiag.txt and search for and copy/paste the Error and Warning items
0
 
Cliff GaliherCommented:
I suspect your server is fine, but you have some DNS poisoning going on.

First thing is first. Client PC's should *always* only point at AD domain controllers for DNS. Otherwise things like security memberships and group policies will begin to fail. So undo the changes you made. If SBS is your only server then it should be the only DNS listing on the client (SBS's DHCP scopes set this up by default, so if you changed from DHCP to manual, simply switch back.)

Secondly, on the SBS server, open the DNS Server snap-in (under Administrative tools) and set up DNS forwarders. Use known "trusted" servers. Google DNS is not a bad choice, nor is OpenDNS. This is where I suspect the problem came from. You likely have ISP DNS servers now, and not all ISPs are good about protecting from poisoning.

Finally, flush the server's DNS cache once you've made the change and retest a known "bad" site from a client machine. If the problem appears resolved then your server was not the issue, but your DNS forwarders (ISP, etc) were and you've taken them out of the loop.

Good luck.

-Cliff
0
 
GeodashCommented:
What are your DNS forwarders pointed to?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now