Unable to configure DNS and dhcp on a new DC server 2008 R2

Don't forget the ipv6 address!

DNS configuration is pretty straight forward. uninstall DNS role and reinstall it. Revert with outcome.

run dcdiag /test:dns and post the results.

as well post the results of ipconfig /all

this was a new install but i went ahead and reinstalled the os reinstalled the feautures and now dns is working. I still have a X when i go to roles for DHCP. But i do get an ip address and all the info needed so i dont get it. But i still cannot get online. Thought it was a dns issue but not sure anymore.

Let me explain what i have done. hopefully you guys can help. We have a sonicwall firewall here which was already here. We had an old 2k3 server that died, this is why i am installing the new one.

I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.

Not sure if the issue can be the firewall since i gave the new server the same ip address that the old one had. So firewall shouldnt be able to tell the difference (at least as far as access rules are concerned)

when i bypass the firewall and plug our dsl box directly to the switch (cisco small business managed switch) i still dont get online but when i give myself a static ip address provided by the ISP i get online.

Do you guys have any ideas on what can be the issue here?

Please help

I cannot get online even though the network icon on the system tray states "connected interenet access" I cannot ping anything external but i can ping everything internal.

This doesn't mean you can resolve internet addresses only that you have bandwidth.

do nslookup and see if you can resolve to ip

run a port scan to check the firewall from here click on proceed then all service ports. If you haven't done anything with the firewall after changing the server it's likely you need to change rules that no longer apply. I would start here.

Sounds like DHCP may be running on the Sonic Firewall, you need to check, if its the case turn it off and use DHCP on the 2008 server, you can't have two DHCP servers.

Here is the DCdiag test

C:\Users\Administrator>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DciDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DCIDC
      Starting test: Connectivity
         ......................... DCIDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DCIDC

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DCIDC passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : Deltronic

   Running enterprise tests on : Deltronic.local
      Starting test: DNS
         ......................... Deltronic.local passed test DNS

C:\Users\Administrator>

post the results of ipconfig /all

DjstraTTos,

can you walk me through adding the external dns forwarders?

Works2011,

Thanks for the info on bandwith!

I did a nslookup and got a dns request time out.  See below.

C:\Users\Administrator>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  ::1

> google.com
Server:  UnKnown
Address:  ::1

Name:    google.com
Addresses:  2001:4860:800a::8a
          74.125.137.113
          74.125.137.101
          74.125.137.138
          74.125.137.139
          74.125.137.100
          74.125.137.102

I added the ISP dns servers under the forwarders tab, They resolved.

Your network addressing doesn't seem right.

Let me start from the perimeter firewall: its internal IP address must be the Default Gateway of all servers and workstations. For example, if its IP address is 192.168.1.1 this is the DG you need to configure on the server (with correct subnet mask).

Before going further, you should be able to ping the DG and external IP addresses.

Then, on the server that will host the DNS you set its local IP address (192.168.1.10) as Primary DNS and nothing as secondary. And, at that point ou can add DNS role and follow the instructions of the wizard.

DHCP can also be configured on the same server (however there are some security considerations about having DNS and DHCP on the same server, please read the help when adding the DHCP role).

post the results of ipconfig /all

as I mentioned before, posting the results will help troubleshooting.

Spaperov,

firewall internal ip: 192.168.1.2
server: 192.168.1.10 (dns and dhcp also)

now we are getting online since adding the external dns server as the forwarders. But obviously when i try to ping anything external from a client machine or server i get "time out" which makes sense.

So its safe to say that it is a dns issue right? How do i get it so that i dont have to depend on forwarding to the ISP dns server?

oh sorry man, here you go.

Server

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Gigabit 2P I350-t LOM
   Physical Address. . . . . . . . . : D4-AE-52-A0-4F-EF
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e9ea:b64f:f7d9:f4cf%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.2
   DHCPv6 IAID . . . . . . . . . . . : 248819282
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CC-5F-17-D4-AE-52-A0-4F-EF

   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


Client machine

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : Deltronic.local
        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connecti
on
        Physical Address. . . . . . . . . : 00-16-76-02-4C-87
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.2
        DHCP Server . . . . . . . . . . . : 192.168.1.10
        DNS Servers . . . . . . . . . . . : 192.168.1.10
        Lease Obtained. . . . . . . . . . : Sunday, August 26, 2012 8:23:27 PM
        Lease Expires . . . . . . . . . . : Monday, September 03, 2012 8:23:27 P
M

You cannot stop depending on external DNs.
What you could do is to use your router's IP as a forwarder instead since this the device that actually forwards your requests to the internet via its wan interface.

looks like you have DHCP enabled on the firewall, I would turn this off and use DHCP on the server. Then on the servers DHCP configure scope options for DNS and router and I expect everything will work.

can you verify if DHCP is running on the Sonic Firewall? You can't have two DHCP servers with 2008 Server and it's why you get the error during installation. Turn it off and reinstall DHCP services on the server and setup the following scope options.

003 Router: ip address
006 DNS Servers: ip address
015 DNS Domain Name: domain.local

I do not have dhcp enabled on the firewall. I tripled check that. I have the scope any everything configured on the dhcp. I am getting ip's from the correct scope. When i do go to roles DHCP has an x but it is working and i see leases in it.

What test can i run from dhcp?

Forget my last post I didn't see that you confirmed DHCP wasn't running on the server however please check the scope options in DHCP.

From what I see everything is actually correct.  The client is getting the correct information from the DHCP server which is also the DNS.  You said the clients are able to connect to the internet now.  What's the problem?

For DNS resolution of external addresses, all your clients should only point to your internal DNS (which is what you have from the one sample we've seen), your DNS server will either use forwarders (pointing at your ISP's DNS or other public DNS servers) or root hint servers.  You asked about how to not "depend on forwarding to the ISP dns server" - your only options are to use a different public DNS server(s) as a forwarder(s) or to use root hint servers.  Which one do you want to do?  Is your root hint list populated?  By running "dcdiag /test:dns /v" you can verify if any of the root hints need to be updated, and they can be updated individually through the DNS Management console.

Finally for your DHCP, have you authorized the server yet?
http://technet.microsoft.com/en-us/library/dd145306%28v=ws.10%29.aspx

Ok I see what you mean about the forwarders but I don't understand why I cannot ping anything external from any machine?

I should be able to ping anything external.

I'll look at dhcp article now and yes it is authorized.

Agreed regarding the ping.  It's most likely that your SonicWall is blocking the traffic.  Do you allow all outbound traffic or do you have a specific rule to allow ICMP Echo Requests?

I will check the firewall and let you guys know today.

That got me online. And thanks for clarification on the pinging issue.