new firewall = internal DNS not working anymore

Posted on 2012-09-06
Last Modified: 2012-09-11
Hey everyone

I recently put a new firewall in place (a sonicwall tz215) and everything went pretty well--DHCP, internet, etc working, but one thing that went wrong was the DNS no longer worked. It looks like it's the internal DNS server, because when I ping internal servers from inside the network, I get weird external addresses (instead of 192.168.*.*, it's 8.8.something.something.

Anyone have any idea what might be going on here?

Thanks for the input!
Question by:sdcox72
    LVL 2

    Assisted Solution

    Please check diagnostic test dcdiag /test:dns... Is it reporting any error?
    LVL 17

    Assisted Solution

    Check the dhcp scope on the new firewall, make sure it's assigning the internal dns ip, if not set it, then make sure you have a DNS forwarder to an external DNS like your ISP's dns or dns server).
    LVL 38

    Assisted Solution


    A firewall/router providing DHCP will by default try to support DNS. It will not register/host the MSDCS records for domain services (hosing up authentication, replication and other domain features)..

    Disable DHCP on your firewall/router and put it on a windows based server with all the scope options set correctly. If you already have a Windows server hosting DHCP, it will need to be stimulated after you disable DHCP on the firewall/router. A rogue DHCP server will knock down a windows based DHCP server.
    LVL 19

    Assisted Solution

    by:Miguel Angel Perez Muñoz
    You must use your internal DNS server to resolve external IP address. Configure DHCP server to lease IP using internal DNS and add a forwarder on your DNS:
    LVL 17

    Accepted Solution

    He doesn't have to switch from the SonicWALL to a server for DHCP.  If you're using the Enhancec OS on your TZ215 then you can setup DHCP to forward DNS to your internal servers.  Leave DHCP on the firewall and point DNS in the firewall to your internal DNS servers.

    Author Comment

    Thanks for the assistance guys -- as it turns out the firewall was dropping packets from the DNS server because it considered it an IP spoof attempt b/c of a miswired switch. Ugh, what a pain.


    Author Closing Comment

    Just giving you all split points based on your willingness to give me help. Thanks again.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
    Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now