jasonslogan
asked on
Outgoing DNS not resolving
I have a system where none of the windows servers can resolve dns. I've turned off the firewall completely. I am helping out a friend who has just taken over IT for this company.
I added a windows 2008 R2 to the domain but after I ran dcpromo it could no longer resolve ip addresses. Internal DNS server is started but it can't see root servers or forwarders.
I can't find a group policy that has anything to do with dns on the domain. I'm wondering if some how someone changed the outoing dns port but only on the servers. The workstations all resolve names just fine.
I icon in the systray for a network connection shows a yellow exclamation point because it can't get the net. nslookup doesn't work either. It shows the local dns server but it won't resolve anything. I can ping IPs on the net.
I added a windows 2008 R2 to the domain but after I ran dcpromo it could no longer resolve ip addresses. Internal DNS server is started but it can't see root servers or forwarders.
I can't find a group policy that has anything to do with dns on the domain. I'm wondering if some how someone changed the outoing dns port but only on the servers. The workstations all resolve names just fine.
I icon in the systray for a network connection shows a yellow exclamation point because it can't get the net. nslookup doesn't work either. It shows the local dns server but it won't resolve anything. I can ping IPs on the net.
Are you using forwaders or root hints to resolve internet queries? What do you mean it can't see forwarders?
Thanks
Mike
Thanks
Mike
ASKER
nslookup doesn't resolve any dns from localhost or an external dns server like the ones that I use as forwarders. I tried googles and opendns'.
It's as if the udp port 53 is not really what it's trying to connect to. 53 is not being blocked because, as I said before, the firewall is off.
It's as if the udp port 53 is not really what it's trying to connect to. 53 is not being blocked because, as I said before, the firewall is off.
are you able to ping external IP's? what does ipconfig /all show?
ASKER
ipconfig /all shows everything normal including the dns servers. I am able to ping any ip just not connect on port 53 on dns servers.
This is ridiculous. There is nothing blocking anything. I know it started when I promoted it so I think it's a group policy but I can't find that either in the list.
This is ridiculous. There is nothing blocking anything. I know it started when I promoted it so I think it's a group policy but I can't find that either in the list.
Do you have the root zone in your DNS (the ".")? If so, remove that.
What the root zone does it tell DNS you are authoritative for all DNS resolution. Not even forwarders or root hints will work.
What the root zone does it tell DNS you are authoritative for all DNS resolution. Not even forwarders or root hints will work.
ASKER
I don't have the . root zone. I've done that before 14 years ago and learned that lesson.
Lol, I think we all have been caught at some point.
Do any of the tests from the DNS console work? Recursive, non-recursive?
Do any of the tests from the DNS console work? Recursive, non-recursive?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
None of this worked so it led me to the switches but they weren't blocking port 53. Which led me to the router/firewall. It was blocking 53 outgoing.
Super.
nslookup www.google.com. 8.8.8.8
That should come back with a handful of IP addresses.
If not, check the Internet firewall and make sure that both TCP port 53 and UDP port 53 are allowed out.