[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 250
  • Last Modified:

DNS Server Issues

Hello,
Needing some assistance, please. Long story short I setup a small domain/network for a friend of mine just over 2 years ago for a dentist office. Everything has been working great until a couple weeks ago when he send me a screenshot of a DNS issue on one of his client machines. Upon further investigation I discovered that the domain/dns server was unable to access the internet all of the sudden. The only way we can get internet access back is to hardcode the ISP's DNS servers. If I leave the server pointed to itself (the actual IP, not the loopback) I cannot access the internet.
DNS is a bit of a grey area for me and I'm kind of at a loss, and not sure what has changed that would have impacted something that had been working fine for the past couple years.
I'm using a Westell 7500 modem provided by our ISP/CenturyLink that is setup in bridge mode to the PPPoE connection to our SonicWall TZ100 firewall. Any ideas what I need to do to get my server seeing the internet again without having to hardcode the ISP's DNS? This is affected clients that are setup to grab the IP via DHCP as it's set to point the server IP, so on each client I've had to also hardcode the DNS information to the ISP's DNS servers.
Any ideas would be greatly appreciated. Again I'm not real familiar with DNS servers so I'm not sure if I can just recreate a zone or how I can verify/narrow down where the issue is.
Hoping someone might be able to steer me to the path of having a working DNS server again.
Thanks for your time!
0
bkdavis
Asked:
bkdavis
1 Solution
 
Mohammed KhawajaCommented:
Check DNS server setting and check the forwarder tab.  It might be forwarding request to a DNS server which may not exist or does not allow access.  What you could do is change the forwarder to the ISP DNS or you could use Root Hints.
0
 
BrandonProject Manager, IT Systems and Software DesignCommented:
BKDAVIS, try the suggestion above first. You say you're not DNS savvy so here is the way to do the above suggestion on a server 2008 box.

Open DNS Manager on the server (control panel>admin tools).
Right click your server's name and select properties.
Click the Fowarders tab and see what IPS are listed.
Enter your ISP's DNS entries here by clicking the EDIT button. Be sure to test each one to make sure they are working.
Make sure you UNCHECK the box that says "USE ROOT HINTS IF NO FORWARDERS ARE AVAILABLE"

I'd take the next step to restart the server if you can. Wait a few minutes after it starts up and try your internet.

Let us know if this works.
0
 
skullnobrainsCommented:
dns can either act as a proxy (when you set up forwarders) or as an actual dns server (when you use root hints)

if you use forwarders, check that they are available using "nslookup google.com FORWARDER_IP" on the dns server (most likely the DC in your case). if they are unavailable you have various possibilities : a firewall rule will not let the dns resolve dns queries, the forwarders are not up any more (try 8.8.8.8 or 4.2.2.2), or possibly your ISP blocked dns queries to all servers but it's own.

if you are using root hints, same as above (except for the unavailable server)

since you have a PPoE connection, your firewall should receive working dns servers from the provider. it seems safe to either set the clients machine to use the firewall, or even you dc to use it as a dns server

normally, you should not set anything up in the clients since they will receive dns settings through dhcp. you may bypass the DC by setting up working dns servers in the dhcp server's configuration but it is better to keep the default since some domain operation will not work properly otherwise.

--

then if you want to understand a little bit of dns operation

when you query A.B.C.com, using a regular A query, a recursive resolver will do the following
-> query root servers to get the dns server handling .com ( .com IN NS )
-> query that server to get the dns server handling .C.com
-> query that server to get the dns server handling .B.C.com
-> query that server to get the IP of A.B.C.com ( A.B.C.com in A )

forwarders only act as proxy and will just send the same query they receive to the upstream server.

most other DNS queries are handled in a very similar way : only the type of the last query differs (TXT, NS, ...)

PTRS are handled in the same way using a hack :
if you query ( 1.2.3.4 in PTR )
the server resolves 4.3.2.1.in-addr-arpa
in-addr-arpa is a stub zone for PTR operation, and PTRs (reverse queries) can hence be handled using the same algorithm as A (forward) queries
0
 
bkdavisAuthor Commented:
Thank you so much for your suggestions and prompt reply. This seemed to work and we are back in business!!
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now