DNS servers issue and how to properly configure it

Posted on 2015-02-06
Medium Priority
Last Modified: 2015-02-06
We have about 20 clients mostly running Win7.  The server machine runs WinSBS2003.  It manages computers, users and the file server...not much else.  The Router is an ASUS RT-N66U.  This same model router served us for about 2 years then quit about 4 months ago.  I installed another one of the same make and model.  About 4 weeks ago our ISP informed me that they had new DNS servers.  Our router is our local DNS server and holds the DNS IPs.  I checked it and found that it already had the new DNS IPs.  Well, about a week ago we lost internet and I discovered that the problem seemed to be DNS.    Our DNS configuration was setup about 7 years ago before I was much involved in it and knew even less than I know now.  The client computers have been pointing to the server machine for DNS, i.e. in TCPIP properties, preferred DNS is the IP of the server machine.  I believe the server has been pointing to itself as preferred DNS.  I'm told that the server's DNS management utility is the right place to manage DNS, but our router has been doing most of that.  The router has DHCP as well.  The router is the default gateway.  It does actually seem strange to me that the computers' DNS point to the server rather than to the router, seeing it's the router that holds the DNS IPs.  But it's worked for 7 years so we don't argue with success... or do we?

Now back to last week's problem.  I found that when I entered the DNS server IPs directly as preferred and alternate DNS for each computer that the computers accessed internet websites OK.  So that's how I have it now.  But then yesterday I got to thinking about it, and for one test computer I entered the the IP of the router (default gateway) in as the preferred DNS.  That also works.  But I wonder if I'm using a bandaid.  

To add to the confusion, the Android phones quit connecting to wifi.  For some of them, if we set Static IP on we can then enter the DNS IPs into DNS1 and DNS2.  And then it works.  But not all of them work even by doing that.  The iphones work just fine with no change whatsoever.  Anyway we want guests to be able to connect to wifi using only the wifi key.  

But more to the point, what changed?  The original configuration has worked for 7 years including the last 4 months since replacing the router.  What happened differently a week ago?  So that's my issue.
Question by:Josh Christie
LVL 35

Accepted Solution

it_saige earned 1400 total points
ID: 40593865
You want your clients to point to your server for DNS and not the router (preferrably, they would also get their addresses from the server via DHCP as well, but that is another topic).  There are many reasons why this is true.

First, from a network browsing standpoint and in the simplest terms, the clients (and server) need to be able to, essentially, build a map of the network landscape.  This map is normally stored (depending upon your setup Workgroup vs. Domain, installed services, etc.) in two or more locations (usually WINS, DNS, ARP, NBT, etc.).  The unfortunate part is that the router cannot build this map internally.  This means that now your clients have to resolve everything and resolving a computer on the network takes time because the query for the target client is sent out to the DNS servers of the ISP and not your internal DNS server.

Second, from a troubleshooting standpoint, it is easier to determine the cause of communication failures on your network.  By having the DNS hosted on the server, you only need to ensure that the server can communicate with the internet which allows for you to troubleshoot communications related errors from a host out perspective rather than from a router/ISP in perspective.  If the server can communicate with the internet, then the client should be able to (so long as it is configured properly).  Otherwise, you troubleshoot why the server cannot communicate with the internet.

Finally, from an best practices standpoint, this is the recommended (and intended purpose) of these services.

As for what changed, most likely the server has the ISP's old DNS servers set in it's configuration (from the sounds of it, on the NIC and not in the DNS forwarders as per best practices).  First, you need to recheck the NIC settings to ensure that the server's IP address (and only the servers IP address unless you have multiple internal DNS servers) is listed as the Primary DNS server.One one of my DNS servers, I has other internal DNS servers set as primary and secondary, but it's own address is used in the DNS resolution list.Then in the DNS Management Console (dnsmgmt.msc I believe), ensure that your DNS server is set with the ISP's DNS Servers as the current DNS Forwarders (I would also add googles public DNS servers [ and] to the list for failover purposes).Capture.JPG
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 600 total points
ID: 40593900
What you need to do is go to your DNS server configuration on the server, go to properties, click on Forwarders and enter your ISPs DNS servers here.  This will result in your Windows server forwarding requests it cannot resolve to your ISP.

Author Closing Comment

by:Josh Christie
ID: 40594219
Thanks It Saige and Mohammed.  You both had the right answer.  It Saige, your rationale and graphics were impressive.  I realize now that it indeed how it was before.  I had just forgotten that the DNS IPs were in there and how to get there.

Expert Comment

ID: 40594244
DNS should return results for external queries also if you don't define forwarders. As long as you have "root hints" servers defined, it should work.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question