DNS servers issue and how to properly configure it

We have about 20 clients mostly running Win7.  The server machine runs WinSBS2003.  It manages computers, users and the file server...not much else.  The Router is an ASUS RT-N66U.  This same model router served us for about 2 years then quit about 4 months ago.  I installed another one of the same make and model.  About 4 weeks ago our ISP informed me that they had new DNS servers.  Our router is our local DNS server and holds the DNS IPs.  I checked it and found that it already had the new DNS IPs.  Well, about a week ago we lost internet and I discovered that the problem seemed to be DNS.    Our DNS configuration was setup about 7 years ago before I was much involved in it and knew even less than I know now.  The client computers have been pointing to the server machine for DNS, i.e. in TCPIP properties, preferred DNS is the IP of the server machine.  I believe the server has been pointing to itself as preferred DNS.  I'm told that the server's DNS management utility is the right place to manage DNS, but our router has been doing most of that.  The router has DHCP as well.  The router is the default gateway.  It does actually seem strange to me that the computers' DNS point to the server rather than to the router, seeing it's the router that holds the DNS IPs.  But it's worked for 7 years so we don't argue with success... or do we?

Now back to last week's problem.  I found that when I entered the DNS server IPs directly as preferred and alternate DNS for each computer that the computers accessed internet websites OK.  So that's how I have it now.  But then yesterday I got to thinking about it, and for one test computer I entered the the IP of the router (default gateway) in as the preferred DNS.  That also works.  But I wonder if I'm using a bandaid.  

To add to the confusion, the Android phones quit connecting to wifi.  For some of them, if we set Static IP on we can then enter the DNS IPs into DNS1 and DNS2.  And then it works.  But not all of them work even by doing that.  The iphones work just fine with no change whatsoever.  Anyway we want guests to be able to connect to wifi using only the wifi key.  

But more to the point, what changed?  The original configuration has worked for 7 years including the last 4 months since replacing the router.  What happened differently a week ago?  So that's my issue.
Josh ChristieAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You want your clients to point to your server for DNS and not the router (preferrably, they would also get their addresses from the server via DHCP as well, but that is another topic).  There are many reasons why this is true.

First, from a network browsing standpoint and in the simplest terms, the clients (and server) need to be able to, essentially, build a map of the network landscape.  This map is normally stored (depending upon your setup Workgroup vs. Domain, installed services, etc.) in two or more locations (usually WINS, DNS, ARP, NBT, etc.).  The unfortunate part is that the router cannot build this map internally.  This means that now your clients have to resolve everything and resolving a computer on the network takes time because the query for the target client is sent out to the DNS servers of the ISP and not your internal DNS server.

Second, from a troubleshooting standpoint, it is easier to determine the cause of communication failures on your network.  By having the DNS hosted on the server, you only need to ensure that the server can communicate with the internet which allows for you to troubleshoot communications related errors from a host out perspective rather than from a router/ISP in perspective.  If the server can communicate with the internet, then the client should be able to (so long as it is configured properly).  Otherwise, you troubleshoot why the server cannot communicate with the internet.

Finally, from an best practices standpoint, this is the recommended (and intended purpose) of these services.

As for what changed, most likely the server has the ISP's old DNS servers set in it's configuration (from the sounds of it, on the NIC and not in the DNS forwarders as per best practices).  First, you need to recheck the NIC settings to ensure that the server's IP address (and only the servers IP address unless you have multiple internal DNS servers) is listed as the Primary DNS server.One one of my DNS servers, I has other internal DNS servers set as primary and secondary, but it's own address is used in the DNS resolution list.Then in the DNS Management Console (dnsmgmt.msc I believe), ensure that your DNS server is set with the ISP's DNS Servers as the current DNS Forwarders (I would also add googles public DNS servers [ and] to the list for failover purposes).Capture.JPG

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
What you need to do is go to your DNS server configuration on the server, go to properties, click on Forwarders and enter your ISPs DNS servers here.  This will result in your Windows server forwarding requests it cannot resolve to your ISP.
Josh ChristieAuthor Commented:
Thanks It Saige and Mohammed.  You both had the right answer.  It Saige, your rationale and graphics were impressive.  I realize now that it indeed how it was before.  I had just forgotten that the DNS IPs were in there and how to get there.
DNS should return results for external queries also if you don't define forwarders. As long as you have "root hints" servers defined, it should work.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.