ISP unknowingly does DNS migration

Our ISP changed their DNS records in the router we use with without us knowing and we were unable to reach the Internet. When we contacted them, they stated that we should have been informed a month before through email which we never were. We changed our SonicWall to match the new DNS records but we were still unable to consistently go o the Internet. We would always go back to an ISP splash page.

At this point our ISP stated there was nothing else they could do as we could connect going directly through the router. We tried changing our two internal DNS servers Forwarders to our new ISP DNS records and still could not connect. The old DNS Forwarders had been in there for years and we did not even recognize them but they always seemed to work.  What finally solved it was we used Google's DNS servers of 8.8.8.8 and 8.8.4.4 and put them in the router, the firewall and the DNS forwarders.  

Our question is do the DNS forwarders always have to match the Firewall and the DNS records in the router and shouldn't the ISP have informed us and assisted also?
regsampAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don ThomsonCommented:
While the ISP should have been more pro-active in letting you know about the changes (Like sending a reminder a few days before the new DNS servers went active) most ISP who do this - leave the old DNS servers in place for a period after the new ones go live - or forward the old DNS ips to the new ones and and monitor any traffic coming to the old ones.  

That said - we have always set the router's DNS to the first IPS DNS and the second one to the Google DNS Servers (Or if the Router will handle a third DNS entry - then we put the 2 ISP DNS IPs in and add the Google ones.

If you are using a Hardware firewall on the client side  of the router- We just point the DNS entries to the Internal IP of the router - same with DNS forwarders.  That way you only have to change the DNS IPs  on one device.

If you are using the Server as your DHCP - then you can use DHCP on the Workstations and they will pick up the proper DNS from the router. IF you are doing Static IPs on the Workstations then you should do the following on the DNS records on the workstations:
Server IP
Router IP
Google IP (Options but it doesn't hurt to put it in.
0
regsampAuthor Commented:
Okay, I see the logic and doing those steps so you only have to change it on one device. We have a LAN DHCP server that is also our primary DNS servers. We are currently using Google 1 and 2 entries as our DNS records on the router, the firewall behind the router on the client side and the Forwarders on the two DNS internal servers.

After our ISP not even informing us we are hesitant to even use their DNS servers.
0
Jan SpringerCommented:
Quit forwarding and act as your own resolver.

If you have your own DNS server, use it as primary and an external alternate (i.e., Google) as secondary.

And, make sure that your inside devices get your DNS records via DHCP and not those of your provider.
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Don ThomsonCommented:
We normally use the ISP's DNS Servers until we start harving the types of problems that you are having.  I've seen ISP's DNS servers go down several times but I've never seen Google's DNS server off line.

A good test is to identify a web page that is as far from you as possible (Australia or Hong Con.

Using the ISP dns server as you first choice - open a cmd box and ping the remote web by both Name and by IP
Note the average and maximum return values.  do a -n 50  at the end of the ping to get a better average.

Then change to the Google DNS server as your primary - Do the same ping test and compare the two.

If one is significantly lower use that one.  Run the check once every month or two,
0
regsampAuthor Commented:
"If you have your own DNS server, use it as primary and an external alternate (i.e., Google) as secondary.

And, make sure that your inside devices get your DNS records via DHCP and not those of your provider."  

Our inside machines do get the DNS records from two Windows servers and from a DHCP server. We are a small Windows Network.  Okay, I will do those tests as far as the ping. That sounds like a good idea.
0
regsampAuthor Commented:
"If you have your own DNS server, use it as primary and an external alternate (i.e., Google) as secondary." I am not sure how to do this. Do you have a link I could follow?
0
Jan SpringerCommented:
In your DHCP configuration, you have the option of specifying DNS servers.  That's where I was suggesting that you put your preferred DNS servers as opposed to using your provider's.
0
regsampAuthor Commented:
Under DHCP/Scope Options/DNS Servers? We just have listed our internal DNS servers listed there.
0
Jan SpringerCommented:
Perfect.  Is forwarding turned off?  Your DNS servers should provider recursion and not forward the queries.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
regsampAuthor Commented:
No, forwarding is still turned on. When we took over this network it was already set up with them and we never had a problem for years until our ISP did a migration. Now that they are on Google's 8.8.8.8 and 8.8.4.4 we are working again.
0
Jan SpringerCommented:
If you turn off forwarding and act as your own resolver, you don't have to rely on your provider.
0
regsampAuthor Commented:
Okay, we will strongly consider that. We are just using the Google ones for now but maybe we will turn them off. Thank you for the help.
0
regsampAuthor Commented:
Great detailed responses. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.