How to confirm the ISP bloking my DNS server  query

Hazem Badr
Hazem Badr used Ask the Experts™
on
HI Experts


i am trying to add Secondary Forward and Reverse DNS Zone for another Domain but can't resolve the Second server FQDN and ZONE can't load giving Red-X, zone transfer allowed for any server,

i am doing same for another server and its working good


I am trying to build 2 way Trust relation ship between different domain both are server 2012r2


Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Have you verified that you have network connectivity between the two domain controllers?  What kind of network connection is between them?  Since you're referencing your ISP, are you trying to do this over an untrusted public network?


Typically, you would set up a conditional forwarder on each end of the connection, forwarding DNS queries for the remote domain to the remote domain controller.  Also typically, this would be done over a secure, private network.  If you're going over the Internet, then you're going to introduce a lot of complexity due to firewalls and network address translation.

Author

Commented:
yes i am going using public IP, don't have Firewall or VPN

conditional forwarder done from one but can't from another in that case i think ISP blocking the DNS Query  for my IP that we leased from him

also if try Nslookup from local network its working fine and can resolve anything

but if use nslookup  server  ip_server    from out side the network  

> server myIP
Default Server:  myIP.ISP
Address:  MYIP

> google.com
Server:  myIP.ISP
Address:  myIP

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to myIP.ISP timed-out
>
That might just mean that recursive queries are disabled on the DNS server.  Depends on how you're configured.

Could try setting server 4.4.4.4 and see if you can resolve a name.
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Author

Commented:
Disable Recursion is unchecked in both server

and From where need to check 4.4.4.4
Start a command prompt and then enter nslookup.

type server 4.2.2.2 and press enter.

Then enter some addresses such as www.google.com or www.npr.org and see whether you get replies.

Author

Commented:
Untitled.png
OK, it appears that your ISP is allowing DNS queries.

Author

Commented:
i am talking about allow DNS queries from out side network to My DNS Server
OK.  Do you have your DNS server published through your firewall?

What kind of firewall do you have?

Author

Commented:
no firewall
Then you're probably using the device provided by the ISP, in which case it probably does not have your DNS server published.

You need to create a NAT rule that publishes UDP 53.

Author

Commented:
you mean in the ADSL router ?
Yup.

If you have a server on the inside that you want to be reachable from the outside, then you need to set up a NAT rule and make sure the traffic is allowed by the firewall (if any).

DNS runs on UDP 53, and you need the IP address of your server.  Then you set up a NAT rule to publish UDP 53 on <server_ip>.

Author

Commented:
ok I will check and update you soon

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial