Link to home
Start Free TrialLog in
Avatar of cargex
cargex

asked on

What is preventing my DNS Server from contacting the Google DNS Server as a forwarder?

Hi Guys,
I have a Windows domain, and my 2 domain controllers are Windows Server 2012 R2, with DNS running on both servers to resolve for the local domain and with my ISP DNS server as forwarder.

This has been working fine for at least 3 years and today I just found out that the ISP forwarders are not answering my DNS calls, I can ping to the IP of the ISP DNS Server but they just don’t resolve DNS calls. I suspect they have reconfigured their server to not resolve public requests or something.

I thought no problem I will use Google’s public DNS Servers so I proceeded to add 8.8.8.8 as a forwarder but unfortunately, it just says “unable to resolve” mmmhh, unable to resolve the forwarder IP?

If I run in the server the following command I get the errors below …

C:\>nslookup - 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  8.8.8.8

www.google.com
Server:  UnKnown
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    www.google.com
Address:  216.58.219.132

>

But if I run the same command from my laptop then it contacts the 8.8.8.8 Server and resolves fine.

Facts:
I have not changed the firewall configuration; it is the same.
I have not changed the Windows Server Domain Controller Configuration; it is the same.

My question:
What is preventing my DNS Server from contacting the Google DNS Server as a forwarder?

Thanking you in advance,
Cargex
Avatar of Joseph Hornsey
Joseph Hornsey
Flag of United States of America image

It could be your ISP is blocking this, but I doubt it.  What firewall are you using?

On a separate note, why are you using a forwarder?  It's unnecessary on Windows servers as they automagically foward to the root DNS servers.
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Won't be ISP if the laptop can do it. I'd go with firewall, selective blocking... I appreciate you've said nothing changed, but if nothing changed it would work, right?

Have you tried TCP? The "set vc" option in nslookup does that.
nslookup
server 8.8.8.8
set vc
www.google.com

Open in new window

That you can ping rules out anything to do with routing.
If it's a Cisco firewall (i.e., ASA), you'll want to get reconfigure the packet inspection for DNS... get rid of the preset map.
Avatar of cargex
cargex

ASKER

Thank you Adam.
I change my DNS Ethernet configuration in the DC to point to itself, restarted the server and that solve the problem.