Cannot only access internet via IP address

[bigdavelamb]

Hi, I have in Win2003 server plugged into a switch, in this switch I have two routers. I wish to go out to the internet on a specific router, but when I use this one as my gateway I can only access the internet via IP address, I have DNS installed on this server but I have forwarders setup on it, which are my ISP dns servers. When I change the gateway address to the my second router I can access the internet via IP and by domain name, in otherwords perfectly.

I am at a loss - any ideas anyone?

Cheers,
dave

 

[ChrisAC]

Do both your routers connect to the same ISP or different providers?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[bigdavelamb]

Hi, Different providers

 

[ChrisAC]

So, when you are using the router that works okay, is your DNS server set to forward to that ISPs DNS server? You have two ISPs so which one's DNS servers are you using?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[bigdavelamb]

In DNS I have set the DNS forwarders to be the ISP's of the router which is the one I wish to use and cannot get out on. However I tried using alternative DNS servers as forwarders but makes no difference.

dave

 

[ChrisAC]

If the second router works then DNS must be working from the server and if you can connect by IP on the first router then connectivity to the ISP must be okay so it looks like DNS isn't getting past the first router.

Can you ping the ISPs DNS servers through the first router? What happens if you do an nslookup via the first router? Does that router have any kind of filtering/firewall in place?

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[bigdavelamb]

Hi Chris, I am not really familar with nslookup. I ran it however via the first router. And got the errors below (i have only 127.0.0.2 set as dns server in the network card:

C:\Documents and Settings\Administrator>nslookup
Default Server: localhost
Address: 127.0.0.1

> 212.21.96.20
Server: localhost

I then set the dns servers in the network card is the ISPs two dns servers, ran nslookup again and got:

C:\Documents and Settings\Administrator>nslookup
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 212.21.96.18: Timed out
Default Server: UnKnown
Address: 212.21.96.18

There do not seemto be any filtering in place (i am using NAT).

Cheers.
dave

 

[bigdavelamb]

Chris, I can ping both dns servers as well, by the way.

 

[bcastner]

Do you have port forwarding enabled on DNS (TCP & UDP 53) and RPC (135) to your local DNS server IP on both routers?

 

[bigdavelamb]

I have not set any port forwarding on either router

 

[ChrisAC]

The DNS server that I believe that you are forwading to dosn't seem to accept recursive requests from outside of it's own network.

> server 212.21.96.20
Default Server: ns2.inband.network-i.net
Address: 212.21.96.20

>

http://www.tek-tips.com

Server: ns2.inband.network-i.net
Address: 212.21.96.20

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns2.inband.network-i.net timed-out
> server 212.21.96.18
DNS request timed out.
timeout was 2 seconds.
Default Server: [212.21.96.18]
Address: 212.21.96.18

>

http://www.sun.com

Server: [212.21.96.18]
Address: 212.21.96.18

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to [212.21.96.18] timed-out
>


It is common for ISPs to do this so that users outside their network cannot put load on their DNS servers by sending recursive requests. Or, you are using the wrong DNS servers.

[chris@uranium chris]$ dig @212.21.96.20

http://www.sun.com

; <<>> DiG 9.2.1 <<>> @212.21.96.20

http://www.sun.com

;; global options: printcmd
;; connection timed out; no servers could be reached

Looking at the name servers for network-i.net, the ones listed are not the ones you are using (212.21.96.18 and 212.21.96.20). They have ..

NS1.NETWORK-I.NET 212.21.121.131
NS2.NETWORK-I.NET 212.21.121.133

So, try using these servers instead as they seem to respond to requests. Of course, if you have your own DNS server then you don't really need forwarders anyway. Can't a Windows DNS server resolve domains without having to forward the recursive request to another server?

Chris.








**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[bigdavelamb]

Hi Chris, I tried to use these dns servers but to no avail. My DNS server does not really have any entries in, and is only running as this server is a domain controller, as far as I was aware in domain controller running active directory had to have dns running.

Cheers.
dave