Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Server - EMERGENCY!

Status
Not open for further replies.
tduplantis

tduplantis

IS-IT--Management
May 9, 2001
32
US
Ok... I may not be in the right forum. But i figure this is a routing problem of some sort.

We rebuilt our DNS server a day ago and some of our sites are not able to reach it. These sites are all on the same class C(will call the 208 subnet), in multiple subnets. The DMZ network where the DNS resides is also on this class C range. We currently have 5 class c address ranges and this is the only one that is having the problem.

A little about our configuration:

The DMZ network sits OUTSIDE of the firewall, so that would put it in between the outside interface of our pix and our internet router.

I can ping the dns server from all of the routers on the 208 subnet. BUT, I can't ping the dns server from the devices behind those routers. Now, there have been no configuration changes with any of the routers or pix.. so I figure this has something to do with my configuration of the DNS server. The DNS server's default gateway is the internet router.

The start of the DMZ is lets say 134.32, the outside interface of the pix is 134.33, the dns server is 134.34 and the internet router is 134.62. I can ping 134.32 from just about anywhere in my network with the execption of the pix, the internet router and the dns server... it says host unreachable or invalid destination address.... any ideas??? do I have to add a route to my dns server to get this working properly?
 
Sort by date Sort by votes
Sounds like a routing issue. Did your previous DNS server have any static routes that might have pointed to those networks on the other side of your routers that you can't ping from.(Why I ask this question is that you said you rebuilt the box, and that is the only thing that has changed). Do you have any other servers in your DMZ that you can compare routing tables to the new DNS server? Can you perform a NSLOOKUP on something on the internet and return a non-authoratative answer from your DNS server?(Why I ask is that would tell me that it can communicate fine to the Internet). Does your internet router, which is the DNS server's gateway from how it sounds, have any routes to the networks past your other routers? Or it does it only have a default gateway to your ISP? Repost with these answers and I would be happy to help.
 
Upvote 0 Downvote
I'm not sure if the DNS server had any static routes. I failed to check that before I rebuilt it. There are no other servers on the DMZ... unfortunately!! Nslookup does return a non-authorative answer. The internet router DOES have routes to the other networks... in particular it has specific routes to each of the subnets on the 208 range. I believe it is a static route of some sort, but I am unsure which route to put...
 
Upvote 0 Downvote
got it... was as static route on the dns server. thanks!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
71
NavinNet
NavinNet
DarioMartin
  • Locked
  • Question
Possible DNS problem using Cisco 877
Replies
1
Views
70
DarioMartin
DarioMartin
dmourghen
  • Locked
  • Question
DNS queries with PBR
Replies
0
Views
62
dmourghen
dmourghen
Rockr41
  • Locked
  • Question
tftp server does not see html file
Replies
0
Views
60
Rockr41
Rockr41
disturbedone
  • Locked
  • Question
Not sending to Syslog server
Replies
3
Views
100
disturbedone
disturbedone

Part and Inventory Search

Sponsor

Back
Top