Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Setup Help

Status
Not open for further replies.
GeorgeTuk

GeorgeTuk

IS-IT--Management
Jan 11, 2009
110
GB
Hi guys,

I think I have confused myself but my Domain Controller no longer accesses the internet but this has meant that parts of Exchange 2007 OWA aren't working.

Can anyone suggest the settings? Should the first DNS server of the DC be external?

Thanks
 
Sort by date Sort by votes
No, it shouldn't be external, it'll just break things for an AD domain.

Check your Forwarders if you have any set?

To check the forwarders:

1. Open the DNS Console
2. Right click on your server and select Properties
3. Select the Forwarders tab
4. For each IP listed there (if any) run:

nslookup IPAddress

e.g.

nslookup 4.2.2.4

That will check to see if the name servers you're using are responding. If they are not, remove them then try:

nslookup
You may need to flush your server cache first. That can be done from the DNS server console by right clicking on the server and selecting Clear Cache.

By default your server will use Root Hints (see Root Hints tab), which is more effort than Forwarders but should work. If it does not, you need to check network access to see if your server is allowed to send outbound UDP on port 53.

If it does work with Root Hints, but not with your forwarders you have a few choices:

1. Raise the issue with the forwarder host (your ISP?)
2. Find new forwarders
3. Continue using Root Hints

HTH

Chris
 
Upvote 0 Downvote
There are no forwarders set so I guess is the issue. Because I did mostly secure internal networks before this is a bit new for me.

So for forwarders could I use my ISPs server DNS? Its 195.216.16.65 and they are called Star.

Thanks
 
Upvote 0 Downvote

Yep, those would do. I would have to suspect a network issue if it's failing to resolve with root hints (normally just too much blocked).

Anyway, if you set the Forwarders to your ISPs DNS servers, then try again?

Chris
 
Upvote 0 Downvote
I think your right there TeflonJim, since it is actually on a hosted server locked down to currently only allow Port 80 and 443 traffic.

What ports should I be looking to unlock to get the DNS through?
 
Upvote 0 Downvote

UDP Port 53 (outbound only). If you're using Forwarders, only to the Forwarders, if you're using Root Hints, to everywhere.

Chris
 
Upvote 0 Downvote
two cents...
If you use forwarders, use two to your ISP's DNS servers and a couple to other ISP's servers..more then once I had the providing ISP change/break their DNS servers for a period of time.


........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
Open DNS
right-click the name of your DC on the forwarders tab should be the IP addresses of the ISP's DNS Servers. Try that and then see if you can reach
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
314
suncit
suncit
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
236
gbaughma
gbaughma
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
337
fredmartinmaine
fredmartinmaine
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
105
DrB0b
DrB0b
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
112
on3mansh0w
on3mansh0w

Part and Inventory Search

Sponsor

Back
Top