simple question

[edifreak]

Greetings,

I've installed a fresh copy of Windows 2003 SBS server and want to test out the features. I've setup dhcp, dns and ISA 2004 and for testing purposes, I've decided to run all of those in one machine. The clients are able to obtain an ip address from DHCP but I'm not having much luck pinging to external sites by domain names. From the server, I can ping sites but from the clients I'm able to ping only by ip address. I've checked the forwarders on the DNS and it seem to be pointing to the right place.

The dhcp scope options have my internal DNS server configured and I can ping my server by name internally.

What is that I'm doing wrong? I know it's something silly!

 

[gmail2]

What happens if you try to use nslookup on one of the client PC's - does it just say could not find domain whatever.com ? What DNS servers are assigned to your server? Maybe the server has a secondary DNS server which is resolving the host names - maybe it's not actually resolving them using it's own DNS? Have you tried doing an nslookup using the IP address that your internal DNS server forwards to for "All Other DNS Doamins"? Maybe the fault is with the server you're forwarding to rather than your internal DNS server? Are there any errors in your event log?

Maybe if you can let us know what DNS servers are assigned to your server, and where your server forwards it's DNS requests we could figure out a bit more.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[edifreak]

gmail, below are is the output for nslookup for the server

Default Server: srv-01.testdomain.com
Address: 192.168.2.250

And here is the output from my xp box

DNS request timed out. timeout was 2 seconds.
*** Can't find server name for address 192.168.2.250: Timed out *** Default servers are not available
Default Server: UnKnown
Address: 192.168.2.250


Looks like it can reach my internal dns? i can ping my server with the name "srv-01" from my xp box and i can ping the outside world by ip address.

Below are the ipconfig output's from both the xp box and the server

Windows IP Configuration

Host Name . . . . . . . . . . . . : srv-01
Primary Dns Suffix . . . . . . . : testdomain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : testdomain.com

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . : testdomain.com
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-05-18-0F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.250
Primary WINS Server . . . . . . . : 192.168.233.128

Ethernet adapter Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-0C-29-05-18-19
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.1.1.190
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.180
DNS Servers . . . . . . . . . . . : 10.1.1.180
61.88.88.88
10.1.1.180
Primary WINS Server . . . . . . . : 192.168.233.128
NetBIOS over Tcpip. . . . . . . . : Disabled



Below is my xp box output

Windows IP Configuration

Host Name . . . . . . . . . . . . : xp02
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : testdomain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : testdomain.com
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-C1-EC-64
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.250
DHCP Server . . . . . . . . . . . : 192.168.2.250
DNS Servers . . . . . . . . . . . : 192.168.2.250
Primary WINS Server . . . . . . . : 192.168.2.250
Lease Obtained. . . . . . . . . . : Tuesday, May 30, 2006 8:57:15 AM
Lease Expires . . . . . . . . . . : Thursday, September 07, 2006 8:57:15 AM


My DNS seem to have configured fine with the forward and reverse lookups. I'll delete them and redo to check if that makes any difference.

 

[edifreak]

also just a reminder. I've ISA 2004 configured. I doubt that would block the DNS requests?

 

[gmail2]

OK, so the DNS server is functioning properly on the server itself - but not on your clients, have I got it right? The reason why you can resolve internal names (such as the hostname of your server) is because the client is using broadcast to resolve it - it's not using your DNS server ... at least that's my educated guess. Can you telnet to 192.168.2.250 port 53 (just go to cmd prompt and type telnet 192.168.2.250 53 - if the screen goes black, then you can). I presume there's no firewall between the client and the server as you're all on the same subnet? It does sound like the DNS server itself is operating fine, but that the client cannot access it - which would probably indicate a network problem.

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau

 

[edifreak]

ok i cant telnet in to port 53. it failed to respond. the whole problem is fixed by having my ISP's dns server as the secondary dns configured for the client. i do not want to do that as i want the DNS forwarder to do the work.

i dont know how this could be a network problem as i can ping the sever fine and they are on the same subnet. i just dont know whether isa could be causing this?

 

[Marcs41]

Connection-specific DNS Suffix . : testdomain.com
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-05-18-0F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.250
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.2.250
Primary WINS Server . . . . . . . : 192.168.233.128

Is this a typo, or do you not have the default gateway set on the LAN side of the server? If not, do so!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[edifreak]

no i do not want to setup a default gateway cuz that's where the ISA server is installed. I dont want the server to get confused. Infact, that is the common setup procedure which is done during the installation. i also added a static route so my clients r visible.

what does that have to do with dns anyways?

 

[edifreak]

ok i just opened port 53 on isa server for traffic from Internal network+localhost to external. still no luck!

 

[Marcs41]

it has to do with DNS, because that is where the answer to the request will go to, to the DEFAULT GW. If it is another, you request gets lost, hence no answer.
Just put one in, 192.168.2.250 and see what happens.

I also don't see where it is 'common' procedure to use no default GW?!? It has nothing to do with your ISA since it is the LAN side.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[edifreak]

Marcs, I followed suggestions from Microsoft that you dont configure two default gateways on a server that has 2 Nic's

Below is an extract from the document I referred to

"You will need a permanent address and appropriate subnet mask for your internal network on the internal adapter (do not use DHCP on this interface). Always leave this default gateway blank. The ISA Server computer needs only one default gateway: the one that is configured on the external interface or interfaces. Configuring a default gateway on the internal adapter causes ISA to malfunction."

http://support.microsoft.com/default.aspx?scid=kb;en-us;323387

Also when you try to add one, win2k3 server will give you the same warning message saying you are about to configure two gateways.

So I'm not very sure about adding two gateways. I'll try it out when i get home. Thx for the tip.

 

[edifreak]

problem has been fixed. It was the ISA server all along!!!!

 

[Marcs41]

ok then, good for you.
I tend to avoid that thing, because of these 'issues'

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[edifreak]

Marcs, I completely understand what you mean... I just tried to do what you said and it works fine aswell. the problem is I just completely do not understand what exactly MS means by "ISA will malfunction". My guess is that it wont know which gateway to choose?! anyways, doesnt matter you guys deserve a star =)

 

[Marcs41]

Well, I am an MS fan, but I don't always take for granted what they says, especially for ISA! When it goes wrong, it can be a nightmare.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC![/sub]

 

[gmail2]

Sorry ... bet it seemed like I abandoned this question !! It just go so busy at work all week I wasnt' able to respond (makes you wonder if bank holidays are really worth it !!) ... glad you got it sorted in the end though

Irish Poetry - Karen O'Connor
Get your Irish Poetry Published
Garten und Landschaftsbau