Re: Proper rules/procedures for setting up DNS/Default Gateways

From: GordL (gord_at_no.spam.eagleridge-home.com.spamX)
Date: 11/17/04 

Date: Wed, 17 Nov 2004 00:00:54 -0500

Hi David

Thank ou for your response. I appreciate your assistance.

"David Efflandt" <efflandt@xnet.com> wrote in message
news:slrncp5jp4.7rg.efflandt@typhoon.xnet.com...
> On Tue, 9 Nov 2004, GordL <gord@no.spam.eagleridge-home.com.spamX> wrote:
>> I run a small test network behind a hardware firewall (Sonicwall SOHO3)
>> where I test various software and hardware (some of it very obscure) with
>> the intention of learning what I need to know before rolling anything out
>> in
>> a mission critical production environment. I recently replaced my
>> 'server'
>> hardware (due to a motherboard failure) and my Internet proxy/mail server
>> (Midpoint Gateway) because Midcore Software seems to have disappeared.
>>
>> Here are the details of my setup. Please understand that I am not
>> soliciting opinions on my choices of software or hardware. These choices
>> were made within constraints that were both political and technical and
>> were
>> highly complex.
>>
>> Internet connection
>> Toshiba DOCSIS cable router connected to the WAN side of a Sonicwall
>> SOHO3
>> NAT firewall. The SOHO3 WAN port is a DHCP client as required by my ISP
>> but
>> the TCP/IP settings haven't changed for years. The LAN facing port of
>> the
>> SOHO3
>> is 192.168.1.2. The subnet mask is 255.255.255.252. The default gateway
>> is
>> blank
>> and DNS addresses are static but the same as the WAN side.
>>
>> Dual ported 'server' ( I have been given a lot of advice on this.
>> Unfortunately none of it seems to have worked.)
>> WinXP Pro Running Kerio WinRoute as a proxy
>> WAN-facing NIC is configured as IP 192.168.1.1 - SNM 255.255.255.252 -
>> DG 192.168.1.2 DNS same as above (ISP's semi-static DNS servers)
>> LAN facing NIC is configured as IP 192.168.10.1 - SNM 255.255.255.0 -
>> DG blank and DNS set to self (192.168.10.1)
>
> When I do DNS on myself, I use 127.0.0.1 for nameserver. But you seem to
> be using both your ISP's nameservers and yourself. Are you actually
> running a nameserver listening on 192.168.10.1 for yourself and the
> clients below?

No, I do not run a local DNS server. I wish to forward DNS quiries to my
ISP's DNS servers. As an 'aside' I have avoided using 127.0.0.1 for
everything as it is unclear to me which of my two network interfaces
(192.168.1.1 or 192.168.10.1) would be respondinng to the self-addressed
packet. If you can shed any light on this I would appreciate it.

>>
>> At various times I have been told to set up the DNS server address as the
>> "next hop" yet others have told me to use the ISP's real world DNS
>> servers
>> even on the clients and both interfaces on the dual ported server.
>
> You cannot just expect any router or PC to answer DNS requests on an
> interface if it is not running a nameserver (PC) or proxying DNS ("some"
> broadband routers).
>
>> I have been told to
>> remove and then later told to reinstall default gateways on both the
>> server
>> and client machines.
>
> The clients appear to have correct default gateway. Whether DNS is
> correct depends whether a nameserver answers on that IP.

A name server will only ever answer on my ISP's DNS server(s) but I have
lots of confusing things in between regardng DNS forwarding in the proxy and
the hardware firewall.
>
> The server itself in this case should NOT have a default gateway on its
> LAN interface, which you correctly show as blank. A default gateway
> should usually lead to the internet (and not to oneself).
>
> If you still sometimes have troubles, maybe it is from using a nameserver
> IP (particularly 192.168.10.1) that has no nameserver on it.

I think you are close here. If you are willing and able I can probably send
a sketch in MS Word or Visio of my network structure and would appreciate
any input.

Best regards
GordL

Relevant Pages

  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Permissions across 2 Forrest
    ... Primary DNS server on 1.x and the 18.x network along with DHCP and WINS. ... For instance ForrestA DNS is now a secondary for Forrest B and vise versa. ... WINS clients must use the same "WINS Database"* ...
    (microsoft.public.windows.server.active_directory)
  • Re: Still strange not fully working DNS server
    ... On none of the computers (both DC and clients) no firewall software is ... For the rest nothing happens in the DNS forward lookup zone. ... Is the new server Global catalog? ... The config you mentioned was not configured so I have configured ...
    (microsoft.public.windows.server.dns)
  • Re: Client installation frustration.
    ... not, apparently, any DNS lookup issues on my network. ... connection's addresses in DNS" and "Use this connection's DNS suffix in DNS ... is a file and print server that we have at one of our secondary sites. ... Is there any way to cancel all current requests to install clients? ...
    (microsoft.public.sms.admin)
  • Re: problem with xp clients and windows 2003
    ... We now have the cross cable running from the room's switch ... >> policy but logs into the server. ... >> aware that this is a DNS issue but I have TRIPLE checked the DNS ... >> If I do NSlookup from the problematic clients, ...
    (microsoft.public.windows.server.networking)