Re: DNS forwarders

Tech-Archive recommends: Speed Up your PC by fixing your registry

"Russ Allen" <RussAllen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:83B70E97-5273-4576-8525-78643E6A4C2E@xxxxxxxxxxxxxxxx
The lookup fails. I guess that something from the internal network to the
DMZ
is blocking the resolution. THanks for the help.



Sure. You can move forward to the next router etc
and try again, but chance are the "next router" is the
firewall you said was running DNS and working just
fine.

You MIGHT try forwarding from the internal DNS to
the firewall DNS which forwards successfully.

Test carefully. You don't want to stack up TOO MANY
forwarders but it's impossible to quantify that ("too many")
without testing.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]


"Herb Martin" wrote:

"Russ Allen" <RussAllen@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E2831437-ECDB-4922-A7C4-1BE7289986FA@xxxxxxxxxxxxxxxx
Good morning all, I have a situation I need some to excel at!!!!

I have 2 DCs that are set to forward DNS queries that they can't
resolve.

Can you use NSLookup from the CONSOLE of those two
DNS servers to make direct, explicit queries of the forwarders
theya re set to use?

nslookup www.google.com IP.Address.External.DNS

The first DNS server works fine (This is a firewall DNS). The two other
DNS
servers are Windows 2003 std boxes. They are both configured as
secondary
zones and my diagnostic shows that these two forwarders are
unresponsive.

They are NOT "forwarders" (as you have describe it -- they
are FORWARDING to other servers which are the forwarders.

It's confusing terminology but the DNS server on which you
make the setting for forwarder(s) is NOT the forwarder.

The actual "forwarder" doesn't even 'know' (in some real sense)
that it is the forwarder -- other DNS servers forward TO IT.

These two servers sit in a DMZ and don't contain any of our inside dns
records.

By doing the direct NSLookup with the explicit addresses
of these two (DMZ) forwarders you will be able to determined
if the internal machines can route to them OR if something (e.g.,
the firewall) is blocking their requests.

I am kind of at a wall here. Any suggestion for me, thanks


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]





.

Relevant Pages

  • Re: DNS + Forwarders
    ... forward from a site that doesn't have it's own internet service to a DNS ... As to forwarders I agree again. ... The two DCs in head office are the main DNS servers. ...
    (microsoft.public.win2000.dns)
  • Re: Windows 2003 SP1 AD DC DNS fails to resolve multihomed A record using Forwarder
    ... We have multiple forwarders listed and only ... Isn't Windows 2003 ... IP addresses listed in DNS so that we can use round robin; ... These servers also forward queries to the ISP DNS servers. ...
    (microsoft.public.windows.server.dns)
  • Re: slow DNS response time
    ... > I removed the forwarders, thus using our Windows 2003 DNS servers to ...
    (microsoft.public.win2000.dns)
  • Re: [opensuse] *Help* Am I under some kind of attack??
    ... have to do with the number of forwarders in his definition. ... they are DNS servers my daemon interrogated. ... the first request for the address but subsequent request were rejected ...
    (SuSE)
  • Re: Forworders or Root Hints?
    ... root hints and forwarders are methods of doing this. ... As long as it isn't my internal DNS I'm fine with that, ... internal network)" You can have your own Cache only DNS server without ...
    (microsoft.public.windows.server.dns)