Re: DNS server not returning lookups
- From: "Harvey Colwell" <harveyc@xxxxxxxxxx>
- Date: Thu, 5 Oct 2006 09:05:22 -0500
I'm assuming that your DNS server is either (1 ) in a DMZ or (2) behind a
NAT firewall and your PC (works from the office) is on the LAN. I'm also
assuming that if this is an existing DNS zone, you've waited the 2 to 3 days
for the internet to realize that the domain is now being hosted on a new
server and that you've updated the DNS servers at the site the domain is
registered at (Network Solusions, Big Daddy , Register.com, etc).
General Info: Either UDP or TCP port 53 can be used when accessing a DNS
server, its up to the client that makes the request. The convention is that
UDP is used for normal queries, since the response will usually fit into a
single packet, there's not much change of data loss. Zone transfers, on the
other hand, use TCP since the response could take several packets.
(1) In a DMZ and assuming that the DNS server is using real (a.k.a.
non-private) IP addressing. Make sure that the Internet facing firewall
allows both TCP and UDP port 53 traffic back to the DNS server.
(2) Behind a NAT firewall. Make sure that you have a static NAT (or static
PAT) configured, mapping [one of] your external IPs to the IP of the DNS
server and that a firewall rule (access list) allows both TCP and UDP port
53 traffic .
Check the firewall logs to see if the external (from the clients) traffic is
being blocked. You could even install a packet sniffer (I suggest Ethereal,
now know as WireShark) on the DNS server to verify if the requests are
coming in.
Have the clients query your DNS server directly. This makes sure that they
aren't getting out-of-date information cached on their local PCs or on their
local DNS servers.
nslookup -query=any their_domain.com. your_nameserver.your_domain.com.
----------
Now then you did say that it was only failing from "some" of the your
clients. If this is the really the case, if some external clients can query
the information, then most likely your set up is OK, and the problem for the
other clients is on the clients side.
HTH
----------
Harvey Colwell
MCSE NT/2000/2003 +Security, CNE 3/4, LDP 5/6, CET, CCNA, CompTIA Security+
<Don't you just hate it when people show off!>
<foxj77@xxxxxxxxx> wrote in message
news:1160047018.893136.258650@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi there,
I've setup my DNS server so that it acts as a name server for some
domains we are hosting. Everything seems to be working fine from
within our office. Some of our clients are having a bit of trouble as
the server isn't returning any lookups to the.
After a bit of investigation i thought it may have been down to UDP
being blocked by the IP filter running on the windows 2003 box. I've
changed this to allow all UDP access on port 53 but it is still not
returning anything.
I am trying to test is from several places using Sam Spade to dig the
addresses from the nameserver. In one place it works fine (the office)
and from elsewhere Sam Spade says it is not responding when it tries to
connect to the name server.
I've had a look through the IP filter and there it looks like there is
nothing that could possibly be blocking it.
My colleague suggested that it could be down to sam spade using UDP to
query the name server but allowing UDP access doesn't seem to make any
difference.
Thanks, any help much appreciated.
John
.
- Follow-Ups:
- Re: DNS server not returning lookups
- From: foxj77
- Re: DNS server not returning lookups
- References:
- DNS server not returning lookups
- From: foxj77
- DNS server not returning lookups
- Prev by Date: Our Own DNS vs. GoDaddy's
- Next by Date: Re: DNS server not returning lookups
- Previous by thread: DNS server not returning lookups
- Next by thread: Re: DNS server not returning lookups
- Index(es):
Relevant Pages
|
