Windows 2000 DNS forwarding problem

[Dean Liao]

I have a Win 2k DNS server, which provides Intranet DNS service and
forwards domain name lookup request to upper level DNS server. The
configuration is like this:
DNS server IP: 192.168.0.254
DNS server's DNS: 192.168.0.254 (point to itself)

I also setup forwarding to upper level DNS according to books. The
problem is: the DNS server I built cannot resolve domain name outside
the Intranet, which should be resoloved by forwarding to upper level
DNS. All clients point to this server cannot resolve outside domain
name correctly. But those clients point to upper DNS could resolve
outside domain name (of course it cannot resolve Intranet's domain
name).

Now Intranet clients do not complain yet because they use only WWW to
go outside and the proxy server has correct DNS behavior (because I
set its DNS to upper level DNS rather than DNS server I built). But
anyway I must fix this DNS problem in case they want other services to
go out someday.

What's the possible misconfigurations or possible error that cause DNS
malfunction? Thank you in advance!

 

[Danny Sanders]

There is a section here on forwarding.
See:
How to: Configure DNS for Internet Access In Windows 2000

http://support.microsoft.com/default.aspx?scid=kb;en-us;300202

hth
DDS W 2k MVP MCSE

 

[William Leader]

I am expirencing similar problems. and have followed the steps listed on
support.microsoft.com. but I still can not resolve external names. My system
is behind a NAT router but the machine running DNS is the DMZ host so for
all practical purposes is not behind the router and is accessable to the
external network.

-Will

 

[Shane Brasher]

Hello All,

Does the routing device allow for UDP 53 through to the internet?
Does nslookup from the DNS server resolve to external queries?

Shane Brasher
MCSE (2003,2000,NT),MCSA Security, Network+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Dean Liao]

Thank you, Danny!
I've read this article. Actually, I've done the same procedure as the
article mentioned before.

Today, I tried to select "Do not use recursion" checkbox in the
"Forwarders" tab. It works! I think the problem is that I give the
wrong "Root hint information". The default "root hint info" is
InterNIC's root. However, my upper network is still an Intranet, not
Internet. So if "recursive lookup" is enabled in "forwarders" tab, it
may ask those root servers which do not exist in my upper Intranet.

Is that right that I remove all default servers in "root hint" tab if
I don't access Internet? Is that right that I just setup "Forwarders"
to my upper DNS server?

Thank you for your kindly help!

 

[William Leader]

I figured it out this morning and I feel pretty dumb about it. Turns
out the machine that was running the DNS and DHCP server (I know same
box bad) had IP filtering turned on, A few months ago I was fooling
around with it, and left it set to block all UDP traffic. Doh!

-Will

 

[ObiWan]

I figured it out this morning and I feel pretty dumb about it. Turns

out the machine that was running the DNS and DHCP server (I know same
box bad) had IP filtering turned on, A few months ago I was fooling
around with it, and left it set to block all UDP traffic. Doh!

Warning, be sure to allow DNS traffic on both UDP _and_ TCP
or you may experience some strange behaviour since some
DNS queries will be retried using TCP if their result doesn't fit
into a single UDP packet

* ObiWan