DNS problem

[Guest]

When I put my DNS server's address at the top of the list in IP settings of
my Proxy server no one can access the Internet. If I take it out or move it
to the bottom of the list they can access Internet fine. I think the problem
is my DNS server thinks it is authoritative for the Internet when it should
only be authoritative for my internal network. Does this sound llikely and/or
how do I fix it?

 

[Andrei Ungureanu]

check if you have a "." (dot) zone in your dns server. If you have delete
it.

 

[Guest]

I have a "." in Cahed Lookups only. None in Forward Lookup Zones.

 

[Enkidu]

When I put my DNS server's address at the top of the list in IP settings of
my Proxy server no one can access the Internet. If I take it out or move it
to the bottom of the list they can access Internet fine. I think the problem
is my DNS server thinks it is authoritative for the Internet when it should
only be authoritative for my internal network. Does this sound llikely and/or
how do I fix it?

Your problem is a common one. You need to ensure that the DNS is set
up as follows:

1) All clients reference *only* the internal DNS. This includes the
DNS server itself and the proxy server.

2) The DNS should not have a "." zone as someone mentioned.

3) The DNS server should have forwarders set to an Internet DNS
server, probably your ISP's DNS server.

4) All machines should have as gateway the machine that connects to
the Internet (your proxy server?).

The way that this works is as follows: all machines that need to look
up an IP address internal or external look at the setting for DNS in
their network setup. All machines find the internal DNS server. They
therefore query the internal DNS server.

If the address is internal the internal DNS server is able to resolve
it. If the address is external, it uses the forwarders to query the
Internet DNS servers for the IP address of the Domain Name required.
The Internet DNS servers reply to the internal DNS server and this
replies to the client.

When the client receives the IP address it is able to construct the IP
packets necessary. It starts to put the packets on the network. If
they addressed are locally that is all that happens, and the packets
don't leave the network.

If they are addressed to an Internet address the packets are put on
the wire and sent to the gateway device, your proxy, which sends them
on out into the Internet.

Cheers,

Cliff

 

[Guest]

Thanks for all the info. I will check into it. However I need to clarify one
thing. Our proxy server is connected to a firewall which is connected to the
Internet. Currently the gateway for the LAN machines is listed as the
firewall not the proxy server. Is this correct?

 

[Guest]

I need to clarify one thing. Our proxy server is not our gateway. We have a
firewall which is the gateway. Does this change any of your instructions?

Lamar

 

[Enkidu]

Thanks for all the info. I will check into it. However I need to clarify one
thing. Our proxy server is connected to a firewall which is connected to the
Internet. Currently the gateway for the LAN machines is listed as the
firewall not the proxy server. Is this correct?

I'll have to pass on this one. I started to write questions about your
setup several times. Basically it depends on your network setup and
what exactly the proxy proxies! If it is a web proxy, then all
*browsers* should point at it. If it proxies everything it is a sort
of firewall in itself. I'm not too familiar with proxies.

Cheers,

Cliff