ICS DNS Proxy problem

[landau351]

I have a Win2k ICS Host and several Win98 clients.

The ICS Host is multihomed. A cable modem connects to my
ISP, a 10/100 MB Lan card connects to a switch (where the
clients also connect).

If i attempt to "ping www.yahoo.com" from a client I see
the incoming DNS request arrive on the ICS HOST, the DNS
Proxy then forwards it to the external ISP's DNS but I
never get a response !

I can type the exact same query on the ICS Host itself
(from a "cmd" window) and the external DNS responds as
expected.

How do i diagnose what is going wrong ? Is it possible tha
the ICS DNS proxy is mistakenly leaving the internal
192.168.0.x address in the request ? I thought the proxy
would replace the source IP address with the external IP
address as allocated by the ISP.

What tracing/tracking can be done to see if the request is
malformed?

I used AnalogX PacketMonitor to see the TCP traffic.
-cheers landau351

 

[Marc Reynolds [MSFT]]

Hi,

You could take network monitor traces on the external NIC of the ICS host
while the client attempts to resolve a name. In the trace you will be able
to see the source IP the ICS host uses and what (if any response it
receives from the ISP DNS).

As a test, have you tried pointing to a different DNS server?

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

 

[landau351]

Marc,
Thanks for looking, I ran the Packet Monitor on both the
internal NIC and the external cable modem (its USB) and
watched both windows. I see the packet that is being sent
to the ISP DNS but I don't know how to decode it (barring
the obvious "www.yahoo.com").

I shall try ythe same thing on theit secondary DNS. Is it
possible that this will work ? I only ask as I can send
the exact same ping from the ICS host to the same external
DNS and it gets an instant reply. Nothing from the clients
ever works. IE, ping etc all get no response, but only from
the clients. Same programs work as expected on the Host.

-cheers landau

 

[landau351]

Marc,
Thanks for the tip. When i tested i had the packet
monitor open with 2 windows. One for the internal NIC,
one on the external cable modem. I could see the packet
come in from the client, and relayed though to the cable
modem. I don't know how to decode the packet (except for
the ascii text "www.yahoo.com", so am unsure what is in it.

I shall try the secondary DNS as an alternative 2nite

-cheers landau351

 

[Marc Reynolds [MSFT]]

Hi,

Ok that tells us that the ICS Host is sending the query, now you need to
look to see if the DNS server responds to the query and if it responds with
an answer or an error.

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------

 

[landau351]

Marc,
I have replied before, but the replies are not working.
Anyway, last night I checked the external cable modem link
with the TCP Packet Monitor on the ICS Host whilst sending
the 'ping' from the Win98 client. I am surprised to see
that the packet header (when sent to the external DNS)
contains, as a source TCP address;
192.168.0.1

This is the internal IP address of the ICS Host. The
destination address is correctly setup, so the packet
appears to be sent to my ISP's DNS server. Of course that
server will dump my packet as it has no way of identifying
a machine from internal addresses. How do I diagnose why
the ICS DNS/NAT didn't fully modify the packet to contain
my proper external IP address as the 'source' IP ?

-cheers landau

P.S. In the past I have used various hardware and NICS to
connect to the internet, including external and internal
dial-up modems. Is it possible that somehow ICS assumes
that this is a 'real' IP address ?

Do you know what registry settings apply here ? Could
this be a broken routing table issue ?

 

[david l]

Marc,
This is what the Packet Monitor saw, My Internal NIC (192.168.0.1) sending
DNS queries to both my ISP's DNS servers. No replys to any request at either
external DNS.

Protocol Source IP Source Port Dest IP
Dest Port Size

UDP 192.168.0.1 53 198.142.0.51
53 59
UDP 192.168.0.1 53 203.2.75.132
53 59
UDP 192.168.0.1 53 198.142.0.51
53 59
UDP 192.168.0.1 53 203.2.75.132
53 59
UDP 192.168.0.1 53 198.142.0.51
53 59
UDP 192.168.0.1 53 203.2.75.132
53 59
UDP 192.168.0.1 53 198.142.0.51
53 59
UDP 192.168.0.1 53 203.2.75.132
53 59
ICMP 210.50.86.120 -
210.49.210.232 - 92
ICMP 210.50.86.120 -
210.49.210.232 - 92

 

[landau351]

Marc,
Answer below;

-----Original Message-----
Hi,

Ok that tells us that the ICS Host is sending the query, now you need to
look to see if the DNS server responds to the query and if it responds with
an answer or an error.

Thanks,
Marc Reynolds
Microsoft Technical Support

. Reply (E-mail) Forward (E-mail)


Marc,
This is what the Packet Monitor saw, My Internal NIC
(192.168.0.1) sending
DNS queries to both my ISP's DNS servers. No replys to any
request at either
external DNS.

Protocol Source IP Source Port Dest IP
Dest Port Size

UDP 192.168.0.1 53
198.142.0.51
53 59
UDP 192.168.0.1 53
203.2.75.132
53 59
UDP 192.168.0.1 53
198.142.0.51
53 59
UDP 192.168.0.1 53
203.2.75.132
53 59
UDP 192.168.0.1 53
198.142.0.51
53 59
UDP 192.168.0.1 53
203.2.75.132
53 59
UDP 192.168.0.1 53
198.142.0.51
53 59
UDP 192.168.0.1 53
203.2.75.132
53 59
ICMP 210.50.86.120 -
210.49.210.232 - 92
ICMP 210.50.86.120 -
210.49.210.232 - 92