Int & Ext DNS - Forwarders failing

J

Johnny76

Hi
I have internal DNS set to point to 2 IP forwarders
beyond our firewall. We own the 2 DNS servers we are IP
forwarding too and the Internet on them is working
perfectly. Internal DNS was working perfectly for months
but did need the odd reboot of server and/or services
restart now and again.
However now even though the firewall (dns traffic isa
permitted always has been (tcp & udp) and i can ping the
ip forwarders(2 ext dns servers) from internal dns server
i can't resolve dns queries internally. In nslookup
getting dns request timed out and the web is therefore
dead! Please help. why if i have connectivity between
int and ext dns servers is the ext working fine but the
int box can't resolve anything.

Help!
 
K

Kevin Goodknecht

In
Johnny76 said:
Hi
I have internal DNS set to point to 2 IP forwarders
beyond our firewall. We own the 2 DNS servers we are IP
forwarding too and the Internet on them is working
perfectly. Internal DNS was working perfectly for months
but did need the odd reboot of server and/or services
restart now and again.
However now even though the firewall (dns traffic isa
permitted always has been (tcp & udp) and i can ping the
ip forwarders(2 ext dns servers) from internal dns server
i can't resolve dns queries internally. In nslookup
getting dns request timed out and the web is therefore
dead! Please help. why if i have connectivity between
int and ext dns servers is the ext working fine but the
int box can't resolve anything.

Help!
Click to expand...

Internal can't resolve anything? Not even Authoritatively?
I guess that since you have forwarding enabled having a root "." forward
lookup zone is out of the question. If recursion is not disabled on the
Advanced tab, then you might recheck you firewall rules.
 
M

Michael Johnston [MSFT]

From your internal DNS server can you NSLOOKUP to the external DNS servers? Try this, open a command prompt on the DNS server and type nslookup
and press enter. Ignore any timeout errors. It should default to itself and show at least the IP of the DNS server. Type "server IP" where IP is the address of
one of the forwarders at the ISP and press enter. Now query for an Internet name like www.microsoft.com. Does this resovle? If not, then I'd suspect your
firewal is the culprit. If possible, take a trace on the internal interface of the firewall and the external interface of the firewall while making DNS queries from your
DNS server for Internet names. Do the traces show DNS traffic succesfully going through and returning through the firewall?

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DNS Forwarding Not Work 2
DNS + Forwarders 10
DNS forwarding loop 0
DNS forwarders 4
Forwarders & Firewall Ports 4
Question on DNS Forwarders 7
Configure Forwarders 1
Mail forwarders stop working when they feel like it 7

Top