Windows 2000, Winproxy and DNS

[Benign Vanilla]

My setup...

Windows 2000 Server running IIS, SQL Server 2000, and DNS for a small
development LAN. Second machine is running Windows 2000 workstation and runs
only Winproxy, acts as a firewall. The firewall PC is setup with Winproxy's
DNS turned on. The Windows 2000 server has DNS running, with a forwarder to
the firewall. All clients, XP, have the firewall configured as the gateway,
and the local server as the DNS server.

This mostly works.

We have some developers using the IIS server, and host headers. So our
customer web sites are www.domain.com, and our development versions of the
sites are accessible only internally using host headers based on our
internal domain, such as www.domain.xyz, where xyz is the name of our local
domain.

All clients use IE settings that point to the firewall for proxy, and are
set to ignore proxy settings for local addresses.

We have found that when users publishing across the firewall from the xyz to
the com, the connections are going through the firewall to hit both the
local server as well as the internet prod server. You can imagine the slow
downs, headaches, problems and timeouts that we are having.

How can I resolve this?

 

[Kevin D. Goodknecht [MVP]]

In

My setup...

Windows 2000 Server running IIS, SQL Server 2000, and DNS for a small
development LAN. Second machine is running Windows 2000 workstation
and runs only Winproxy, acts as a firewall. The firewall PC is setup
with Winproxy's DNS turned on. The Windows 2000 server has DNS
running, with a forwarder to the firewall. All clients, XP, have the
firewall configured as the gateway, and the local server as the DNS
server.

This mostly works.

We have some developers using the IIS server, and host headers. So our
customer web sites are www.domain.com, and our development versions
of the sites are accessible only internally using host headers based
on our internal domain, such as www.domain.xyz, where xyz is the name
of our local domain.

All clients use IE settings that point to the firewall for proxy, and
are set to ignore proxy settings for local addresses.

We have found that when users publishing across the firewall from the
xyz to the com, the connections are going through the firewall to hit
both the local server as well as the internet prod server. You can
imagine the slow downs, headaches, problems and timeouts that we are
having.

How can I resolve this?

The proxy settings do not change DNS so I'm having a problem with what you
are saying.
Bypass proxy for local addresses just means that, for the addresses in the
bypass proxy setting will use the gateway instead of the proxy. Have you
defined the local addresses in the bypass proxy settings?
You have to manually enter these addresses with a semicolon between them,
like *.domain.xyz; *.domain2.xyz; *.domain3.xyz also if you are using
FrontPage Webs these must be entered into the bypass proxy setting even if
the sites are not local.
You can define these settings in the group Policy, which makes it a lot
easier to get these to the clients.
If you don't do this you can't authenticate to the local servers and
FrontPage servers and it will be really, really slow.

 

[Benign Vanilla]

The proxy settings do not change DNS so I'm having a problem with what you
are saying.
Bypass proxy for local addresses just means that, for the addresses in the
bypass proxy setting will use the gateway instead of the proxy. Have you
defined the local addresses in the bypass proxy settings?
You have to manually enter these addresses with a semicolon between them,
like *.domain.xyz; *.domain2.xyz; *.domain3.xyz also if you are using
FrontPage Webs these must be entered into the bypass proxy setting even if
the sites are not local.
You can define these settings in the group Policy, which makes it a lot
easier to get these to the clients.
If you don't do this you can't authenticate to the local servers and
FrontPage servers and it will be really, really slow.

<snip>

Kevin, thanks for your response. I have tried setting *.xyw, and www.*.xyz
in the proxy ignore settings, but then the sites are not reachable at all. I
figured with this setup, the local DNS would/should/could resolve it and
would provide the site, but that does not work. This is why I am stuck. I
can't get past this.

--
BenignVanilla
www.iheartmypond.com

Do you want to supplement your income
with a stay at home job, AND help the
environment?

Check www.AMothersDream.com

 

[Kevin D. Goodknecht [MVP]]

In

<snip>

Kevin, thanks for your response. I have tried setting *.xyw, and
www.*.xyz in the proxy ignore settings, but then the sites are not
reachable at all. I figured with this setup, the local DNS
would/should/could resolve it and would provide the site, but that
does not work. This is why I am stuck. I can't get past this.

Does your ipconfig /all verify that only the internal DNS is being used by
the clients?
Do not use the Proxy DNS in any position on internal Client or server
ipconfig. You can only forward to the proxy DNS from the internal DNS.
If bypassing the proxy gets unreachable, verify the gateway and that NAT is
properly installed and configured.

What proxy server are you using?
Does it have its own NAT?

 

[BenignVanilla]

Does your ipconfig /all verify that only the internal DNS is being used by
the clients?
Do not use the Proxy DNS in any position on internal Client or server
ipconfig. You can only forward to the proxy DNS from the internal DNS.
If bypassing the proxy gets unreachable, verify the gateway and that NAT is
properly installed and configured.

What proxy server are you using?
Does it have its own NAT?

<snip>

Kevin,

Again thanks for your continued responses.

I have verified that all clients are pointing only to the local DNS. And
that DNS has a forwarder to the proxy machine, with no recursion. I am using
Winproxy as my proxy server, and I have bumped it to NAT for testing. So far
same results. I am double checking everything tonight, so I can be sure I am
not mis-stating the config.


--
BenignVanilla
www.iheartmypond.com

Do you want to supplement your income
with a stay at home job, AND help the
environment?

Check www.AMothersDream.com