Wingate doing external query with local domain name appended

[C C]

Hello,

Please forgive me if this is not the appropriate group for my post.

I'm running Wingate 6.+ for all our Internet gateway. We have
an Exchange Server 2000 which uses Wingate to send mail
directly to the outside world for Internet email. I notice on
the gatekeeper activity that the Exchange server sometimes
has a long queue on port 53.

I looked at the log and this bugged me: the log shows
attempts to query entries with the local LAN domain
name appended to irresolvable queries (bogus QDN
from spammers). Attempt to query an unreachable domain
always ends up with Wingate appending our local domain
name.

How can I prevent this.

Thanks in advance.

Here is some configuration Info:
Exchange server (inside our LAN):
Default Gateway is the Wingate Server
Primary DNS points to our Internal DNS server
Secondary DNS points to the Wingate Server
Wingate Server Windows Network TCP/IP properties:
Internal NIC:
No default gateway
DNS points to our Internal DNS server
External NIC: (ISP's)
Default gateway is the router upstream.
DNS points to our ISP's Primary and Secondary servers
In Wingate gatekeeper DNS Resolver service:
DNS points to our ISP's Primary
Also in the "Advanced Options" for Wingate,
I added our Internal DNS server.

If any other information is needed, please let me know.

Thanks in advance for your help.

 

[Kevin D. Goodknecht Sr. [MVP]]

Hello,

Please forgive me if this is not the appropriate group for my post.

I'm running Wingate 6.+ for all our Internet gateway. We have
an Exchange Server 2000 which uses Wingate to send mail
directly to the outside world for Internet email. I notice on
the gatekeeper activity that the Exchange server sometimes
has a long queue on port 53.

I looked at the log and this bugged me: the log shows
attempts to query entries with the local LAN domain
name appended to irresolvable queries (bogus QDN
from spammers). Attempt to query an unreachable domain
always ends up with Wingate appending our local domain
name.

How can I prevent this.

Take it from me, I've been using Wingate since 1997, you must configure you
network settings as below.

Thanks in advance.

Here is some configuration Info:
Exchange server (inside our LAN):
Default Gateway is the Wingate Server
Primary DNS points to our Internal DNS server
Secondary DNS points to the Wingate Server

Remove the secondary DNS that points to Wingate all DNS must go through the
AD server.
Using the Exchange system manager, Expand to the Default SMTP virtual
server, click on its properties, Select the Delivery tab, Click the Advanced
button,, Next to "Configure external DNS servers" click the Configure
button, Enter the IP of the Wingate server.

Wingate Server Windows Network TCP/IP properties:
Internal NIC:
No default gateway
DNS points to our Internal DNS server
External NIC: (ISP's)
Default gateway is the router upstream.
DNS points to our ISP's Primary and Secondary servers

Remove both ISP's DNS servers on the external NIC and enter the internal DNS
address.

Right click on Network places, choose properties, in the Window that opens,
Advanced menu, select "Advanced settings" move the internal NIC to the top
of the connections list, and make sure File and Printer sharing and client
for Microsoft Networks is bound only to the internal NIC.

In Wingate gatekeeper DNS Resolver service:
DNS points to our ISP's Primary
Also in the "Advanced Options" for Wingate,
I added our Internal DNS server.

On the local DNS server, using the DNS management console click on the
properties of the server, Forwarders tab, configure the IP of the Wingate
server as the forwarder.

 

[C C]

Kevin,

We did this. Somehow, gatekeeper is showing a long queue of DNS queries
from our Internal DNS server with same domain name it is trying to query.
Something is definitely wrong.

This morning our ISP disabled our T1 because our Wingate requested "a
million queries" in an hour! I removed wingate as the forwarder in our
Internal dns server, and disabled recursion. I don't know if that helps.

 

[Kevin D. Goodknecht Sr. [MVP]]

Kevin,

We did this.

You did what?

If you do not remove Wingate address from all NICs, this will continue.

Here is what you posted.
Here is some configuration Info:
Exchange server (inside our LAN):
Default Gateway is the Wingate Server
Primary DNS points to our Internal DNS server
Secondary DNS points to the Wingate Server<-------You cannot use
this.


External NIC: (ISP's)
Default gateway is the router upstream.
DNS points to our ISP's Primary and Secondary servers<---Remove
Do not use any DNS other than the local DNS on any NIC in any position.


Somehow, gatekeeper is showing a long queue of DNS

queries from our Internal DNS server with same domain name it is
trying to query. Something is definitely wrong.

Sounds like a DNS loop to me, did you clear the Wingate resolver cache?
Your DNS server will not forward any queries if it has a zone for that name,
what are the domains in the DNS suffix search list? (Post ipconfig /all)

This morning our ISP disabled our T1 because our Wingate requested "a
million queries" in an hour! I removed wingate as the forwarder in
our Internal dns server, and

disabled recursion<---Where did you do this? (Advanced or Forwarders tab)