DNS Server/Internet Issues
Hello folks, Looking for a little light on a problem that has me stumped.
We have a Server 2003 DNS server thats been setup for a while and it is on the same server of the DC. We've recently made some changes to our firewall structure and now the DNS server itself cannot access the internet. So here are the questions. The server
is behind a router/firewall. Should I set the DNS forwarders to the IP address of the of the router/firewall or should I forward them directly to the DNS servers from the ISP? Also, what should I set the IP settings of the server itself to? Gateway is router's
IP address, but should the DNS be the server's own IP address? Should I leave it blank?
If there's no clear answer here I can go into more detail... Thanks
August 31st, 2011 12:36pm
So here are some comments..
Who should the DNS forward to? You have basically two options... 1) allow the DNS server to use its root hints which means that it will query the internet root servers, or forward to another DNS set of servers, such as your ISPs, but it can be any
other set of DNS servers that will answer your server's recursive queries. If your router runs DNS services, you could forward to the router, but I dont see the advantage. I think this will just slow down the name resolution process.
IP settings of the DNS server? Unique IP on the subnet, correct subnet mask, and configure the gateway address. The DNs server's gateway should be your internet router (based on your description).
TCP/IP Client DNS settings? Yes, you could point the DNS server to itself for DNS. that is fine. Do not leave it blank. if you do, DNS server services are not affected, but client dNS services on that system will be. For example,
if its blank and you log into that server locally, open a web browser and try to access the internet, you won't. Why.. because you configured the server's OS with no DNS setting. The fact that the server is running DNS Server services is not related...
Visit anITKB.com, an IT Knowledge Base.
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2011 2:08pm
Hello,
for forwarders, add your ISP DNS servers.
for ports, make sure that your firewall is not blocking DNS traffic on port 53.
As the server is a DNS server, make it point to its private IP address as primary DNS server. If you have other internal DNS servers then make them secondary DNS servers in IP settings of the server.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator:
Security
Microsoft Certified Systems Engineer:
Security
Microsoft Certified Technology Specialist:
Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise
Administrator
Microsoft Certified IT Professional: Server Administrator
August 31st, 2011 2:29pm