Hello folks, Looking for a little light on a problem that has me stumped. We have a Server 2003 DNS server thats been setup for a while and it is on the same server of the DC. We've recently made some changes to our firewall structure and now the DNS server itself cannot access the internet. So here are the questions. The server is behind a router/firewall. Should I set the DNS forwarders to the IP address of the of the router/firewall or should I forward them directly to the DNS servers from the ISP? Also, what should I set the IP settings of the server itself to? Gateway is router's IP address, but should the DNS be the server's own IP address? Should I leave it blank? If there's no clear answer here I can go into more detail... Thanks

So here are some comments.. Who should the DNS forward to? You have basically two options... 1) allow the DNS server to use its root hints which means that it will query the internet root servers, or forward to another DNS set of servers, such as your ISPs, but it can be any other set of DNS servers that will answer your server's recursive queries. If your router runs DNS services, you could forward to the router, but I dont see the advantage. I think this will just slow down the name resolution process. IP settings of the DNS server? Unique IP on the subnet, correct subnet mask, and configure the gateway address. The DNs server's gateway should be your internet router (based on your description). TCP/IP Client DNS settings? Yes, you could point the DNS server to itself for DNS. that is fine. Do not leave it blank. if you do, DNS server services are not affected, but client dNS services on that system will be. For example, if its blank and you log into that server locally, open a web browser and try to access the internet, you won't. Why.. because you configured the server's OS with no DNS setting. The fact that the server is running DNS Server services is not related... Visit anITKB.com, an IT Knowledge Base.

Hello, for forwarders, add your ISP DNS servers. for ports, make sure that your firewall is not blocking DNS traffic on port 53. As the server is a DNS server, make it point to its private IP address as primary DNS server. If you have other internal DNS servers then make them secondary DNS servers in IP settings of the server. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator