Due to compliance purposes we must have the Windows firewall enabled on our servers. This particular server is our PDC/DHCP/DNS. (192.168.211.17). The BDC (192.168.211.16) is a replica of the PDC.
PDC:
Primary DNS: 192.168.211.16
Secondary DNS: 192.168.211.17
BDC:
Primary DNS: 192.168.211.17
Secondary DNS: 192.168.211.16
The firewall seems to be blocking lookup requests.
w:~> nslookup
> server 192.168.211.17 Default server: 192.168.211.17 Address: 192.168.211.17#53 >google.com;; connection time out; no servers could be reached
When I disable the firewall. It works fine.
w:~> nslookup
> server 192.168.211.17
Default server: 192.168.211.17
Address: 192.168.211.17#53
> google.com
Server: 192.168.211.17
Address: 192.168.211.17#53
Non-authoritative answer:
Name: google.comAddress: 173.194.115.68
Name: google.comAddress: 173.194.115.69
Name: google.comAddress: 173.194.115.65
Name: google.comAddress: 173.194.115.66
Name: google.comAddress: 173.194.115.64
Name: google.comAddress: 173.194.115.67
Name: google.comAddress: 173.194.115.72
Name: google.comAddress: 173.194.115.71
Name: google.comAddress: 173.194.115.70
Name: google.comAddress: 173.194.115.78
Name: google.comAddress: 173.194.115.73
I have enabled logging and can see it blocking the request when its enabled. The default DNS rules are in place DNS (TCP, Incoming) DNS (UDP, Incoming). I have even reset the firewall to defaults and re-imported the rules from the BDC to no avail. The BDC has no issue. It's using the same forwarders as .17
Anything else I may try?
- Edited by EvanR- 12 hours 6 minutes ago