Announcement

Collapse
No announcement yet.

DNS Issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS Issue

    hi guys

    I have a local DNS-DHCP-AD Server un VLAN25 IP - 10.6.25.53.
    Cool my Windows 7 Desktops are gettting their DHCP settings-DNS-AD from this sever on VLAN25. My Windows 7 are in VLAN26.

    Now since these Win7 needed Internet I was thinking I had to use in my DNS settings something like these

    10.6.25.53 (my local server)
    8.8.8.8 (Google DNS)

    I use my local DNS since I need my user to resolve addresses locally using server names(my local server does not resolve external addresses) or FQDN and the google to resolve internet addresses but I found that when DNS google is set my users cannot ping servers by name
    ping filesever (wont work)


    ok my question is
    In order to be able to resolve both what should I do?
    have my local DNS resolve external and local DNS Names?
    I have to change something on my local DNS?

    thanks a lot

  • #2
    Re: DNS Issue

    You need to take the Google DNS server off of your clients. They should only point to local DNS servers since they need to resolve local names.

    On your DNS server configure Forwarders (open dns.msc -> right-click server and select properties -> click on Forwarders tab) to point to Google or whatever DNS servers you like.

    Your internal server will then resolve both internal and external addresses.

    A good DNS benchmark tool can be found here: http://www.grc.com/dns/benchmark.htm
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: DNS Issue

      Originally posted by JeremyW View Post
      You need to take the Google DNS server off of your clients. They should only point to local DNS servers since they need to resolve local names.

      On your DNS server configure Forwarders (open dns.msc -> right-click server and select properties -> click on Forwarders tab) to point to Google or whatever DNS servers you like.

      Your internal server will then resolve both internal and external addresses.

      A good DNS benchmark tool can be found here: http://www.grc.com/dns/benchmark.htm

      yeah a forward zone is what I need thanks

      only one think I forgot to mention my DNS does not have Internet connection....
      so that means I have to provide it internet access since it will be my DNS server internal and external?

      Comment


      • #4
        Re: DNS Issue

        Originally posted by kopper View Post
        yeah a forward zone is what I need thanks
        No, not a forward lookup zone. You need to configure the forwarders. Forwarders are servers that your DNS server will send queries to when it can't resolve the name.

        Originally posted by kopper View Post
        only one think I forgot to mention my DNS does not have Internet connection....
        so that means I have to provide it internet access since it will be my DNS server internal and external?
        Yes, you'll need to give your DNS server Internet access.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: DNS Issue

          like I said since right now my DNS-AD-DHCP server is in VLAN25(10.6.25.x) and my my Win7 clients on VLAN26 (10.6.26.x)

          Can I do this?

          Create a secondary AD-DNS Server in VLAN26 and use this server as my forwarder DNS Server?

          I mean Win7 client will consult primary DNS and the secondary DNS will be the forwarded for it so I create another forwarder in my seconday DNS server and my VMS will be able to resolve local FQDN and navigate to internet

          is this a way to go?

          Comment


          • #6
            Re: DNS Issue

            It seems possible, but getting over complex. Why can't you put your DC in the 25.x VLAN, with the clients it is providing services for? Alternatively can't you change its subnet mask to see the default gateway the clients use?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: DNS Issue

              Originally posted by kopper View Post
              like I said since right now my DNS-AD-DHCP server is in VLAN25(10.6.25.x) and my my Win7 clients on VLAN26 (10.6.26.x)

              Can I do this?

              Create a secondary AD-DNS Server in VLAN26 and use this server as my forwarder DNS Server?

              I mean Win7 client will consult primary DNS and the secondary DNS will be the forwarded for it so I create another forwarder in my seconday DNS server and my VMS will be able to resolve local FQDN and navigate to internet

              is this a way to go?
              Like Tom said, it's possible to put a DNS server on VLAN 26 and setup forwarders on that to the Internet DNS and setup forwarders on the DNS server on VLAN 25 to the DNS server on VLAN 26.

              That should work but it adds a layer of complexity that shouldn't be needed unless there's some security guideline that needs to be followed.

              I also want to make it clear that your clients should only point to DNS servers that can resolve internal addresses. It sounds like you want the clients to use the primary server for internal lookups and the secondary server for external lookups. This is not how the DNS client works. It can only use one server at a time and will only switch servers when it can't contact the one it's using.
              Regards,
              Jeremy

              Network Consultant/Engineer
              Baltimore - Washington area and beyond
              www.gma-cpa.com

              Comment


              • #8
                Re: DNS Issue

                Are you blocking traffic between you VLAN's???

                If not then why can't you just point your WIN7 clients to the DNS server on the VLAN25 server then setup your DNS server with DNS access trhough your firewall, port 53 TCP and UDP both in and out.

                Comment


                • #9
                  Re: DNS Issue

                  yeah there is some kinda block traffic

                  We are working on this to define what really needs to be blocked

                  thanks guys


                  is there a way to assign points here?

                  Comment


                  • #10
                    Re: DNS Issue

                    Click on the Ying Yang symbol.

                    Personally i wouldn't block anything between internal networks but thats just me.

                    Comment

                    Working...
                    X