Announcement

Collapse
No announcement yet.

DNS in Server 2008

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • somoolla
    started a topic DNS in Server 2008

    DNS in Server 2008

    Hi All.
    Please assist. I am having problems getting access to the internet from my newly created domain. I have installed Win Server 2008, new forest, new domain, new DC. I have configured an ISA 2006 firewall with a ADSL connected to the firewall. I get nslookup responses and get FQDNS back when querying a machine on the domain. I can pop to my mal account and get internet access on the firewall. The IPCONFIG/ALL is:
    IP: 172.10.32.1 (DC)
    Subnet: 255.255.255.0
    Gateway: 172.10.32.5 (ISA 2006)
    DNS: 172.10.32.1 (DC)

    I have configured a forwarder on the DNS server to point to my ISP's DNS.

    Any help will be appreciated.

    Thanks
    So

  • somoolla
    replied
    Re: DNS in Server 2008

    ISA does have no logs relating to denying a connection. What else am I missing? I dont have the web proxy setup on the ISA Server so there is no proxy.

    Leave a comment:


  • Dumber
    replied
    Re: DNS in Server 2008

    So there is Internet connectivity
    Check out the ISA logging for more information.

    Leave a comment:


  • somoolla
    replied
    Re: DNS in Server 2008

    Sorry. Stand corrected. My firewall's internal ip address config does not have a gateway.

    Leave a comment:


  • somoolla
    replied
    Re: DNS in Server 2008

    Architecture as we stand.

    My DSL is connected to my Firewall on the second interface. My internal address is on the first interface (172.10.32.5).
    ISA Firewall: 172.10.32.5, 255.255.255.0, 172.10.32.5 (GW) 172.10.32.1 (DNS)
    DC: 172.10.32.1, 255.255.255.0, 172.10.32.5 (GW) 172.10.32.1 (DNS)
    Forwarder on this dns server is ISP DNS.
    Exch: 172.10.32.2, 255.255.255.0, 172.10.32.5 (GW) 172.10.32.1 (DNS)

    I get nslookup replies on the workstations and DC and Exchange but no web pages will display. I even plug my laptop in and can collect my mail over POP on another public pop server. I will attach the tracert's later.

    Leave a comment:


  • Dumber
    replied
    Re: DNS in Server 2008

    Well actually that isn't needed.

    The thing is that every box, eg clients, ISA server(internal nic), DC etc should point to the internal DNS server.
    On the external interface of the ISA server shouldn't be any DNS servers configured.

    Also unplugging the ISA server and exposing the DC against the internet is far from a good security practice.
    Allowing all outbound traffic will open every known port which can be find in the ISA swoosh bar and that should be more then enough.
    DNS should be configured with forwarders to the ISP DNS servers or use the root hints.

    So basically, a NSlookup from any client should be sufficient.

    Leave a comment:


  • Chinthaka
    replied
    Re: DNS in Server 2008

    Hi somoolla,

    i have understood your problem as you canot access internet behind the firewall on your newly created domain.If i am off road pls let me know.

    Did you have done basic troubleshooting tasks?

    1)Run nslookup xxx.xxx.xxx.xxx(your ISp Dns address) on domain controller.
    2)Run nslookup xxx.xxx.xxx.xxx(your ISp Dns address) on ISA server.
    3)Temporally unplug ISA and try to access internet on Domain controller.
    4)Please verify whether open TCP port 53,UDP Port 53 ?

    Regards
    Last edited by Chinthaka; 15th April 2009, 02:35.

    Leave a comment:


  • Dumber
    replied
    Re: DNS in Server 2008

    How have you configured the ISA nics?
    And what is precisely your issue?
    Last edited by Dumber; 14th April 2009, 17:27.

    Leave a comment:


  • somoolla
    replied
    Re: DNS in Server 2008

    Currently i am allowing all through ISA. I have an All Outbound rule that states allow all traffic from internal to external, local host. This rule is working because when workstation on the domain makes the request the rule is been 'hit' in ISA. If i disable this rule then the requests hits the unrestricted Internet Access rule that comes standard when installing ISA. I dont get a denied connection on the Firewall. Could there be something wrong with the Reverse lookup in DNS? Does Win Server 2208 require a reverse lookup zone?

    Leave a comment:


  • danielp
    replied
    Re: DNS in Server 2008

    Try to eliminate the issues. Temporarily allow all through ISA, and see if you can do a FQDN query. If yes, suspect ISA configuration. If not, come back with additional information.

    Leave a comment:

Working...
X