Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, September 7, 2011 3:42 AM
I have Win2008R2 Core servers configured with only DNS server for External DNS for our domain.
I have configured DNS for our domain on these servers and it appears to work fine from inside our network.
The Servers are NAT'd and port forwarded via firewalls.
I have a secondary NS provided by our ISP which is getting updates via zone transfer and that is working correctly.
If I nslookup -type=NS my.domain.edu NS1.internal
This works
If I nslokup -type=NS my.domain.edu NS1.External address (from inside or outside our network)
I get a Query refused error.
Logging on NS1 shows that it is receiving and processing the request.. which indicates that NAT is working properly.
Is there some setting somewhere that I can't find which enables the DNS server to respond to queries from outside my network?
If I nslokup -type=NS my.domain.edu NS2.External-ISP.com from anywhere, I get the correct replly.
I'm running out of ideas with this.
Allan
All replies (3)
Thursday, September 8, 2011 6:24 AM âś…Answered
Allan,
Did you port remap both TCP and UDP 53?
How about the firewall? Does it block DNS spoofing? If so, look into allowing it. Also, you may want to enable EDNS0 in your firewall, it supports it. Check your firewall docs if it does, and how to do that.
Forgot to add - if you run nslookup from an external source with the set vc switch (which forces it to use TCP instead of the default UDP), and it works, then it indicates only TCP was allowed.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Wednesday, September 7, 2011 6:50 AM
It may help you.
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Wednesday, September 7, 2011 10:18 AM
Thanks, but sorry. This does not cover my situation at all.
I have internal DNS servers which are working properly.
The servers I'm having problems with are for External use only.
They will be in my DMZ but my firewall does NAT, and it appears the DNS service refuses to serve DNS queries coming from outside my (inner) network. I just get "Query refused" from outside my network.
Thanks for trying.
Allan
Allan McDonald