DNS server and recursion

[JensCB]

Hi

On our school we have a Win2000 server with ISA server 2000 installed. The server is a DC and we have DHCP activated.

In event viewer we get a lot of DNS errors saying that: "The DNS server is configured to forward to a non-recursive DNS server at 193.162.146.9" (The IP-adress is the ISPs DNS-server-address.)

If I mark "Do not use recursion" on DNS-server properties, the server and clients doesn't have Internet access.

What do I do wrong?

Regards
Jens

 

[GiaBetiu]

The message is saying that provider DNS is not using recursion in solving names (or is not allowing this).
There are ISP that are not allowing recursion from security reasons.


Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[JensCB]

Thank you for your answer.

But why is it not possible for the clients to access the internet if I mark "Do not use recursion"?

Regards
Jens

 

[GrnEyedLdy]

Jens,

Keep in mind that a recursive query is a request from a host to a resolver to find data on OTHER name servers.

If you do not allow recursion, your clients would only get DNS resolution for internal addresses, i.e., those clients and servers on your LAN that register with YOUR DNS server.


"Servers used in the list of forwarders provide recursive lookup for any queries that a DNS server receives that it cannot answer based on its local zones".


Hope this helps,

Patty

 

[Seaspray0]

If you don't use recurssion, your DNS will not forward the resolution request to any of its forwards, it will attempt to resolve the address itself and thats it. The problem resides on the DNS server you are forwarding to. If it doesn't know the address, its not going to forward to any other DNS server to find it. If you can find all the internet addresses you are interested in getting to, then ignore this problem, otherwise you may want to find another DNS server on the internet to forward too. You could also complain to your ISP if this is one of their DNS servers. They should be attemting to resolve all FQDN to provide you with complete access to the internet.

 

[GiaBetiu]

Actually if you are not using recursive queries, then clients could be set to use iteration. This is like: the client will receive from the DNS server another DNS server address (from it's forwarder list). So, client will ask that server. Now, the problem is: have you such a network structure that will be fully routable to the internet? I don't think so...
Indeed you have to ask your provider or use another DNS server (from the Internet).

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[JensCB]

Thank you all for your answers.

I have contacted my ISP and they say that the IP-adresses I use are correct.

How can I then get rid of all the errormessages?

Regards
Jens

 

[GiaBetiu]

The IP address of the DNS sure is correct. The problem is that DNS server is not allowing recursive queries!!

Gia Betiu
giabetiu@chello.nl
Computer Eng. CNE 4, CNE 5, MCSE Win2K

 

[ashpp]

GiaBetui is spot on - why not use a different DNS server?

Ash.

 

[JensCB]

I've just tried adding a third DNS server in forwarders, and now I get 3 error messages at a time.

Regards
jens