Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Installed a Firewall, now Internal DNS Doesn't work

Status
Not open for further replies.
nerdcore

nerdcore

MIS
Jan 23, 2003
26
I installed a SonicWALL firewall to replace our Windows 2000 proxy server that we were previously using. My network consists of a Windows 2000 Domain controller that has DNS installed, and about 30 clients. All of the client machines had a proxy software client, and were configured to use the Domain Controller as their DNS Server (192.168.1.2). This worked fine.

Upon removing the old proxy server, and replacing it with the firewall, I no longer resolve external IPs (i.e. I cannot browse web sites) using the internal DNS server (192.168.1.2). I CAN browse web sites if I change my client DNS servers to be the external ones from our ISP. Why is this? I am really new to DNS, but it seems illogical to me that changing the proxy server out for a firewall would interfere with the internal DNS server. Can someone shed any light on this for me?

Right now logging on to the DC from client machines is giving the familiar event log error "Userenv, Event ID 1000, Windows cannot determine the user or computer name. Return value (1722). " because I am not using the internal DNS server. This causes slow logons, so I need to fix it quick, but at least I have internet connectivity because I updated everyone's DNS servers to the external ones.
 
Sort by date Sort by votes
I want to reply to my own thread here with a bit more possibly relevant info. When I open the DNS MMC Snap-in, I see an entry under Forward Lookup Zones for "." What is this? I read on the Microsoft site that this is not necessary and may cause DNS not to work, as it is for "root" servers, but why did it work before with the proxy and not now with the firewall?

I'm at home now and just promoted a Win2k server machine to a Domain Controller and installed DNS in an attempt to replicate the environment at work, but of course everything works perfectly here :/ . That "." record in the forward lookup zone is not there however. Is this the difference? How was my old DNS server forwarding requests if the controls on the "Forwarding" tab in the server DNS properties is disabled? One thing I remember is that I could not ping external addresses in the old setup...now I can, and same here at home (i.e. i can ping but could not do this before I swapped the proxy out for a firewall, even tho I could browse the web fine.)
 
Upvote 0 Downvote
If you do not remove the "." entry, the Windows DNS server thinks it's the "root" server for everything and will not forward requests for internet zones to the appropriate internet DNS server. (Even if "forwarding" is set properly on your Windows internal DNS server to your ISP's DNS servers.)

Hope this helps.
Just follow Microsofts instructions and you should be fine.
Dana
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
rvirene
  • Locked
  • Question
MS DNS / Powershell Script Question
Replies
2
Views
11K
rvirene
rvirene

Part and Inventory Search

Sponsor

Back
Top