W2K Server w/ DNS behind a firewall

[GreatGazoo]

I am having problems getting the DNS to work behind a firewall and even getting the Active Directory to work either. I have opened TCP and UDP port 53 for DNS and the other ports that Microsoft recommends for the Active Directory. No avail will it work. The firewall works fine for any other port ~ web, email and such. Suggestions?

 

[koquito]

Can you enable logs in your firewall, and later review them? to see what could be the reason? A+, MCP, CCNA
marbinpr@hotmail.com

"I just know that I know nothing"
Socrates (469-399 B.C.E.)

 

[GreatGazoo]

The firewall does not note anything wrong with connections from this port. how in the World do you make it Authoritative for the zones you host?

 

[doomhamur]

Active Dircetory is not an internet protocol and there is no reason to try to use it on the internet, unless you want to get hacked.

Some things to check.

1. Your 1st AD server must have itself and the primary DNS server in the network settings. AD relies on DNS heavily and you will have problems otherwise. All your PC's should have your 1st DC as the primary DNS.

2. All other DC's must have the 1st DC as the primary DNS server.

3. Tell your DNS server on your DC to use forwarders for the internet.

How to do this: open DNS manager, go to the server icon (not the zone), right click and select properties. goto the forewarders tab, enter the ip addresses of your ISP DNS servers and click ok

this way you become authoritative for your internal Domain and your DNS server will hit your isp's DNS servers for anything else.

On your firewall you just need to set it to allow DNS queries/updates.

Have a nice day Doomhamur
Network Engineer
"Certifications? we dont need no stinking certifiaction."

 

[GreatGazoo]

I will try all of it and let you know it goes.