×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Installed a Firewall, now Internal DNS Doesn't work

Installed a Firewall, now Internal DNS Doesn't work

Installed a Firewall, now Internal DNS Doesn't work

(OP)
I installed a SonicWALL firewall to replace our Windows 2000 proxy server that we were previously using.  My network consists of a Windows 2000 Domain controller that has DNS installed, and about 30 clients.  All of the client machines had a proxy software client, and were configured to use the Domain Controller as their DNS Server (192.168.1.2).  This worked fine.  

Upon removing the old proxy server, and replacing it with the firewall, I no longer resolve external IPs (i.e. I cannot browse web sites) using the internal DNS server (192.168.1.2).  I CAN browse web sites if I change my client DNS servers to be the external ones from our ISP.  Why is this?  I am really new to DNS, but it seems illogical to me that changing the proxy server out for a firewall would interfere with the internal DNS server.  Can someone shed any light on this for me?  

Right now logging on to the DC from client machines is giving the familiar event log error "Userenv, Event ID 1000, Windows cannot determine the user or computer name. Return value (1722). " because I am not using the internal DNS server.  This causes slow logons, so I need to fix it quick, but at least I have internet connectivity because I updated everyone's DNS servers to the external ones.

RE: Installed a Firewall, now Internal DNS Doesn't work

(OP)
I want to reply to my own thread here with a bit more possibly relevant info.  When I open the DNS MMC Snap-in, I see an entry under Forward Lookup Zones for "."  What is this?  I read on the Microsoft site that this is not necessary and may cause DNS not to work, as it is for "root" servers, but why did it work before with the proxy and not now with the firewall?  

I'm at home now and just promoted a Win2k server machine to a Domain Controller and installed DNS in an attempt to replicate the environment at work, but of course everything works perfectly here :/ .  That "." record in the forward lookup zone is not there however.  Is this the difference?  How was my old DNS server forwarding requests if the controls on the "Forwarding" tab in the server DNS properties is disabled?  One thing I remember is that I could not ping external addresses in the old setup...now I can, and same here at home (i.e. i can ping www.yahoo.com, but could not do this before I swapped the proxy out for a firewall, even tho I could browse the web fine.)

  

RE: Installed a Firewall, now Internal DNS Doesn't work

If you do not remove the "." entry, the Windows DNS server thinks it's the "root" server for everything and will not forward requests for internet zones to the appropriate internet DNS server. (Even if "forwarding" is set properly on your Windows internal DNS server to your ISP's DNS servers.)

Hope this helps.
Just follow Microsofts instructions and you should be fine.
Dana

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close