Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows 2000 / DNS / February 2006

Tip: Looking for answers? Try searching our database.

you there ace?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
news.microsoft.com - 21 Feb 2006 16:52 GMT
we had a conversation a few days ago about my dns servers, and we came to
the conclusion that it probably had something to do with my isa server, i
have spent sometime looking at that, and everything seems to be ok?

is it possible that there is something wrong with the forwarders part of
dns... i put a packet sniffer at my gateway machine, (isa server 2000), and
i am not seeing much dns traffic from my dns server?

can i uninstall/reinstall dns to see if this helps?
win2k3/isa2000/exch2k3
Reply to this Message
SIME - 21 Feb 2006 23:37 GMT
Hi

I dont know what happened previously but to identify if you have an issue
with forwarders I assume you can just remove the forwarder and allow the
server to use roothints to resolve the query

This would rule in/out your forwarders as the cause of your issue

Regards
SImon
MCDST MCP A+

>we had a conversation a few days ago about my dns servers, and we came to
>the conclusion that it probably had something to do with my isa server, i
[quoted text clipped - 6 lines]
>can i uninstall/reinstall dns to see if this helps?
>win2k3/isa2000/exch2k3
Reply to this Message
news.microsoft.com - 22 Feb 2006 13:00 GMT
Its a long story, lol aboyut 2 weeks worth of pain. i have tried removing
the forwarders and using the root hints, but it didnt work.
i now have outbound mail working, but i dont like the set up (i told dns to
use the isa server as a forwarder, the isa server is not a dns server )
however if i tell nslookup to use the external ip address of the dns server,
recursion works, and mail is flowing.  for whatever reason the dns server is
not trying to goto the gateway when (until now) it is handed an external
domain name. i was getting almost no traffic from the dns server on port 53.
but it works , and i am tired, so i will leave it alone until an extended
break so i can have a good look at it  ;-)
unless someone knows what is wrong so i can make it work "right"

> Hi
>
[quoted text clipped - 18 lines]
> >can i uninstall/reinstall dns to see if this helps?
> >win2k3/isa2000/exch2k3
Reply to this Message
Herb Martin - 22 Feb 2006 05:02 GMT
> we had a conversation a few days ago about my dns servers, and we came to
> the conclusion that it probably had something to do with my isa server, i
[quoted text clipped - 4 lines]
> and
> i am not seeing much dns traffic from my dns server?

You can quickly determine this by (working from the DNS server)
using the Command prompt NSLookup to try the "forwarder"
directly:

Test things like this:

   nslookup www.google.com  IP.Address.Of.Forwarder

If your DNS server command prompt cannot resolve the names
(like this) through the forwarder then you have firewall/ISA,
problems with forwarder itself, or other routing problems.

> can i uninstall/reinstall dns to see if this helps?

Sure but it's almost always a waste of time to flail around re-installing
stuff when you haven't even isolated the problem.

And it is generally counter-productive since all of your other
tests must be re-done and the chance you will introduce a new
problem.

Don't flail -- isolate and simplify the problem.

> win2k3/isa2000/exch2k3

Signature

Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

Reply to this Message
news.microsoft.com - 22 Feb 2006 13:27 GMT
if i tell nslookup to use the isp dns server... recursion works. if i tell
dns to use a bublic ip as a forwarder, it doesnt goto my gateway (isa
server) i dont know where it goes if it even tries? from the isa server i
dont see very much traffic coming from my dns server. i have mail flowing
and recursion working, but i dont llike the way i did it... (mainly because
this setup has been the same for several years with little or no issues) i
put the isa server's internal ipaddress as the forwarder. dns is not
installed on my isa. it works though, but i dont like it. for whatever
reason dns stopped forwarding to my isp dns servers.

> > we had a conversation a few days ago about my dns servers, and we came to
> > the conclusion that it probably had something to do with my isa server, i
[quoted text clipped - 29 lines]
>
> > win2k3/isa2000/exch2k3
Reply to this Message
Herb Martin - 22 Feb 2006 13:48 GMT
> if i tell nslookup to use the isp dns server... recursion works. if i tell
> dns to use a bublic ip as a forwarder,

Well tell NSlookup to use PRECISELY the SAME DNS as
you are trying to use in your DNS Forwarder setting.

If that works, then try to tell YOUR DNS to get the same
answer.

Report PRECISELY which works and which doesn't.

Do all of this from YOUR DNS server (not some other
machine which would complicate the tests.)

Make sure you do NOT have "Do not use recursion"
checked in the ADVANCED tab of your DNS server.
("Disable recursion" on the forwarder tab should be
ok, but if you get poor results play with that AND
report the precise results for each setting.)

> it doesnt goto my gateway (isa
> server) i dont know where it goes if it even tries?

Then you don't know that it "doesn't goto" there.

You won't know that unless you use a network monitor.

You might have disabled recursion (advanced tab.)

> from the isa server i
> dont see very much traffic coming from my dns server. i have mail flowing
[quoted text clipped - 4 lines]
> installed on my isa. it works though, but i dont like it. for whatever
> reason dns stopped forwarding to my isp dns servers.

Why did you put your ISA server address as forwarder if your
ISA has no DNS?

Set your forwarder to the DNS server you wish to use (ISP, etc.)

It should be the SAME DNS server you can query directly from
the NSLookup.

Failing to forward to a DNS server should not offer a surprise
when it fails to resolve.

Signature

Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>> > we had a conversation a few days ago about my dns servers, and we came
> to
[quoted text clipped - 32 lines]
>>
>> > win2k3/isa2000/exch2k3
Reply to this Message
news.microsoft.com - 22 Feb 2006 16:01 GMT
> > if i tell nslookup to use the isp dns server... recursion works. if i tell
> > dns to use a bublic ip as a forwarder,
[quoted text clipped - 6 lines]
>
> Report PRECISELY which works and which doesn't.

nslookup will work if i tell it to use the isp dns server, it doesnt work
when i set up the same ip as a forwarder in dns, and all of this is testing
from the dns server

> Do all of this from YOUR DNS server (not some other
> machine which would complicate the tests.)
[quoted text clipped - 4 lines]
> ok, but if you get poor results play with that AND
> report the precise results for each setting.)

do not use recursion is unchecked, same with the forwarders tab

> > it doesnt goto my gateway (isa
> > server) i dont know where it goes if it even tries?
>
> Then you don't know that it "doesn't goto" there.

when i use ethereal i dont see connections on port 53 from the internal dns
server, i assumed that meant it wasnt going there

> You won't know that unless you use a network monitor.
>
> You might have disabled recursion (advanced tab.)

> > from the isa server i
> > dont see very much traffic coming from my dns server. i have mail flowing
[quoted text clipped - 7 lines]
> Why did you put your ISA server address as forwarder if your
> ISA has no DNS?

dont ask me... i seen it in another post in another newsfeed, it was a
suggeted kb article i am trying to find it to post back here. another mvp on
this site said it was a poor design, and he said that he also emailed
microsoft about it.

> Set your forwarder to the DNS server you wish to use (ISP, etc.)
>
> It should be the SAME DNS server you can query directly from
> the NSLookup.

it was set up that way, and it wouldnt work... thats why i came to the
conclusion that something is wrong with the forwarding part of my dns
server, and was considering a reinstall

> Failing to forward to a DNS server should not offer a surprise
> when it fails to resolve.

the only surprise was when i told ns lookup to use the isp 's dns server it
worked, but when i had the same ip as a forwarder in my dnsserver, it
wouldnt work. i know it should, but it doesnt. i cant even figure out how it
is working now seeing that my isa server is not a dns server, but now the
reverse lookups work?

> >> > we had a conversation a few days ago about my dns servers, and we came
> > to
[quoted text clipped - 32 lines]
> >>
> >> > win2k3/isa2000/exch2k3
Reply to this Message
Herb Martin - 22 Feb 2006 22:06 GMT
> "Herb Martin" <news@LearnQuick.com> wrote in message
>> "news.microsoft.com" <mortonj@spammernb.sympatico.ca> wrote in message
[quoted text clipped - 14 lines]
> testing
> from the dns server

Then set the forwarder to what works.

> do not use recursion is unchecked, same with the forwarders tab

Most of the time it is CORRECT to check it on the Forwarder's tab.

>> > put the isa server's internal ipaddress as the forwarder. dns is not
>> > installed on my isa. it works though, but i dont like it. for whatever
[quoted text clipped - 8 lines]
> this site said it was a poor design, and he said that he also emailed
> microsoft about it.

Well, don't expect it to work.  Why would it work?

Key trick to troubleshooting IP:  It HAS to make sense.  IP is incredibly
logical and ultimately VERY simple.  (Sometimes there is lots of 'stuff'
which makes it look complicated but it should never be difficult one
piece or two at a time.)

>> Set your forwarder to the DNS server you wish to use (ISP, etc.)
>>
[quoted text clipped - 4 lines]
> conclusion that something is wrong with the forwarding part of my dns
> server, and was considering a reinstall

Re-install for an unknown problem is pretty silly.

Just set your Forwarder to your CHOSEN DNS server that will
do the Internet recursion.

>> Failing to forward to a DNS server should not offer a surprise
>> when it fails to resolve.
[quoted text clipped - 3 lines]
> worked, but when i had the same ip as a forwarder in my dnsserver, it
> wouldnt work.

That's because your "forwarder" was NOT a DNS server.  No one can
get a non-DNS server to resolve DNS for them (short of port/address
mapping which just moves the request TO THE DNS server.)

> i know it should, but it doesnt. i cant even figure out how it
> is working now seeing that my isa server is not a dns server, but now the
> reverse lookups work?

Signature

Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>> >> > we had a conversation a few days ago about my dns servers, and we
> came
[quoted text clipped - 37 lines]
>> >>
>> >> > win2k3/isa2000/exch2k3
Reply to this Message
news.microsoft.com - 23 Feb 2006 12:52 GMT
maybe im not being clear.
when i set the forwarder to the ISP dns server recursion fail
when i set the forwarders to the internal ip address of my isa server (which
is not a dns server) recusion is successful
> Well, don't expect it to work.  Why would it work?
but it does, and i dont know why?
im not trying to be smart, until 2 weeks ago the dns setup you are
suggesting is exactly what i had for my set up (it has been like that for
the last 6 years), but 2 weeks ago it failed and hasnt worked that way again
since, and this retarded way of setting up my dns is working, even though i
cant figure out how.

> > "Herb Martin" <news@LearnQuick.com> wrote in message
> >> "news.microsoft.com" <mortonj@spammernb.sympatico.ca> wrote in message
[quoted text clipped - 112 lines]
> >> >>
> >> >> > win2k3/isa2000/exch2k3
Reply to this Message
Herb Martin - 23 Feb 2006 15:15 GMT
> maybe im not being clear.
> when i set the forwarder to the ISP dns server recursion fail
> when i set the forwarders to the internal ip address of my isa server
> (which
> is not a dns server) recusion is successful

And your NSLookup gives which results?  Report one consistent
set of results clearly or we cannot guess which is working and
which is not.

And what are you current symptoms?  (IF it is working what's
the problem?)

Signature

Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

>> > "Herb Martin" <news@LearnQuick.com> wrote in message
>> >> "news.microsoft.com" <mortonj@spammernb.sympatico.ca> wrote in message
[quoted text clipped - 122 lines]
>> >> >>
>> >> >> > win2k3/isa2000/exch2k3
Reply to this Message
news.microsoft.com - 23 Feb 2006 16:16 GMT
Im sorry herb i know you are just trying to help. but i dont think we are on
the same page... thanks for all your help, i have come up with a bandaid
solution that works for now. on march break i am going to contact microsoft
to see what is wrong.
again thanks

undr

> > maybe im not being clear.
> > when i set the forwarder to the ISP dns server recursion fail
[quoted text clipped - 135 lines]
> >> >> >>
> >> >> >> > win2k3/isa2000/exch2k3
Reply to this Message
Kevin D. Goodknecht Sr. [MVP] - 24 Feb 2006 10:55 GMT
> maybe im not being clear.
> when i set the forwarder to the ISP dns server recursion fail
> when i set the forwarders to the internal ip address of my isa server
> (which is not a dns server) recusion is successful
>> Well, don't expect it to work.  Why would it work?
> but it does, and i dont know why?

You obviously have ISA set up as a DNS proxy. In which case it should be
used as the forwarder because it is acting as a caching only DNS and
blocking other DNS queries bypassing ISA. This is actually a pretty common
configuration, you should be using the ISA as your forwarder, and you MUST
check the box "Do not use recursion" on the Forwarders tab, Leave "Disable
recursion" unchecked on the Advanced tab. These two boxes are probably the
most confusing settings on the DNS server. Their actual meaning are somewhat
confused, especially on Win2k, they did try to clarify them on Win2k3.
Do not use recursion-Actually means Do not use Root Hints
Disable recursion(Advanced) actually means answer only authoritatively(DNS
must have a zone).

Signature

Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Reply to this Message
news.microsoft.com - 22 Feb 2006 16:15 GMT
i found it in
microsft.public.isa.configuration
a tony guy posted it as a "fix", and phillip windell, said it was a bad
design etc and that he sent a message to micrsoft to state his opinion.

http://support.microsoft.com/default.aspx?scid=kb;en-us;305394

the only thing i did different is i didnt set up my smtp vs1 to point to the
internal interface of the isa server, i have no forwarders set upin the smtp
vs1.

> > if i tell nslookup to use the isp dns server... recursion works. if i tell
> > dns to use a bublic ip as a forwarder,
[quoted text clipped - 81 lines]
> >>
> >> > win2k3/isa2000/exch2k3
Reply to this Message
Ace Fekay [MVP] - 26 Feb 2006 22:50 GMT
> i found it in
> microsft.public.isa.configuration
[quoted text clipped - 7 lines]
> to the internal interface of the isa server, i have no forwarders set
> upin the smtp vs1.

Sorry I didn't see this post earlier, but glad you got a fix or workaround
for it with the help Herb, Kevin and Phillip provided. I actually forget the
original post when we talked about the issues you're having, and it's
difficult for me to find it because your name comes up as
"news.microsoft.com", which is generic. But glad you got it working.

Signature

Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Assimilation Imminent. Resistance is Futile
Infinite Diversities in Infinite Combinations

"Very funny Scotty.  Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy.

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.