Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.dns,microsoft.public.win2000.networking (More info?)
We have Win2k server hosting many websites. We are having a problem when
trying to ping/dnslookup and resolve any domains from the server. We have
found the problem to be the IP/UDP filtering on the network card. We have
only ports 80, 21, and 53 open for traffic both TCP and UDP. DNS (port 53)
should use the forwarder configured to the master BIND DNS server for domain
resolution but it will not work. It keeps trying to resolve locally becasue
it can not make a successful query to the master DNS server. We have even
bound the IP address of the master DNS server to the network card so it will
resolve naturally from there. After a lot of trial and error we have found
that if we unfilter all UDP ports the DNS works correctly.
Does anyone know why this is? Can anyone provide any idea as to how we may
overcome this? I read a MS KB - 268674 and it was talking about DHCP and
DNS working together. We cant put DHCP on a live webserver for obvious
reasons but may use it on the second network card for 192.196.xxx as a dummy
network. Anyone have any thoughts about a second UDP port that needs
opening? The obvious answer is to have a firewall that blocks all traffic
etc, etc. We do but with a server farm we also have IP security on each
server. Any help is appreciated.
JBowler
We have Win2k server hosting many websites. We are having a problem when
trying to ping/dnslookup and resolve any domains from the server. We have
found the problem to be the IP/UDP filtering on the network card. We have
only ports 80, 21, and 53 open for traffic both TCP and UDP. DNS (port 53)
should use the forwarder configured to the master BIND DNS server for domain
resolution but it will not work. It keeps trying to resolve locally becasue
it can not make a successful query to the master DNS server. We have even
bound the IP address of the master DNS server to the network card so it will
resolve naturally from there. After a lot of trial and error we have found
that if we unfilter all UDP ports the DNS works correctly.
Does anyone know why this is? Can anyone provide any idea as to how we may
overcome this? I read a MS KB - 268674 and it was talking about DHCP and
DNS working together. We cant put DHCP on a live webserver for obvious
reasons but may use it on the second network card for 192.196.xxx as a dummy
network. Anyone have any thoughts about a second UDP port that needs
opening? The obvious answer is to have a firewall that blocks all traffic
etc, etc. We do but with a server farm we also have IP security on each
server. Any help is appreciated.
JBowler
Facebook
Twitter
Instagram