Problems with DNS on W2K (not responding to external)

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I have been trying to configure DNS for a friend of mine using MS DNS
server on windows 2000 server. I was able to simplify his router
configuration so that there is a single router/firewall between the
public access point and the server. I have forwarded port 53 to the
server and I am able to use nslookup to perform a listing of all records
for the domain. i.e. ls -d acme.com which responds with all of my A
records.

However, if I attempt to query the server for a single host record, such
as www.acme.com I get a DNS timeout.

When I remote to the server and use nslookup from the server itself,
everything looks to work exactly as expected. I have turned on logging
down to the packet level, but have yet to see a sinlge thing logged to
%windir%\logs\dns.log

Does anyone have an idea on what might cause the DNS server to behave
this way? I am particularly confused as to why it would allow me to do
an ls -d and get back the listing but not allow me to get a single host
record. Any help is greatly appreciated. If there are additional tools
you could point me to for diagnosing this, that would help as well. Thanks!

John P

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:FHiLc.34840$KP6.2096795@twister.tampabay.rr.com,
eastsh <ask@forit.com> posted a question
Then Kevin replied below:
> I have been trying to configure DNS for a friend of mine
> using MS DNS server on windows 2000 server. I was able to
> simplify his router configuration so that there is a
> single router/firewall between the
> public access point and the server. I have forwarded port
> 53 to the
> server and I am able to use nslookup to perform a listing
> of all records for the domain. i.e. ls -d acme.com
> which responds with all of my A records.
>
> However, if I attempt to query the server for a single
> host record, such as www.acme.com I get a DNS timeout.
>
> When I remote to the server and use nslookup from the
> server itself, everything looks to work exactly as
> expected. I have turned on logging down to the packet
> level, but have yet to see a sinlge thing logged to
> %windir%\logs\dns.log
>
> Does anyone have an idea on what might cause the DNS
> server to behave
> this way? I am particularly confused as to why it would
> allow me to do
> an ls -d and get back the listing but not allow me to get
> a single host record. Any help is greatly appreciated. If
> there are additional tools
> you could point me to for diagnosing this, that would
> help as well. Thanks!
>
> John P

Check that 53 UDP is open.
When you do an ls -d you are using 53 TCP but normal queries use 53 UDP.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Kevin D. Goodknecht Sr. [MVP] wrote:
>
> Check that 53 UDP is open.
> When you do an ls -d you are using 53 TCP but normal queries use 53 UDP.
>

Well.. I was excited for a moment, that maybe I had only forwarded TCP
traffic on 53, but I checked and it is set to forward both TCP/UDP. I
did remove the dual port forwarding and replaced it with a UPnP
forwarding UDP for 53, and the server disappeared to me altogether.
Switched it back, I can connect with nslookup.. I can ls -d acme.com to
get the whole zone, but if I try www.acme.com I get a DNS timeout. I am
wondering if something else is stealing the requests for UDP/53? I
cannot get the logs for the server to work other than the basic things
that are showing up in the event log (like zone transfers).

Any additional help is greatly appreciated, I have been banging my head
and things are starting to get dark =\

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Oiz1fD1bEHA.796@TK2MSFTNGP09.phx.gbl,
John Parrish <pleaseask@me.com> asked for help and I offered my suggestions
below:
> Well.. I was excited for a moment, that maybe I had only forwarded TCP
> traffic on 53, but I checked and it is set to forward both TCP/UDP. I
> did remove the dual port forwarding and replaced it with a UPnP
> forwarding UDP for 53, and the server disappeared to me altogether.
> Switched it back, I can connect with nslookup.. I can ls -d acme.com
> to get the whole zone, but if I try www.acme.com I get a DNS timeout.
> I am wondering if something else is stealing the requests for UDP/53?
> I cannot get the logs for the server to work other than the basic
> things that are showing up in the event log (like zone transfers).
>
> Any additional help is greatly appreciated, I have been banging my
> head and things are starting to get dark =\

Did you try rebooting your router? What brand router is it? If the logs are
empty, then its kind of saying DNS is not even getting the query.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP] wrote:
>
> Did you try rebooting your router? What brand router is it? If the logs are
> empty, then its kind of saying DNS is not even getting the query.
>
>
Thanks for replying. I have not rebooted the router yet. I might try
that tonight, I installed a packet sniffer on the server to capture
whether or not the DNS request is making its way to the server at all.
If it is, then at least I can rule out the network. If not.. then oh boy
that should be fun. =\

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:OYmUuPGcEHA.3596@tk2msftngp13.phx.gbl,
John Parrish <pleaseask@me.com> asked for help and I offered my suggestions
below:
> Thanks for replying. I have not rebooted the router yet. I might try
> that tonight, I installed a packet sniffer on the server to capture
> whether or not the DNS request is making its way to the server at all.
> If it is, then at least I can rule out the network. If not.. then oh
> boy that should be fun. =\

Ok, let us know what happens after that.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================