Archived from groups: microsoft.public.win2000.dns (
More info?)
C C <someone@sbcglobal.net> wrote:
> Kevin, thanks for your reply.
>
>> What kind of proxy server are you using?
>
> We are using Wingate 6.0+ by QBIK with ENS. This is on a dedicated
> machine. The DNS server is one of our Active Directory controllers.
>
>> Normally, the Proxy would forward to the ISP and your internal DNS
>> would forward to the proxy. Unless the proxy server is running on
>> the same machine as the DNS server, in that case the Proxy DNS would
>> be disabled and the internal DNS would forward to the ISP.
>>
>
> Yes, I understand this scenarios. What I'm not sure of is the
> "Forwarders" tab
> in the DNS Server configuration.
>
> In your reply to my other post re "Root DNS Servers", I now see why
> DNS queries by our Exchange server (another machine) takes a long
> time to get resolved.
>
> Now, back to the "Forwarders" tab. Shall I add our ISP's Primary
> and secondary DNS servers in this tab? Or shall I use the IP address
> of our Proxy server and let the proxy server NAT it out to our ISP's
> DNS servers?
I run two Wingate v6 proxies so I have quite a bit of experience in setting
these up.
So can I assume Wingate is on a member server or workstation and not a DC?
Your statement above left this unclear, if Wingate is one a DC, disable DNS
in Wingate, if Wingate is on a member, follow these instructions and make
sure the member is using one of the AD DNS servers for DNS in TCP/IP
properties.
On the MS DNS set the forwarder to The Wingate machine, then on the Wingate
machine, in Gatekeeper, Control, on the System Tab, Double click DNS\WINS
Resolver and enter your ISP's DNS server addresses.
Then on the Wingate server machine, go to Start>Programs>Wingate>Advanced
Options, Select DNS Servers, then enter the Local AD DNS server address.
This prevents Wingate from using your AD DNS server and therefore preventing
a DNS loop, this is because the Wingate DNS resolver will try to use the DNS
server in TCP/IP properties as one of its forwarders.
Make sure the ISP DNS servers you are using support doing recursive lookups,
some users have attempted to use the ISP's DNS server they use for hosting
public zones, some ISP's especially the large ones have recursion disabled
on their Authoritative DNS servers. If this is the case these ISP's have
several geographically dispersed caching only DNS server to use as
resolvers.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================