DNS Forwarders?

Discussion in 'Windows Small Business Server' started by Jim, Sep 30, 2004.

  1. Jim

    Jim Guest

    Can anyone explain what the DNS forwarders do?

    I've been having some issues with connecting to certain sites (yahoo.com)
    for example.

    I finally removed all the entries from the forwarders section in the DNS
    properties and now things seem to be working fine.

    However - I have a few machines sitting outside our SBS network on our
    DSL connection - and those I can't hit.

    My network layout is:


    (Internet)
    |
    DSL ROUTER (66.xxx.xxx.33)
    |
    |
    |========DMZ (LinkSys) (66.xxx.xxx.42) (this box does NAT and DHCP to
    boxes connected to it)
    |
    |
    SBS 2003 Server (66.xxx.xxx.34)
    |
    Private Internal Network (192.168.0.XXX)



    I have helpdesk box setup on the DMZ and since I've removed the
    forwarders I can no longer hit it from behind the SBS server. From
    another box on the DMZ it works fine so I know the box is up and running.
    I can hit it from home as well.

    Any ideas?
    Jim
     
    Jim, Sep 30, 2004
    #1
    1. Advertisements

  2. The DNS forwarders are used when your server is trying to solve an address
    that is not local. If you remove the DNS forwarders then the server will use
    Root Hints (which will acomplish pretty much the same thing). The thing
    about DNS forwarders is that they are normally at your ISP, so the
    resolution should be faster than using root hints.

    One problem that is pretty common with DNS in Win2k3 has to do with EDNS
    support (especially for big-name sites like yahoo.com and microsoft.com). I
    would disable it according to:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;828731

    I don't see the connection between DNS forwarders and the issue with the DMZ
    stuff. Can you access the computers by IP, but not by hostname?
     
    Javier Gomez [SBS MVP], Sep 30, 2004
    #2
    1. Advertisements

  3. The way DNS should work in a windows 2000/2003 domain, is that the server
    and all the clients look to the server for DNS. The reason for this
    configuration is so that we can locate resources in Active Directory. Then
    if the server cannot find the resource locally the forwarders are used to
    determine which public dns servers should be used to resolve the external
    resource. For example if you are looking for a domain controller to for
    authentication the client would send a DNS query to the server to locate a
    domain controller via the global catalog server and return the address to
    client. However if you were looking for the IP address of www.MSN.com, the
    client sends the request to the server to for resolution. The server would
    look locally and determine the information requested is for a resource not
    located on the domain. It then looks in its cache to see if the information
    is cached locally. If that fails the request is sent to the DNS server
    listed in forwarders which then works to resolve the address on the
    internet. It then passes that information back the domain controller who
    then forwards that result to the cleint.

    I hope this helps

    Doug Boyd


    This post is provided "AS IS" with no warranties and confers no rights
     
    Douglas Boyd [MSFT], Sep 30, 2004
    #3
  4. Jim

    Jim Guest

    (Douglas Boyd [MSFT]) wrote in
    Thanks - it verifies that it works as I thought.

    I'm going to have to keep digging I guess as this is the last hurdle I have
    to fix and I think everything (OWA, VPN, etc) will be working with my
    setup.

    Jim
     
    Jim, Oct 5, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.