Looking for the AD entry that points to our router

Discussion in 'Server Networking' started by Jack B. Pollack, Jan 26, 2008.

  1. We have a small network running W2K3 Server w/ Active Directory that has
    been up and functioning fine for several years. I am not a DNS expert and
    some of the AD - DNS) settings were setup based on MS KB articles.

    All of the workstations DNS server entries point to the IP of the AD server
    (as per a MS KB article)
    The Server DNS also points to itself (as per same article).

    There was some entry we made that pointed (a forwarder ?? or forward look-up
    zone??) to the IP of the router that was ultimately resolving Internet DNS
    for us.

    I need to change this IP (to OpenDNS) as our ISPs DNS sucks.

    I cant find the entry that I made several years ago to point to the IP of
    the router.
    I have looked in the DNS manager and expanded many branches, but cant find
    anything pointing to the IP of the router.

    Help please in finding this entry.

    Thanks
     
    Jack B. Pollack, Jan 26, 2008
    #1
    1. Advertisements

  2. You're close - open your DNS manager console, right-click on the server, and
    you'll see the Forwarders tab. Put in your ISP's DNS server IP addresses
    here.
     
    Lanwench [MVP - Exchange], Jan 26, 2008
    #2
    1. Advertisements

  3. Jack B. Pollack

    Anthony Guest

    In the DNS Console, Right click the server name and select Properties. It is
    the Forwarder,
    Anthony
    http://www.airdesk.com
     
    Anthony, Jan 26, 2008
    #3
  4. Thanks for your reply.
    The forwarder list is empty.

    any ideas what other entry we pointed to the router?
     
    Jack B. Pollack, Jan 26, 2008
    #4
  5. Thanks.

    I'm looking at that properties page and it isn't where I originally set the
    forward since it has nothing in the list.
    I would like to find the original location and change it there. Any other
    ideas where I could have set this?


    "Lanwench [MVP - Exchange]"
     
    Jack B. Pollack, Jan 26, 2008
    #5
  6. That's the only place you could set a *forward*. Where are you seeing
    symptoms that it exists anywhere?
    You might post an unedited ipconfig /all from your server & from a
    workstation.
     
    Lanwench [MVP - Exchange], Jan 27, 2008
    #6
  7. In
    I'm not quite following why you would want to "point" to the router? The
    router should NOT be used as a forwarder or as a DNS entry in IP properties
    of your DC or any workstation or server for that matter.

    You should only Forward to an outside server to resolve domains other than
    what your DNS server is hosting or to a specific DNS server for a specific
    domain, or a combination of both, but NOT to the router. The router in some
    cases, will act as a 'proxy' DNS, but in many cases, most routers I've dealt
    with with new customers that had this configuration, had trouble resolving
    certain domain names. I believe it is because of EDNS0, but never tested it
    nor felt it was necessary because I just changed it to the ISP's and all
    worked fine afterwards.

    I hope you didn't put it in the Root Hints tab. That is the only other place
    I can think of that you can enter something in DNS properties, other than
    the Use WINS Resolution or zone transfer tab, which I'm sure you wouldn't
    have done that.

    Maybe you are speaking of DHCP option 003?

    Tell you what, please post an unedited ipconfig /all from the DC and a
    sample workstation. I believe Lanwench also asked for this. This will help
    us immensily and give us a start to diagnose and make recommendations and
    suggestions.


    --
    Regards,
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
    MVP Microsoft MVP - Directory Services
    Microsoft Certified Trainer

    Infinite Diversities in Infinite Combinations
     
    Ace Fekay [MVP], Jan 27, 2008
    #7
  8. I'm not quite following why you would want to "point" to the router? The
    If I understand correctly, I need to point to an "outside" DNS server to
    resolve internet addresses.
    If I use the current DNS servers provided by my ISP and "hard code" them if
    they change I will be screwed (and they have changed from time to time).

    Since IP settings are provided to us via DHCP from our ISP I have been able
    to point to the router as a DHCP server and it DOES reflect the changes to
    the ISP DNS servers when they happen.

    Suddenly our ISPs DNS servers have not been resolving some addresses and I
    thought I would change the DNS servers to point to OpenDNS. If I put the IP
    of the OpenDSN serves into the Forwarder section it does indeed use these
    new servers and everything works great . I was just hoping to find the old
    entry I made in some tab that points to the router since the forwarder tab
    was blank when I checked it.

    The router IP is 192.168.0.254 but I have been unable to find anything
    pointing to it.

    IPconfig /all from Server:


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : SERVER1
    Primary Dns Suffix . . . . . . . : spencer.local
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : spencer.local


    Ethernet adapter Local Area Connection:


    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 XT Network
    Connection
    Physical Address. . . . . . . . . : 00-0D-54-FC-47-D9
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.1
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.254
    DNS Servers . . . . . . . . . . . : 192.168.0.1


    ----------------------------------------------------------------------------
    -

    IPconfig /all from workstation:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : spencer_5
    Primary Dns Suffix . . . . . . . : spencer.local
    Node Type . . . . . . . . . . . . : Broadcast
    IP Routing Enabled. . . . . . . . : Yes
    WINS Proxy Enabled. . . . . . . . : Yes
    DNS Suffix Search List. . . . . . : spencer.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connect
    ion
    Physical Address. . . . . . . . . : 00-0B-DC-51-25-E2
    Dhcp Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.0.5
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.254
    DNS Servers . . . . . . . . . . . : 192.168.0.1
     
    Jack B. Pollack, Jan 27, 2008
    #8
  9. They're supposed to notify you. However, technically speaking, you don't
    have to use your ISP's. You could use Verizon's or Sprint's if you wished.
    That's fine, but it should have no bearing on your internal DNS.
    That can happen if you're using a small-fry ISP.
    OK - or see above.
    If you didn't find it in the forwarder before, I can't think of where else
    you would ever have seen it. I think you may be mistaken as to what you'd
    done before.
    That looks fine.
    This looks fine too, but why aren't you using DHCP? Life is much easier that
    way.
     
    Lanwench [MVP - Exchange], Jan 27, 2008
    #9
  10. In
    <snipped>

    Thanks for posting the ipconfigs. They look good.

    As I said, do not use the router's IP address as a forwarder. Directly place
    the ISP's DNS addresses in the Forwarders tab. The terminology you are using
    "point to" threw me off. You want to configure a "forwarder."

    The router, if used, acts like a "proxy DNS" as I explained, and it's
    something you do NOT want to do. However based on your response, I think
    there may be a communication problem as to understanding what I mean by a
    "proxy DNS." A proxy DNS is when you send a query request to it, it cannot
    handle the request itself, since after all, the router is not a DNS server.
    So what does it do with the request? It looks at the external DNS entries
    that you configured it with teh ISP's DNS addresses and sends it to them.
    Then when it gets the response, it forwards it back to the original
    requestor, your server. So you see, this adds an extra resolution step to
    the resolver process. Also some of these routers when used as a proxy DNS,
    do not support EDNS0, a necessary function these days to support large UDP
    DNS packets. I will not explain this at this time since I do not want to
    complicate this any further for you.

    And as Lanwench said, you can use any external DNS server you like as a
    Forwarder. Remove what you have, if any under the Forwarders tab, and try
    just using 4.2.2.2 only and see if that helps. This one works and does not
    change.

    And also the same as Lanwench said, if it is not in the Forwarder's tab, I
    wouldn't klnow where else you may have placed it.


    Here is how to setup a forwarder:
    323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
    (forwarding and other info) :
    http://support.microsoft.com/?id=323380

    Other info that maybe helpful:

    825036 - Best practices for DNS client settings in Windows 2000 Server and
    in Windows Server 2003:
    http://support.microsoft.com/?id=825036

    DNS and AD (Windows 2000 & 2003) FAQ:
    http://support.microsoft.com/?id=291382


    Ace
     
    Ace Fekay [MVP], Jan 28, 2008
    #10
  11. Thanks

    "Lanwench [MVP - Exchange]"
     
    Jack B. Pollack, Jan 28, 2008
    #11
  12. Thanks

     
    Jack B. Pollack, Jan 28, 2008
    #12
  13. If there are no Forwarders Listed,...then it will use Root hints
    automatically by default. Therefore it is not using you ISP's DNS as you
    thought it was.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Microsoft ISA Server Partners: Partner Hardware Solutions
    http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
    -----------------------------------------------------
     
    Phillip Windell, Jan 28, 2008
    #13
  14. If there are no Forwarders Listed,...then it will use Root Hints
    automatically by default. Therefore, it is not using your ISP's DNS as you
    thought it was.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Troubleshooting Client Authentication on Access Rules in ISA Server 2004
    http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

    Microsoft Internet Security & Acceleration Server: Partners
    http://www.microsoft.com/isaserver/partners/default.asp

    Microsoft ISA Server Partners: Partner Hardware Solutions
    http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
    -----------------------------------------------------
     
    Phillip Windell, Jan 28, 2008
    #14
  15. If there are no Forwarders Listed,...then it will use Root Hints
    automatically by default. Therefore, it is not using your ISP's DNS as you
    thought it was.

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Jan 28, 2008
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.