possible DNS Problem

Discussion in 'DNS Server' started by nigel, Jul 23, 2009.

  1. nigel

    nigel Guest

    Many thanks in advance
    Have a strange problem for a few days now. DNS all looks OK but can not
    longer OWA via IE in the office but can when using the server name or
    IP/owa. Also cannot RDP the TS Server except by IP. And also file transfers
    between the DMZ to LAN are very slow running at 40 KB/S on a 100 MB network,
    Lan to DMZ / Wan OK NSLookup resolves quickly.

    Has anyone any idea as to what / where to check.

    Many thanks
    Nig
     
    nigel, Jul 23, 2009
    #1
    1. Advertisements

  2. nigel

    nigel Guest

    Forgot to mention that we have a Win 2003 domain with Exchange 2007 win2003
    TS Server
     
    nigel, Jul 23, 2009
    #2
    1. Advertisements

  3. nigel

    Chris Dent Guest

    Hi Nig,

    If you can run this:

    nslookup OWASiteName

    e.g. nslookup webmail.domain.com

    Then DNS is free from blame.

    Do you use a Proxy Server at all? Anything that may prevent IE
    connecting to or resolving the name for the site.

    Depending on configuration the (presumed) proxy server may be allowing
    direct access if only a single label name is used or if a local IP is used.

    Chris
     
    Chris Dent, Jul 23, 2009
    #3

  4. We'll need more information in order to provide a specific response.

    If you have a perimeter (DMZ), what type of router do you have?
    Is your internal private AD DNS domain name the same as your external public name?
    Chris mentioned you may possibly have a Proxy/ISA. Do you?
    Are all internal machines ONLY using the internal DNS in their IP properties? (This means no external, ISP or router as a DNS address).
    Is the DC multihomed?
    Is RRAS installed on the DC?

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MCT], Jul 23, 2009
    #4
  5. nigel

    nigel Guest

    Many thanks for your responses.
    Here are the answers hopefully to your questions. O'h i did the DNS test as
    in the other post - All OK


    Our Router / Firewall is a SonicWall Pro 4060 unit. This has the DMZ of 4
    virtual ports X1 - X4 (fisical cable ports). We have 5 IP addresses one ofe
    the Sonicwall, which routes our internal lan and 4 other external IPs for
    web servers that are in the DMZ.
    N0, domain name is .local
    No Proxy/ISA
    Internal DNS. External DNS is on the Sonicwall Pro unit as is the gateway
    (sonwall ip)
    Single Domian
    No RRAS

    Regards
    Nig

    We'll need more information in order to provide a specific response.

    If you have a perimeter (DMZ), what type of router do you have?
    Is your internal private AD DNS domain name the same as your external public
    name?
    Chris mentioned you may possibly have a Proxy/ISA. Do you?
    Are all internal machines ONLY using the internal DNS in their IP
    properties? (This means no external, ISP or router as a DNS address).
    Is the DC multihomed?
    Is RRAS installed on the DC?

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Please reply back to the newsgroup or forum to benefit from collaboration
    among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MCT, MCTS Messaging, MCSE, MCSA 2003 & 2000, MCSA Messaging
    Microsoft Certified Trainer

    http://twitter.com/acefekay

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    nigel, Jul 24, 2009
    #5
  6. nigel

    Chris Dent Guest

    When you run "nslookup webmail.whatever.com" which IP address do you get
    back? I'm assuming you get a public IP address?

    If you do get a public you may find that you simply cannot route traffic
    to that. There are a number of work-arounds for this, the DNS based
    work-around is to add a Forward Lookup Zone to give you the Private IP
    Address of the host instead.

    My preferred method would be:

    1. Open the DNS Console
    2. Create a Forward Lookup Zone (Primary, AD Integrated) called
    "webmail.whatever.com"
    3. Disable Dynamic Updates for this zone
    4. Create a new Host (A) Record. Leave the name blank and pop in the
    Private IP Address of the server

    Using this method means you do not have to worry about resolving other
    names under "whatever.com" while still allowing you to resolve your own
    version of webmail.whatever.com.

    Chris
     
    Chris Dent, Jul 24, 2009
    #6
  7. nigel

    nigel Guest

    Chris,
    When I nslookup our mail.domain.com I get back the outside IP address
    and the next line gives me the IP address of out exchange server. Is this
    correct or should I still try the work around

    Many thanks
    Nigel
     
    nigel, Jul 31, 2009
    #7
  8. When running nslookup, what DNS server is it showing that it is querying? It
    will be the first thing you see when you run nslookup.

    If it is your inside DNS server, simply go the DNS server, and change the IP
    to the internal private IP.

    If it is an outside DNS server (such as your ISP, some other external DNS,
    or the router's IP being used as a DNS), then it tells me you have your
    internal machines DNS settings misconfigured to use something else other
    than ONLY the internal DNS servers.

    Ace
     
    Ace Fekay [MCT], Jul 31, 2009
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.