Win2k3 DNS fails recursive query

Discussion in 'DNS Server' started by Chris Nicholas, Aug 3, 2005.

  1. Chris Nicholas

    Chris Nicholas Guest

    I have setup W2k3 as a DC for my .local domain behind a Win2k SP4 ISA SP2
    Server. I have removed the "." zone and entered my ISP's DNS into the
    forwarders and verified all the root hint servers to respond. However, if I
    test a recursive query against the DNS it continually fails. Simple tests
    work great.

    My network is setup as a simple network with ISA's internal IP as the
    Gateway and all client systems and servers are able to browse the internet
    but I am concerned that I don't have the dns setup correctly.

    The trigger to this concern is the setting up of a SMTP server for my WSS
    site that I am hosting. While I can access the site from external
    (Published through ISA) the SMTP server cannot bind to DNS externally. I am
    thinking it cannot actually resolve the address and when I attempt to ping
    the domain from any system that doesn't have the Firewall client installed
    the name fails to resolve.

    So the basic question is in my naivety is if forwarders and root hints are
    used shouldn't I be able to perform a recursive test against my DNS and have
    it function?

    Chris Nicholas
     
    Chris Nicholas, Aug 3, 2005
    #1

    1. Advertisements

  2. Chris Nicholas

    Ace Fekay [MVP] Guest

    In
    Sounds like you need a rule in ISA to allow DNS traffic: UDP 53 and TCP 53
    to the DNS server. Forwarders will eliminate the recursive test failure, but
    he DNS server needs to be able to communicate to the forwarders and ISA is
    preventing it. You will need the firewall client on the DNS too, unless you
    set it up as a secure NAT.

    For more info about setting up ISA, I would suggest the ISA newsgroup.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Aug 3, 2005
    #2

    1. Advertisements

  3. Chris Nicholas

    Chris Nicholas Guest

    Thank you Ace,

    I was thinking that myself but needed to get verification that my
    understanding was correct regarding forwarders and the recursive query. Now
    that I have that I will visit the ISA news groups to see why my filter is
    not working the way that I expect it to.

    Chris Nicholas

    "Ace Fekay [MVP]"
     
    Chris Nicholas, Aug 3, 2005
    #3
  4. Chris Nicholas

    Ace Fekay [MVP] Guest

    In
    Cool. Those guys should be able to help you out. My ISA is a bit rusty since
    I haven't touched it in 6 months.

    Ace
     
    Ace Fekay [MVP], Aug 3, 2005
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. DNS recursive Query

  2. Recursive Query fails & No DNS logs generated

  3. DNS Recursive Query Test Fails

  4. Windows 2003 DNS: Recursive query fails when looking its own domai

  5. DNS Server Fails Recursive Test

  6. recursive query fails

  7. Recursive query fails

  8. Forwarders cannot be validated and recursive query fails

Loading...