DNS Problems

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: microsoft.public.win2000.dns (More info?)

We are in the process of moving our web site from being hosted externally into our offices to be managed internally and it appears that we are having some difficulty getting the server(s) set up. We are using Windows Server 2003. We have opened ports 25, 80, 53, and 110 on the router/firewall to allow email, dns and http traffic and our connection is via a cable modem. The ports have been tested from the outside and they are accessible. The IP is 66.224.132.5 (or something like that) and the webserver/email server(right now we are simply using the smtp and pop that ships with server 2003) have a static internal IP of 192.168.0.5. The initial problem we had was that sometimes we lost the internet connection for about 3 minutes. This usually happened when we tried to go to our web site from another client on the network, the site partially loads and then the connection terminates for a few minutes. We were able to fix this by setting up a dns server on the web server to handle the internal traffic. Does this sound like the correct way to fix the issue?

We now have a problem with trying to go out to external web sites. On the dns server we set up forwarders to the isp dns servers, but it does not appear that the requests are getting that far. This also appears to have affected our email. The email traffic is coming in and hitting the mail server, but the client pcs are not able to connect to the mail server to download the emails.

Any help would greatly be appreciated.
Thank you,
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

"John" <John@discussions.microsoft.com> wrote in message
news:50AECED1-130B-41CB-B57E-EB8DA3D05F6B@microsoft.com...
> We are in the process of moving our web site from being hosted externally
into our offices to be managed internally and it appears that we are having
some difficulty getting the server(s) set up. We are using Windows Server
2003. We have opened ports 25, 80, 53, and 110 on the router/firewall to
allow email, dns and http traffic and our connection is via a cable modem.

> The ports have been tested from the outside and they are accessible.

Port filters such as these have a direction, with source and destination, so
it is quite different to get these backwards.

Example: In typical cases, for HTTP one needs, internal to external
DESTINATION 80, source ANY, PLUS external to internal source
80 plus destination ANY.

"Stateful firewalls" go a step further and "remember" those internal
"ANY" ports and only allow responses that match those (recent)
requests.

> The IP is 66.224.132.5 (or something like that) and the webserver/email
server(right now we are simply using the smtp and pop that ships with server
2003) have a static internal IP of 192.168.0.5. The initial problem we had
was that sometimes we lost the internet connection for about 3 minutes. This
usually happened when we tried to go to our web site from another client on
the network, the site partially loads and then the connection terminates for
a few minutes. We were able to fix this by setting up a dns server on the
web server to handle the internal traffic. Does this sound like the correct
way to fix the issue?
>
> We now have a problem with trying to go out to external web sites. On the
dns server we set up forwarders to the isp dns servers, but it does not
appear that the requests are getting that far. This also appears to have
affected our email. The email traffic is coming in and hitting the mail
server, but the client pcs are not able to connect to the mail server to
download the emails.

DNS settings:

Internal DNS should still be managed by you.
Internal DNS servers for your AD zone must be DYNAMIC.
ALL internal machines (DCs and DNS servers included) must
point SOLELY to the INTERNAL DNS on their NIC properties
(or DHCP supplied) settings
Internal DNS servers typically FORWARD to the external DNS
for internet resolution

If you use the same name internally as externally for you DNS zone
then the INTERNAL DNS servers need to have the zone MANUALLY
duplicated as if it is a separate zone ("shadow" or "split" DNS.)

--
Herb Martin


>
> Any help would greatly be appreciated.
> Thank you,
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

John wrote:
> We are in the process of moving our web site from being hosted
> externally into our offices to be managed internally and it appears
> that we are having some difficulty getting the server(s) set up. We
> are using Windows Server 2003. We have opened ports 25, 80, 53, and
> 110 on the router/firewall to allow email, dns and http traffic and
> our connection is via a cable modem. The ports have been tested from
> the outside and they are accessible. The IP is 66.224.132.5 (or
> something like that) and the webserver/email server(right now we are
> simply using the smtp and pop that ships with server 2003) have a
> static internal IP of 192.168.0.5. The initial problem we had was
> that sometimes we lost the internet connection for about 3 minutes.
> This usually happened when we tried to go to our web site from
> another client on the network, the site partially loads and then the
> connection terminates for a few minutes. We were able to fix this by
> setting up a dns server on the web server to handle the internal
> traffic. Does this sound like the correct way to fix the issue?

Hmmm - well, I'm not sure what you mean by 'setting up a dns server'. Can
you be more specific?
>
> We now have a problem with trying to go out to external web sites. On
> the dns server we set up forwarders to the isp dns servers, but it
> does not appear that the requests are getting that far. This also
> appears to have affected our email. The email traffic is coming in
> and hitting the mail server, but the client pcs are not able to
> connect to the mail server to download the emails.

All servers and workstations should specify *only* the internal
AD-integrated DNS server's IP address in their network settings. The
AD-integrated DNS server should be set up with forwarders to your ISP's DNS
servers for external resolution. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
info.
>
> Any help would greatly be appreciated.

Also note - I don't recommend that you allow traffic on port 80 to come into
your LAN. If this is a standalone web server, I'd put it in a DMZ.

> Thank you,
 

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: microsoft.public.win2000.dns (More info?)

Thank you for the support document and comments. The client pcs are pointing to the internal dns ip (192.168.1.200). The dns server is pointing to itself and we do have forwarders set up to use the isp servers for external resolution. Do we need to stop/restart any services or reboot machines when changes or modifications are made? We still have the issue of not being able to go outside to any external sites.

"Lanwench [MVP - Exchange]" wrote:

> John wrote:
> > We are in the process of moving our web site from being hosted
> > externally into our offices to be managed internally and it appears
> > that we are having some difficulty getting the server(s) set up. We
> > are using Windows Server 2003. We have opened ports 25, 80, 53, and
> > 110 on the router/firewall to allow email, dns and http traffic and
> > our connection is via a cable modem. The ports have been tested from
> > the outside and they are accessible. The IP is 66.224.132.5 (or
> > something like that) and the webserver/email server(right now we are
> > simply using the smtp and pop that ships with server 2003) have a
> > static internal IP of 192.168.0.5. The initial problem we had was
> > that sometimes we lost the internet connection for about 3 minutes.
> > This usually happened when we tried to go to our web site from
> > another client on the network, the site partially loads and then the
> > connection terminates for a few minutes. We were able to fix this by
> > setting up a dns server on the web server to handle the internal
> > traffic. Does this sound like the correct way to fix the issue?
>
> Hmmm - well, I'm not sure what you mean by 'setting up a dns server'. Can
> you be more specific?
> >
> > We now have a problem with trying to go out to external web sites. On
> > the dns server we set up forwarders to the isp dns servers, but it
> > does not appear that the requests are getting that far. This also
> > appears to have affected our email. The email traffic is coming in
> > and hitting the mail server, but the client pcs are not able to
> > connect to the mail server to download the emails.
>
> All servers and workstations should specify *only* the internal
> AD-integrated DNS server's IP address in their network settings. The
> AD-integrated DNS server should be set up with forwarders to your ISP's DNS
> servers for external resolution. See
> http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for more
> info.
> >
> > Any help would greatly be appreciated.
>
> Also note - I don't recommend that you allow traffic on port 80 to come into
> your LAN. If this is a standalone web server, I'd put it in a DMZ.
>
> > Thank you,
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:50AECED1-130B-41CB-B57E-EB8DA3D05F6B@microsoft.com,
John <John@discussions.microsoft.com> posted a question
Then Kevin replied below:
> We are in the process of moving our web site from being hosted
> externally into our offices to be managed internally and it appears
> that we are having some difficulty getting the server(s) set up. We
> are using Windows Server 2003. We have opened ports 25, 80, 53, and
> 110 on the router/firewall to allow email, dns and http traffic and
> our connection is via a cable modem. The ports have been tested from
> the outside and they are accessible. The IP is 66.224.132.5 (or
> something like that) and the webserver/email server(right now we are
> simply using the smtp and pop that ships with server 2003) have a
> static internal IP of 192.168.0.5. The initial problem we had was
> that sometimes we lost the internet connection for about 3 minutes.
> This usually happened when we tried to go to our web site from
> another client on the network, the site partially loads and then the
> connection terminates for a few minutes. We were able to fix this by
> setting up a dns server on the web server to handle the internal
> traffic. Does this sound like the correct way to fix the issue?
>
> We now have a problem with trying to go out to external web sites. On
> the dns server we set up forwarders to the isp dns servers, but it
> does not appear that the requests are getting that far. This also
> appears to have affected our email. The email traffic is coming in
> and hitting the mail server, but the client pcs are not able to
> connect to the mail server to download the emails.
>
> Any help would greatly be appreciated.
> Thank you,

You will need your internal DNS server to give out the private IPs of these
servers to the internal clients.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

John wrote:
> Thank you for the support document and comments. The client pcs are
> pointing to the internal dns ip (192.168.1.200). The dns server is
> pointing to itself and we do have forwarders set up to use the isp
> servers for external resolution. Do we need to stop/restart any
> services or reboot machines when changes or modifications are made?
> We still have the issue of not being able to go outside to any
> external sites.

What was the other DNS server you mentioned?
Can clients ping the router? Can they ping the internal DNS server IP? Ping
a public IP address?

>
> "Lanwench [MVP - Exchange]" wrote:
>
>> John wrote:
>>> We are in the process of moving our web site from being hosted
>>> externally into our offices to be managed internally and it appears
>>> that we are having some difficulty getting the server(s) set up. We
>>> are using Windows Server 2003. We have opened ports 25, 80, 53, and
>>> 110 on the router/firewall to allow email, dns and http traffic and
>>> our connection is via a cable modem. The ports have been tested from
>>> the outside and they are accessible. The IP is 66.224.132.5 (or
>>> something like that) and the webserver/email server(right now we are
>>> simply using the smtp and pop that ships with server 2003) have a
>>> static internal IP of 192.168.0.5. The initial problem we had was
>>> that sometimes we lost the internet connection for about 3 minutes.
>>> This usually happened when we tried to go to our web site from
>>> another client on the network, the site partially loads and then the
>>> connection terminates for a few minutes. We were able to fix this by
>>> setting up a dns server on the web server to handle the internal
>>> traffic. Does this sound like the correct way to fix the issue?
>>
>> Hmmm - well, I'm not sure what you mean by 'setting up a dns
>> server'. Can you be more specific?
>>>
>>> We now have a problem with trying to go out to external web sites.
>>> On the dns server we set up forwarders to the isp dns servers, but
>>> it does not appear that the requests are getting that far. This also
>>> appears to have affected our email. The email traffic is coming in
>>> and hitting the mail server, but the client pcs are not able to
>>> connect to the mail server to download the emails.
>>
>> All servers and workstations should specify *only* the internal
>> AD-integrated DNS server's IP address in their network settings. The
>> AD-integrated DNS server should be set up with forwarders to your
>> ISP's DNS servers for external resolution. See
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;300202 for
>> more info.
>>>
>>> Any help would greatly be appreciated.
>>
>> Also note - I don't recommend that you allow traffic on port 80 to
>> come into your LAN. If this is a standalone web server, I'd put it
>> in a DMZ.
>>
>>> Thank you,
 

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: microsoft.public.win2000.dns (More info?)

It appears that we have worked out a few of the issues. We can now send/receive emails from the client pcs, although it does appear to take a little time for the email to reach its destination, longer than it did initially. We are also able to get to external web sites but not very regularly. When we do get a connection, it appears to take a little time for the site to load and it does not appear to be "normal" internet traffic that is causing the slowdown. Any ideas as to why the dns lookups for external sites may be taking so long? Is there any additional information I can provide that may help out?

Thanks

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:50AECED1-130B-41CB-B57E-EB8DA3D05F6B@microsoft.com,
> John <John@discussions.microsoft.com> posted a question
> Then Kevin replied below:
> > We are in the process of moving our web site from being hosted
> > externally into our offices to be managed internally and it appears
> > that we are having some difficulty getting the server(s) set up. We
> > are using Windows Server 2003. We have opened ports 25, 80, 53, and
> > 110 on the router/firewall to allow email, dns and http traffic and
> > our connection is via a cable modem. The ports have been tested from
> > the outside and they are accessible. The IP is 66.224.132.5 (or
> > something like that) and the webserver/email server(right now we are
> > simply using the smtp and pop that ships with server 2003) have a
> > static internal IP of 192.168.0.5. The initial problem we had was
> > that sometimes we lost the internet connection for about 3 minutes.
> > This usually happened when we tried to go to our web site from
> > another client on the network, the site partially loads and then the
> > connection terminates for a few minutes. We were able to fix this by
> > setting up a dns server on the web server to handle the internal
> > traffic. Does this sound like the correct way to fix the issue?
> >
> > We now have a problem with trying to go out to external web sites. On
> > the dns server we set up forwarders to the isp dns servers, but it
> > does not appear that the requests are getting that far. This also
> > appears to have affected our email. The email traffic is coming in
> > and hitting the mail server, but the client pcs are not able to
> > connect to the mail server to download the emails.
> >
> > Any help would greatly be appreciated.
> > Thank you,
>
> You will need your internal DNS server to give out the private IPs of these
> servers to the internal clients.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ============================
> --
> When responding to posts, please "Reply to Group" via your
> newsreader so that others may learn and benefit from your issue.
> To respond directly to me remove the nospam. from my email.
> ==========================================
> http://www.lonestaramerica.com/
> ==========================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ==========================================
> Keep a back up of your OE settings and folders with
> OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ==========================================
>
>
>
 

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: microsoft.public.win2000.dns (More info?)

Thanks, I'll give that a try. Now it we can send/receive emails from the client pcs. We are also able to get to external web sites but not very regularly. When we do get a connection, it appears to take some time for the site to load. Any ideas as to why the dns lookups for external sites may be taking so long?

Thanks

"Lanwench [MVP - Exchange]" wrote:

> What was the other DNS server you mentioned?
> Can clients ping the router? Can they ping the internal DNS server IP? Ping
> a public IP address?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:DA733CA8-C669-43B6-A16C-2F95CD764705@microsoft.com,
John <John@discussions.microsoft.com> posted a question
Then Kevin replied below:
> It appears that we have worked out a few of the issues. We can now
> send/receive emails from the client pcs, although it does appear to
> take a little time for the email to reach its destination, longer
> than it did initially. We are also able to get to external web sites
> but not very regularly. When we do get a connection, it appears to
> take a little time for the site to load and it does not appear to be
> "normal" internet traffic that is causing the slowdown. Any ideas as
> to why the dns lookups for external sites may be taking so long? Is
> there any additional information I can provide that may help out?

Is your firewall a PIX?
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 

john

Splendid
Aug 25, 2003
3,819
0
22,780
Archived from groups: microsoft.public.win2000.dns (More info?)

No, it is a Linksys Firewall/Router right now as we are a small office. There are also no error messages showing up in the logs.

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:DA733CA8-C669-43B6-A16C-2F95CD764705@microsoft.com,
> John <John@discussions.microsoft.com> posted a question
> Then Kevin replied below:
> > It appears that we have worked out a few of the issues. We can now
> > send/receive emails from the client pcs, although it does appear to
> > take a little time for the email to reach its destination, longer
> > than it did initially. We are also able to get to external web sites
> > but not very regularly. When we do get a connection, it appears to
> > take a little time for the site to load and it does not appear to be
> > "normal" internet traffic that is causing the slowdown. Any ideas as
> > to why the dns lookups for external sites may be taking so long? Is
> > there any additional information I can provide that may help out?
>
> Is your firewall a PIX?
> 828731 - An External DNS Query May Cause an Error Message in Windows Server
> 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;828731
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:509922D4-DEFF-4B59-9B3D-DF67E529AA72@microsoft.com,
John <John@discussions.microsoft.com> posted a question
Then Kevin replied below:
> No, it is a Linksys Firewall/Router right now as we are a small
> office. There are also no error messages showing up in the logs.

You are aware now that all internal clients must use the internal DNS server
only, correct?
This is always a requirement on Active Directory, but now you have servers
hosted locally that cannot be accessed by the public IP addresses. You are
going to have to set up a Split namespace DNS with the internal DNS
resolving for the local network. You will need to create zones for all sites
hosted locally with records that resolve to local IPs. In addition, you are
going to need to add the records for any server hosted on the outside world
in the domains you have in your DNS.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:84E88FFF-EB00-4F5E-881C-1B8212C2DE28@microsoft.com,
John in <John@discussions.microsoft.com> posted their thoughts, then I
offered mine
> Thanks, I'll give that a try. Now it we can send/receive emails from
> the client pcs. We are also able to get to external web sites but not
> very regularly. When we do get a connection, it appears to take some
> time for the site to load. Any ideas as to why the dns lookups for
> external sites may be taking so long?
>
> Thanks
>

John, you didn't reply if your clients can ping by name successfully.
Curious what the reply times are in a ping. Ping www.yahoo.com or
www.macromedia.com and let us know what the response times are.

Also, what DNS are you using for a forwarder?

What kind of line do you have? ADSL, SDSL or T1?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroup so all
can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 

TRENDING THREADS