DNS Server Not Responding (Win 2003 SBE)

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I'm running Windows 2003 SBE in what's basically a test environment and
am trying to host a publicly accessible website (only for test/development
purposes). The name of the local domain is onpoint.local and the name of the
server box is server.onpoint.local. The box has one NIC card and its
internal LAN IP is 192.168.0.4. The server is a domain controller (I have
no choice with SBE), but it's not acting as a DHCP server and no other
machines are part of the onpoint.local domain. My router/firewall/gateway is
a
separate machine running IPCOP linux software, and its internal LAN IP is
192.168.0.1. That gateway has two public IPs, one of which is
208.201.246.19. The gateway machine is configured to forward port 53/80
requests coming in on the 208.246.201.19 IP over to the server.onpoint.local
box (192.168.0.4). I've confirmed that ports 53/80 are open on
208.201.246.19 through a port scan.

In the server.onpoint.local box's LAN connection properties, the IP is set
to 192.168.0.4, the gateway is set to 192.168.0.1, and the DNS is set to
127.0.0.1.

I've registered the domain rumination.net with Gandi.net registrar and weeks
ago told
Gandi that ns1.rumination.net is associated with 208.201.246.19. (The
second name server is hosted by Gandi). From both inside and outside my
network, I'm able to ping ns1.rumination.net, which resolves to
208.201.246.19, the Win 2003 box. However, I can't ping
rumination.net, getting only "unknown host" messages.

Now I'm not a complete newbie at DNS (I've successfully configured the
shareware SimpleDNS server on a separate Win2K workstation without problem)
but I am new to Windows 2003 SBE. For the life of me I can't get my Win
2003 DNS server to respond to requests.

I'm wondering if I'm missing something having to do with SBE, like an
obscure
requirement that the server has to also act as a DHCP server (?), some
permissions issue or perhaps some
other, "hidden" firewall I've missed, etc. I'm not running ISA. In the DNS
MMC, rumination.net is
a "sub-directory" below forward looking zones. It is on the same level as,
not below, the onpoint.local domain -- if this matters.

Below is my rumination.dns file (the zone is not AD-integrated). FWIW, in
the record below, I've tried replacing the 192.168.0.4 LAN IP with the
public 208.201.246.19 IP, but that hasn't helped. I've cleared cache and
reloaded after every tweak of the record.

I'm sure it's a simple thing I've missed. Any help or suggestions would be
appreciated. Thanks.

--- DNS Record -----

;
; Database file rumination.net.dns for rumination.net zone.
; Zone version: 5
;

@ IN SOA server.onpoint.local.
hostmaster.onpoint.local. (
5 ; serial number
900 ; refresh
600 ; retry
86400 ; expire
3600 ) ; default TTL

;
; Zone NS records
;

@ NS server.onpoint.local.

;
; Zone records
;

@ A 208.201.246.19
ns1 A 192.168.0.4
www CNAME rumination.net.


-------------
Regards,
Bob Haroche
O n P o i n t S o l u t i o n s
www.OnPointSolutions.com

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:HlmIc.1762$54.20668@typhoon.sonic.net,
Bob Haroche <spambait@onpointsolutions.com> posted a question
Then Kevin replied below:
> I'm running Windows 2003 SBE in what's basically a test
> environment and
> am trying to host a publicly accessible website (only for
> test/development purposes). The name of the local domain
> is onpoint.local and the name of the server box is
> server.onpoint.local. The box has one NIC card and its
> internal LAN IP is 192.168.0.4. The server is a domain
> controller (I have no choice with SBE), but it's not
> acting as a DHCP server and no other machines are part of
> the onpoint.local domain. My router/firewall/gateway is a
> separate machine running IPCOP linux software, and its
> internal LAN IP is 192.168.0.1. That gateway has two
> public IPs, one of which is 208.201.246.19. The gateway
> machine is configured to forward port 53/80 requests
> coming in on the 208.246.201.19 IP over to the
> server.onpoint.local box (192.168.0.4). I've confirmed
> that ports 53/80 are open on 208.201.246.19 through a
> port scan.
>
> In the server.onpoint.local box's LAN connection
> properties, the IP is set to 192.168.0.4, the gateway is
> set to 192.168.0.1, and the DNS is set to 127.0.0.1.
>
> I've registered the domain rumination.net with Gandi.net
> registrar and weeks ago told
> Gandi that ns1.rumination.net is associated with
> 208.201.246.19. (The second name server is hosted by
> Gandi). From both inside and outside my network, I'm able
> to ping ns1.rumination.net, which resolves to
> 208.201.246.19, the Win 2003 box. However, I can't ping
> rumination.net, getting only "unknown host" messages.
>
> Now I'm not a complete newbie at DNS (I've successfully
> configured the shareware SimpleDNS server on a separate
> Win2K workstation without problem) but I am new to
> Windows 2003 SBE. For the life of me I can't get my Win
> 2003 DNS server to respond to requests.
>
> I'm wondering if I'm missing something having to do with
> SBE, like an obscure
> requirement that the server has to also act as a DHCP
> server (?), some permissions issue or perhaps some
> other, "hidden" firewall I've missed, etc. I'm not
> running ISA. In the DNS MMC, rumination.net is
> a "sub-directory" below forward looking zones. It is on
> the same level as, not below, the onpoint.local domain --
> if this matters.
>
> Below is my rumination.dns file (the zone is not
> AD-integrated). FWIW, in the record below, I've tried
> replacing the 192.168.0.4 LAN IP with the public
> 208.201.246.19 IP, but that hasn't helped. I've cleared
> cache and reloaded after every tweak of the record.
>
> I'm sure it's a simple thing I've missed. Any help or
> suggestions would be appreciated. Thanks.
>
> --- DNS Record -----
>
> ;
> ; Database file rumination.net.dns for rumination.net
> zone. ; Zone version: 5
> ;
>
> @ IN SOA server.onpoint.local.
> hostmaster.onpoint.local. (
> 5 ; serial number
> 900 ; refresh
> 600 ; retry
> 86400 ; expire
> 3600 ) ; default TTL
>
> ;
> ; Zone NS records
> ;
>
> @ NS server.onpoint.local.
>
> ;
> ; Zone records
> ;
>
> @ A 208.201.246.19
> ns1 A 192.168.0.4
> www CNAME rumination.net.
>
>
> -------------
> Regards,
> Bob Haroche
> O n P o i n t S o l u t i o n s
> www.OnPointSolutions.com

I can see what you are doing here and it is going to be a problem. You are
using this local server for the Primary DNS for the public domain. You can
set this up so it wil work from the public side, but then it won't work from
the private side. If you set it up to work from the private side it won't
work from the public side.
You need a DNS server locally that resolves private address for your local
network.

Here is your public side DNS:
> rumination.net soa

opcode: Query, status: NOERROR, id: 23
flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

QUESTION SECTION:
rumination.net. IN SOA

ANSWER SECTION:
rumination.net. 3600 IN SOA server.onpoint.local.
hostmaster.onpoint.local.< fix this
5 900 600 86400 3600

AUTHORITY SECTION:
rumination.net. 172775 IN NS ns6.gandi.net.
rumination.net. 172775 IN NS ns1.rumination.net.

ADDITIONAL SECTION:
ns6.gandi.net. 258557 IN A 80.67.173.196

QUESTION SECTION:
ns1.rumination.net. IN A

ANSWER SECTION:
ns1.rumination.net. 3600 IN A 192.168.0.4<---fix this

AUTHORITY SECTION:
rumination.net. 172152 IN NS ns6.gandi.net.
rumination.net. 172152 IN NS ns1.rumination.net.

ADDITIONAL SECTION:
ns6.gandi.net. 257934 IN A 80.67.173.196


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Well, after that long question above I took another look at my firewall and
saw that I had port forwarding open for port 53 under the TCP protocol, but
not the UDP protocol. When I opened up UDP, the DNS server is able to
respond to public requests. I even deleted the TCP port 53 forwarding, and
it still works.

So now my question is why is it UDP needs to be forwarded? I thought DNS
requests came in over TCP.


-------------
Regards,
Bob Haroche
O n P o i n t S o l u t i o n s
www.OnPointSolutions.com

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:cVmIc.1763$54.20609@typhoon.sonic.net,
Bob Haroche <spambait@onpointsolutions.com> posted a question
Then Kevin replied below:
> Well, after that long question above I took another look
> at my firewall and saw that I had port forwarding open
> for port 53 under the TCP protocol, but not the UDP
> protocol. When I opened up UDP, the DNS server is able to
> respond to public requests. I even deleted the TCP port
> 53 forwarding, and it still works.
>
> So now my question is why is it UDP needs to be
> forwarded? I thought DNS requests came in over TCP.

You thought wrong, DNS uses UDP for queries, TCP for zone transfers.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:eyEAKu7ZEHA.644@tk2msftngp13.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> asked for help and I
offered my suggestions below:
> In news:cVmIc.1763$54.20609@typhoon.sonic.net,
> Bob Haroche <spambait@onpointsolutions.com> posted a question
> Then Kevin replied below:
>> Well, after that long question above I took another look
>> at my firewall and saw that I had port forwarding open
>> for port 53 under the TCP protocol, but not the UDP
>> protocol. When I opened up UDP, the DNS server is able to
>> respond to public requests. I even deleted the TCP port
>> 53 forwarding, and it still works.
>>
>> So now my question is why is it UDP needs to be
>> forwarded? I thought DNS requests came in over TCP.
>
> You thought wrong, DNS uses UDP for queries, TCP for zone transfers.

Just to point out, (which you already know) unless the response is larger
than 512 bytes than it goes to TCP (without EDNS0).

🙂


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Kevin,

Thanks for your feedback. You wrote:

> You need a DNS server locally that resolves private address for your local
> network.

Cannot a single instance of Windows DNS do this as well? I do have an
onpoint.local domain configured as well, which I thought would handle the
internal LAN dns. I was thinking the one machine could serve both internal
and external DNS. I was going to forward outside DNS requests onto my ISP.

Assuming one machine can handle both, if it's simply a matter of my improper
configuration, then when you wrote:

> rumination.net. 3600 IN SOA server.onpoint.local.
> hostmaster.onpoint.local.< fix this

Do you mean fix it to hostmaster.rumination.net?

Similarly, you wrote:

> ns1.rumination.net. 3600 IN A 192.168.0.4<---fix this

Fix it to 208.201.246.19?

Thanks.


--
-------------
Regards,
Bob Haroche
O n P o i n t S o l u t i o n s
www.OnPointSolutions.com

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ping and DNS are UDP utilities / protocols.

>-----Original Message-----
>Well, after that long question above I took another look
at my firewall and
>saw that I had port forwarding open for port 53 under the
TCP protocol, but
>not the UDP protocol. When I opened up UDP, the DNS
server is able to
>respond to public requests. I even deleted the TCP port
53 forwarding, and
>it still works.
>
>So now my question is why is it UDP needs to be
forwarded? I thought DNS
>requests came in over TCP.
>
>
>-------------
>Regards,
>Bob Haroche
>O n P o i n t S o l u t i o n s
>www.OnPointSolutions.com
>
>
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:8knIc.1764$54.20640@typhoon.sonic.net,
Bob Haroche <spambait@onpointsolutions.com> posted a question
Then Kevin replied below:
> Kevin,
>
> Thanks for your feedback. You wrote:
>
>> You need a DNS server locally that resolves private
>> address for your local network.
>
> Cannot a single instance of Windows DNS do this as well?
> I do have an onpoint.local domain configured as well,
> which I thought would handle the internal LAN dns. I was
> thinking the one machine could serve both internal and
> external DNS. I was going to forward outside DNS requests
> onto my ISP.

It can handle local requests for onpoint.local, but it is obvious to me you
expect rumination.net to work in both places or you wouldn't be having
private names and addresses in the zone.
MS DNS cannot do this, it can do one or the other, per zone.

>
> Assuming one machine can handle both, if it's simply a
> matter of my improper configuration, then when you wrote:
>
>> rumination.net. 3600 IN SOA
>> server.onpoint.local. hostmaster.onpoint.local.< fix this
>
> Do you mean fix it to hostmaster.rumination.net?

Fix the SOA record so the names can resolve to routable IP addresses.

> Similarly, you wrote:
>
>> ns1.rumination.net. 3600 IN A
>> 192.168.0.4<---fix this
>
> Fix it to 208.201.246.19?

You cannot publish non-routable IP addresses in a public DNS server.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your
issue. To respond directly to me remove the nospam. from my
email. ==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:2a99901c46820$8cace600$a601280a@phx.gbl,
Scott Hutchinson <anonymous@discussions.microsoft.com> asked for help and I
offered my suggestions below:
> Ping and DNS are UDP utilities / protocols.
>

More specifically, Ping uses ICMP, but its transport is UDP.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

BH> I thought DNS requests came in over TCP.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-shaped-firewall-holes.html>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

SH> Ping and DNS are UDP utilities / protocols.

MF> More specifically, Ping uses ICMP, but its transport is UDP.

Just as specifically but more correctly: "ping" uses ICMP/IP. UDP/IP is not
involved. There is also a UDP/IP "echo" service, but it is unrelated to
"ping" and largely unused in practice.