DNS Troubleshooting

[koga73]

Hi,

I've been working on setting up a server at home and am running into some issues resolving DNS for my site. Im running windows server 2008 and have a split DNS setup. I have a DrayTek Vigor 2920n with 5 static IPs.

 

Network config:

- Internal Domain Controller

- External Domain Controller

- Read-Only external Domain Controller in DMZ on IP #2

- IIS Web Server on IP #3 with port forwarding for 80/443

 

All is working except DNS resolution.

intodns.com reports that my RODC on IP #2 didn't respond (contains DNS entries for ns1 and ns2 for mydomain.com). I can ping IP #2 succesfully. If I get on the RODC VM I can ping out but can't browse (at first I couldn't even ping out but enabling recursion on the external DC fixed that). It seems strange that I can ping but not browse. If I take the RODC out of the DMZ I am able to browse. I suspect that when browsing in the DMZ perhaps the identified IP is IP #1 instead of IP #2 and the response is not able to find its way back? I'm really at a loss as to what could be going on.

 

All help is appriciated!

[ICTCity]

Hi,

 

I think you're right, but what I can't understand is why ping is working... Are you sure that there's no firewall blocking your connection? if you traceroute from that server to a website, does it work? try this: tracert -d www.google.com

 

Let me know.

[koga73]

tracert worked fine. The first IP in the trace is my routers gateway 192.168.1.1 and the second IP my ISP gateway. I tried turning off my firewall on the router (although being its in DMZ it's not behind the routers firewall anyways right?) and checked windows firewall it appears correct having rules to allow port 53. I went ahead and turned off the windows firewall as well and restarted. After I was still unable to browse and the intodns report was the same. I did a test of putting my web server into DMZ as well on IP #3 and got a similar result being unable to browse on the VM however I was still able to see the IIS default page when browsing to IP #3 directly. Any other ideas or tools I can use to troubleshoot what's going on?

[ICTCity]

Just to be sure...

 

What happens if you type this in your browser?

173.194.35.20

[koga73]

I tried browsing to that IP along with yahoo.com and a few other sites with no success. Surprisingly the only site I was able to browse to was my web server IP #3. I was able to get to the default IIS site.

 

On a side note I also decided to scan the ports with nmap for IP #2. Running nmap without any parameters indicates that the host is down however if I use the Pn parameter (treating the host as online) I am able verify that the correct ports are open.

[ICTCity]

That's ok, you cannot surf but the problem is not your DNS, instead is your router / firewall which is preventing your connection. Are you using NAT / PAT?

[koga73]

Well it seems to be responding now in DMZ. The only thing I changed was the DNS servers listed on my modem to use OpenDNS instead of my ISPs DNS. I don't see how this would affect anything so maybe the DNS servers just needed a few days for the cache to clear?

 

On my external DC there are three A entries for mydomain.com (one pointing to internal DC, one pointing to external DC, and one pointing to my web servers public IP (as it should be)). If I delete the other two IPs (other than public) they come back automatically after some time. As a result of pinging mydomain.com sometimes it works fine and gives my the public IP while other times (hours later) it returns a private IP. Whats up with that?

[ICTCity]

It looks like a problem with authority. Maybe your ISP doesn't like OpenDNS (because OpenDNS and other services set cache to 0) and this will cause a problem with your DNS.

 

I don't understand why your DNS is creating A records

[koga73]

Wooo!

Got everything working!!!

In regards to the 3 DNS entries coming back by themselves what was happening was I had one DNS entry for my public static IP of web server, then the other two entries were coming from my network interfaces on my internal and external domain controllers.

 

To fix the problem I had to goto:

Network adapters > right click interface and properties > click IPv4 and toto properties > advanced > DNS tab > uncheck "Register this connection's addresses in DNS"

I also added the following registry key:

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/Tcpip/RegistrationEnabled type DWORD value 0

Now my network interfaces don't come back after deleting them.

 

Appreciate everything, couldn't have got to where I am on this without your help!

 

As for the split DNS setup it doesn't seem to be working exactly as I expected... Whenever I change the IP on either my internal or external DC it duplicates on the other, so right now both DCs are using my external static IP which works, although I thought the purpose of splitting the DNS was to allow the internal DCs DNS to point to my internal static IP and likewise for my external. Any thoughts?