Enabling DNS Forwarder causes IM Problem "SBN via WinServerKB.com" <u32166[ at ]uwe> 5/29/2007 5:13:28 AM Hey guys i just enabled forwarder on our DNS servers and point it to use our Linux box as their forwarder which is also our Default Gateway. But when i set this DNS servers to use forwarding our IM (yahoo,MSN) cant connect. What could be the problem? -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200705/1

RE: Enabling DNS Forwarder causes IM Problem Gabriel Citron 5/29/2007 6:07:01 AM Is not enough for the linux box to be directly connected to internet, must have a DNS service running configured as DNS-cache to permit recursive queries. You can test if is a DNS-cache service running on the linux box using nslookup from any client workstation: nslookup -recurse messenger.msn.com linux_srv The result must be like this: Server: linux_srv Address: 192.168.0.1 Non-authoritative answer: Name: messenger.msn.com Address: 64.4.15.61 -- Gabi Citron CEH, MCSE:Security, CCNA "SBN via WinServerKB.com" wrote: [Quoted Text] > Hey guys i just enabled forwarder on our DNS servers and point it to use our > Linux box as their forwarder which is also our Default Gateway. But when i > set this DNS servers to use forwarding our IM (yahoo,MSN) cant connect. What > could be the problem? > > -- > Message posted via WinServerKB.com > http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200705/1 > >

Re: Enabling DNS Forwarder causes IM Problem James Beukelman <james978[ at ]gmail.com> 5/29/2007 7:32:22 AM SBN via WinServerKB.com wrote: [Quoted Text] > Hey guys i just enabled forwarder on our DNS servers and point it to use our > Linux box as their forwarder which is also our Default Gateway. But when i > set this DNS servers to use forwarding our IM (yahoo,MSN) cant connect. What > could be the problem? > The simpler answer is to have your DNS forwarders set to your ISP's DNS servers, not your Linux box.

Re: Enabling DNS Forwarder causes IM Problem "Herb Martin" <news[ at ]learnquick.com> 5/29/2007 11:22:30 AM "James Beukelman" <james978[ at ]gmail.com> wrote in message news:ejOGkNcoHHA.3968[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > SBN via WinServerKB.com wrote: >> Hey guys i just enabled forwarder on our DNS servers and point it to use >> our >> Linux box as their forwarder which is also our Default Gateway. But when >> i >> set this DNS servers to use forwarding our IM (yahoo,MSN) cant connect. >> What >> could be the problem? >> > > The simpler answer is to have your DNS forwarders set to your ISP's DNS > servers, not your Linux box. That may be simplest but it is not (always) the most secure and is typically not the most efficient as opposed to his doing it with the gateway to the Internet (his linux box). [It also may not be POSSIBLE since a truly secure setup would usually prevent any critical internal servers (DNS or DCs) from going through the firewall.] One useful addition to your idea may be to TRY this at least temporarily to determine if the problem is with the Linux DNS Server. Gabriel already suggested making sure that the Linux box was actually RUNNING a DNS Server (and I am not sure that I would have remembered to suggest that <grin>). Another problem might be that the Linux server is running DNS but not servicing the INTERNAL NIC, or perhaps is NOT configured to either forward (to another DNS like the ISP) or to do the actual Recursion. Many publicly located DNS Servers do in fact disable recursion and forwarding with the intent to ONLY provide DNS resolution of the zone for which they are authoritative. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: Enabling DNS Forwarder causes IM Problem "simonwhyley via WinServerKB.com" <u11670[ at ]uwe> 5/29/2007 2:09:16 PM Hi One thing I would like to know is do ALL dns queries fail when you configure this Linux box as the upstream DNS server? or is it JUST IM generated DNS queries? Regards Si Herb Martin wrote: [Quoted Text] >>> Hey guys i just enabled forwarder on our DNS servers and point it to use >>> our >[quoted text clipped - 6 lines] >> The simpler answer is to have your DNS forwarders set to your ISP's DNS >> servers, not your Linux box. > >That may be simplest but it is not (always) the most secure and is typically >not the most efficient as opposed to his doing it with the gateway to the >Internet (his linux box). > >[It also may not be POSSIBLE since a truly secure setup would usually >prevent any critical internal servers (DNS or DCs) from going through the >firewall.] > >One useful addition to your idea may be to TRY this at least temporarily >to determine if the problem is with the Linux DNS Server. > >Gabriel already suggested making sure that the Linux box was actually >RUNNING a DNS Server (and I am not sure that I would have remembered >to suggest that <grin>). > >Another problem might be that the Linux server is running DNS but not >servicing the INTERNAL NIC, or perhaps is NOT configured to either >forward (to another DNS like the ISP) or to do the actual Recursion. > >Many publicly located DNS Servers do in fact disable recursion and >forwarding with the intent to ONLY provide DNS resolution of the >zone for which they are authoritative. > -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200705/1

Re: Enabling DNS Forwarder causes IM Problem "Herb Martin" <news[ at ]learnquick.com> 5/29/2007 2:21:29 PM "simonwhyley via WinServerKB.com" <u11670[ at ]uwe> wrote in message news:72e7524f64260[ at ]uwe... [Quoted Text] > Hi > > One thing I would like to know is do ALL dns queries fail when you > configure > this Linux box as the upstream DNS server? or is it JUST IM generated DNS > queries? Good question - -Does an NSLookup which SPECIFIES the Linux DNS Server work? nslookup www.google.com IP.Linus.DNS.Server If so this (practically) eliminates the Linux server as the source of the problem, and if not this tends to prove it is the problem. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)

Re: Enabling DNS Forwarder causes IM Problem "SBN via WinServerKB.com" <u32166[ at ]uwe> 5/30/2007 2:11:51 AM Well our linux box is just configured to share Internet access to our LAN with basic firewall features and also configured with Squid web-proxy cache and nothing more. DNS is not configured on the Linux box, so far nslookup works but if i try to nslookup our Linux box it fails it says its a non- existent domain. -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-dns/200705/1

Re: Enabling DNS Forwarder causes IM Problem "Herb Martin" <news[ at ]learnquick.com> 5/30/2007 11:48:15 AM "SBN via WinServerKB.com" <u32166[ at ]uwe> wrote in message news:72eda17064259[ at ]uwe... [Quoted Text] > Well our linux box is just configured to share Internet access to our LAN > with basic firewall features and also configured with Squid web-proxy > cache > and nothing more. DNS is not configured on the Linux box, so far nslookup > works but if i try to nslookup our Linux box it fails it says its a non- > existent domain. You can only forward to a DNS SERVER so if the Linux box is not a DNS Server you must either pick another Forwarder OR Forward elsewhere (e.g., the ISP DNS Servers) OR have your internal DNS server stop forwarding and do their own recursion for Internet names. A "Forwarder" is always ANOTHER DNS Server that helps the DNS Server which is forwarding. -- Herb Martin, MCSE, MVP http://www.LearnQuick.Com (phone on web site)