configuring DNS behind firewall

[ngadacz]

hello all,

i am a developer, who has to wear a systems administration hat a fair
amount. we are running a windows 2003 dns server behind a firewall. how
do i tell if this is configured correctly.

i get the following when i do a nslookup

C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 10.0.0.2: Non-existent domain
Default Server: UnKnown
Address: 10.0.0.2


all request which i type in come back with valid responses. but don't
know why i get the first message.

are there any good whitepapers on configuring a windows 2003 DNS server
/ SMTP server behind a firewall?

what should my host file look like?
thanks in advance.

nicholas gadacz

 

[ObiWan]

i am a developer, who has to wear a systems

administration hat a fair amount.

Heh, seen such a situation a lot of times

we are running a windows 2003 dns server
behind a firewall. how do i tell if this is configured
correctly.

i get the following when i do a nslookup

C:\Documents and Settings\Administrator>nslookup
*** Can't find server name for address 10.0.0.2: Non-existent domain
Default Server: UnKnown
Address: 10.0.0.2

all request which i type in come back with valid responses. but don't
know why i get the first message.

that's due to the lack of a reverse zone for the DNS
subnet itself, you'll need an "in-addr.arpa" zone and
at least a PTR record for 10.0.0.2 inside that zone
to solve your issue; it's no "black magic", just open
the DNS MMC, select the "reverse zones" icon, then
right click on it and select "new zone" at this point
either select "AD integrated" or "standard primary"
at this point enter 10.0.0 at the subnet request confirm
the creation of a new file and proceed; now, open the
direct zone for your local domain, select the "A" record
for the DNS, take a note of the record settings, then
delete and recreate the record _CHECKING_ the
"create PTR record" option, save the settings, reopen
the reverse zone and if all worked as needed you will
now see a PTR record for your DNS, now.. just repeat
that "nslookup", it shouldn't "barf" anymore

What else .. uh, yes, ensure that the DNS traffic rules on
your firewall allow *BOTH* UDP _and_ TCP traffic !!

Regards

--

* ObiWan

Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://mvp.support.microsoft.com

DNS "fail-safe" for Windows clients.
http://ntcanuck.com

408+ XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm

 

[Jonathan de Boyne Pollard]

n> C:\Documents and Settings\Administrator>nslookup

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/nslookup-flaws.html>

n> *** Can't find server name for address 10.0.0.2: Non-existent domain

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/nslookup-daft-error-message.html>

n> what should my host file look like?

It should be nearly empty. The whole point of the DNS is to replace
"hosts" files.