Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default Untangle with Win2003 server dns problems

    Hello,
    i am having issues in my network setup, first let me explain my network layout.

    i have a broadband modem running connected to the untangle server.
    I have a win 2003 server running active directory, dns and dhcp
    and i have about 20 clients running windows xp.

    both the untangle server, win2k3 server and clients are connected to the same switch. along with all the clients.

    to make things easier here is some general info:

    untangle servers local ip is 10.10.0.118
    win2k3 server ip is: 10.10.0.1

    the problem i face is with dns.

    if i use untangle servers ip as primary dns and win2k3 as secondary dns, then internet works fine on all workstations but i lose my connection to AD and have problems setting permissions, loggind in with AD usernames etc.

    and if i use win2k3 servers ip as primary dns and untangle as secondary dns, then occasionally, internet cuts out due to the fact it cannot resolve ips from hostnames, problem usually happens when outlook tries to resolve the ip of the mail server.



    Would greatly appreciate any help in the matter.
    let me know if you guys require any further info regarding network setup.

  2. #2
    Untangler
    Join Date
    Dec 2008
    Posts
    53

    Default

    If you only have one internal AD DNS server, your workstations should have your AD DNS server's IP address as the Primary DNS and Alternate DNS should be empty. You should not use any non-AD DNS servers on your workstations.

    Forwarders on your DNS server should be configured to your ISP's DNS or UT. If you use your ISP's DNS in Forwarders on your 2003 server, then make sure your UT is not restricting outgoing DNS traffic.

    If you suspect that your UT is restricting outgoing DNS traffic, then you can create a temporary UT Packet Filter rule or Bypass Rule to pass DNS traffic in config > networking > advanced.

    Something like nslookup [enter] server 4.2.2.2 [enter] www.google.com [enter] should definately resolve. And try nslookup [enter] server 10.10.0.1 [enter] www.google.com [enter] to see that your DNS server Forwarders are functioning.

  3. #3
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    Your server(s), and clients, should ONLY use your domain controllers IP as their one and only DNS server.

    In your DNS server properties, the forwarding tab, that is where you select what to use as your DNS forwarders...either just the root DNS servers, or your ISPs DNS servers, or...what I use for all my SMB clients...I enter the IP addresses for OpenDNS servers for an added layer of security. Since OpenDNS filters out known malware sites 'n phishing, etc. I suspect your problem is here..probably nothing entered.

  4. #4
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    followed your advice,
    only used the AD DNS on clients and in my dns forwarders i set the Untangle servers IP and it works flawlessly now

    THANKS ALOT!!
    appreciate it

  5. #5
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    question for YeOldeStonecat

    currently i use untangle's ip in my dns forwarder, assuming i do what you're suggesting and use a opendns servers, are you sure it will work?
    i ask because fyi my dns server(AD server) has no internet connection of its own, untangle is the only server to have it

  6. #6
    Untangler
    Join Date
    Dec 2008
    Posts
    53

    Default

    Whatever DNS Forwarders you use (OpenDNS, your ISPs, 4.2.2.2, or UT) must be accessible from your AD Server. Can your server reach the Internet? Can you ping 208.67.222.222 from your 2003 server? If you can, then using OpenDNS will work.

  7. #7
    Newbie
    Join Date
    Mar 2008
    Posts
    7

    Default

    no i cannot,
    that why i was wondering how will it connect to the open dns servers,
    only the untangle server has internet connection to it, and we use that to share internet amongst our clients, our other servers(win2003 etc) are kept offline, so i guess, using untangle's ip as dns forwarders is the only option.

  8. #8
    Untangler
    Join Date
    Dec 2008
    Posts
    53

    Default

    Understood.

    If your 2003 server cannot access DNS servers on the Internet, then your UT box is the only option for DNS Forwarders. If you want to use OpenDNS you would need to put the OpenDNS IP addresses in your UT. When your 2003 server queries UT for DNS, then UT will query OpenDNS.

  9. #9
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default

    Quote Originally Posted by yousufalim View Post
    question for YeOldeStonecat

    currently i use untangle's ip in my dns forwarder, assuming i do what you're suggesting and use a opendns servers, are you sure it will work?
    i ask because fyi my dns server(AD server) has no internet connection of its own, untangle is the only server to have it
    Am I sure it will work? I have dozens and dozens of clients with small to medium sized networks (several with networks of approx 70x PCs and a 1/2 dozen servers). They're all setup using OpenDNS as their DNS forwarders.

    Using your router as a "middle man" for DNS only increases time for DNS requests, since all the router does it relay to whatever DNS servers it obtains on the WAN interface (unless you tell it otherwise). So why not skip that extra hop for a DNS request...put your DCs DNS forwards directly to the DNS servers of your choice.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2