Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » DNS problem..need help..

Messages: 11
Karma: 0
Send a private message to this user
I have local dns server 2003 ( with
IP address

and kwf IP without gateway IP
and kwf inet IP adsl modem)
with gateway IP
DNS assigned by isp

client PC IP:
dns: /

If I set dns client PC to it was be very slow to login to server 2003 domain but I'm able to browsing and emailing.
If I set dns client PC to it was faster to login to domain company.local but I couldn't connect to internet and email.

I've read manual config from kerio but still confuse about dns forwarding. I mean if I set dns client to I need to set dns forwarder to I don't know where I should to set.

Pleasee helpp..need help ASAP..
thank's for the answer..

Messages: 12
Karma: 0
Send a private message to this user
i also have dns problems like this.

my solution:

in order to authentificate to the windows200x server (Active Diretory) AND use "fast" DNS against the internet i use
an "old lanmanger" methode:

on the lan-clients:
open a dos box (cmd.exe)
navigate to your windows home directory (cd %systemroot%) which is normaly "c:\windows"
navigate to .\system32\drivers\etc (e.g.: c:\windows\system32\drivers\etc)
look after a files named "lmhosts.sam" and "lmhosts." [without extension] (dir lmhosts.*)
if there is no file "lmhosts." copy the lmhosts.sam to lmhosts.
copy lmhosts.sam lmhosts.
edit the "lmhosts." file with notepad:
notepad lmhosts. (dont forget the ".")

in notepad you can first read the samples from microsoft
navigate to the end of the file
in a new line add a entry for your windows AD-Server:
e.g. the lan-ip of the server is, the servername is "myserver" and the domain name is "mycompany" the new entry should read as follow: myserver #PRE #DOM:mycompany

save the lmhost. file, exit notepad
at the dos-prompt, use the command
type lmhosts.
to verify the file has been saved corretly

this instructs the windows to do the following:
a) load in the dns-cache before authentificate to domain (#PRE)
b) marks the "myserver" entry as a domaincontroller (dc) for the domain "mycompany"

next, assign the DNS-server entrys at your clients to the winroute server and/or to the dns-server of your isp.

reboot the client

cause the lmhosts. entrys, the windows name resolution can
acces your ad-server, and also do fast dns-requests to the internet.

you may ad some more servers of your lan to the lmhosts. file

if erverything works fine, redistribute the lmhosts. file to all
other clients


Messages: 32
Karma: 0
Send a private message to this user
what did you set on KFW machine ip's DNS ?
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Let the client pc's do DNS reqeust to the 2k3 server
And let the 2k3 server do DNS reqeust to the Firewall.
Take the firewall out the DNS loop. Because if the DNS from the 2k3 server can't give answer it will be contacting out-side DNS through the gateway.
THe DNS on the firewall isn't needed if the w2k3 server runs DNS.

ICT and Me
Carlo Turk
The Netherlands

Messages: 32
Karma: 0
Send a private message to this user
yes you are correct. I have done that but now firewall machine was part of AD. And when I remove AD dns ip it cannot to domain server...

Messages: 12
Karma: 0
Send a private message to this user
Just set DNS address in all computers to kwf address and
add to host file on kwf the name of AD server like
Previous Topic: help ASAP : how to set kwf to permit smtp using SSL
Next Topic: error opening page with.php and can't see the flash image in the website if i use Kerio as my router
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 04:52:41 CET 2017

Total time taken to generate the page: 0.00390 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.