Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Active Directory DNS resolution
  •  
benjalamelami

Messages: 157

Karma: 5
Send a private message to this user
The network topography I have designed is to use a virtual appliance for the Kerio and an Active Directory Windows 2008R2 server behind it.

Currently, I am using the DHCP from the windows server and I have issues with my DNS resolution on my clients.

The DNS on the windows 2008 server is my primary DNS for all my clients. I am forwarding all DNS queries out of this zone to the Kerio appliance.

What is the best solution?

Using as the primary DNS for the Kerio and make Kerio forward all DNS queries related to the domain to the windows server? Or what else can I do to improve DNS resolution?
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
What kind of DNS issues are you having - my setup mirrors yours, that is the domain clients primary and secondary DNS (set by Windows DHCP) are internal Windows servers with a forwarder set for non-local queries pointing to the Kerio box. Just ensure you have not disabled recursion on the DNS server as this will by default disable the forwarder.
  •  
benjalamelami

Messages: 157

Karma: 5
Send a private message to this user
Many DNS are not being resolved. And when they do, they take a looong time to be resolved. Most likely, a timeout.

Where do I check the settings you just told me?

I just left the primary DNS on the Kerio Box, and the Kerio Box forwards all '_*' and '*.domain.local' to the windows servers. Still, sometimes it doesn't help much.

Thanks again
  •  
markt

Messages: 56
Karma: 4
Send a private message to this user
The 'Disable Recursion' option is on the Advanced tab of the Windows DNS server properties page (when right click the server from the DNS MMC snap-in).

Have you enabled the debug logs in kerio for DNS messages?
Are you pointing to a reliable external DNS resolver (e.g. have you tried something like using the OpenDNS servers)?

You can also turn on debug logging on the Windows DNS servers to assist, well, debugging.
Finding where the bottleneck is during the resolution should be easier with data from these logs.
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Hi Juan,

First of all. In a local domain the DC/DNS server must be number one. Otherwise you get problems with logon to the domain.
Second How did you config your network card on the DC/DNS?
I have in the DNS forwarder servers the Kerio Control and Google DNS.
8.8.8.8 and 8.8.4.4
And this work like charme....


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
benjalamelami

Messages: 157

Karma: 5
Send a private message to this user
This is how its working right now:

Primary DNS for all DHCP clients: Kerio Control Box

Kerio Control Box forwards all Domain Related queries (such as Logon) to Domain Controller DNS.

Kerio Control Box uses my ISP DNS to solve all Internet NS queris.

It has worked pretty much ok throughout the day.

Your observations are very well received.

Thanks


[Updated on: Thu, 03 April 2014 00:59]

  •  
benjalamelami

Messages: 157

Karma: 5
Send a private message to this user
Thank you very much. It worked just perfectly. Used the configuration ICT and Me provided. I took out of the equation the control box in the resolution of names. It has worked beautifully.
Previous Topic: will kerio control 8 or later have windows version?
Next Topic: ANNOUNCEMENT: Downloads now available in Support section of website
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 18:40:01 CEST 2017

Total time taken to generate the page: 0.00485 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.