Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » DNS issue with KWF & WINDOWS 2000 ACTIVE DIRECTORY
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
How do i work around with the DNS?

LAN COnfig:

Windows 2000 Server with (Active directory integrated DNS)
90.0.0.2

Windows 2000 Prof
2 NIC-90.0.0.1 & 217.40.XX.XX
One NIC connects to LAN switch and other to broadband router

other Win 2000 clients
IP Add 90.0.0.X
Sub Mask 255.0.0.0
Gateway 90.0.0.1
Pref DNS 90.0.0.2
Alt DNS 90.0.0.1

All the users are domain users,
If i put 90.0.0.1 as Pref DNS in clients then clients can easily browse internet but the users login takes ages and the domain policies doesnt works

And
If i put 90.0.0.2 as Pref DNS in clients then clients cannot browse internet. but there wont be any problem with the users login and domain policies.

So what shall i do so that both , clients can access internet and domain policies will work.
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
You can set up that the DNS on the W2k server resolves external names and use it instead of the DNS forwarder of KWF.

This way you will have the correct authentication to active directory & browse the internet.

For this to work you should let the W2k server access the internet on port 53 (DNS port).(make a traffic rule in KWF console)

Also you should remove the "." zone in the DNS server so it wil resolve external queries. Take a look at:

http://support.microsoft.com/kb/291382

Regards
German Ruiz
Uruguay


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
Do i need to disable DNS forwarder of KWF?

I did delete "." from my dns server.

Now what address do i need to put in client dns, Server's address or KWF computer's address?


  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
Yes, disable the DNS forwarder in KWF.

Then use the DNS of the W2k Server (90.0.0.2 in your case) in all of the workstations (not the kwf address).

You can make a nslookup to the 90.0.0.2 and see if it resolves the names. (it should be able of accessing internet in port 53)

Regards

[Updated on: Sun, 27 February 2005 20:52]


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
If i disable the DNS forwarder in KWF then internet doesnt works.

I followed these steps:
1. Deleted the "." from my dns server's forward lookup zones.
2. In the properties of my dns server, i enabled the forwarders and put the dns address of my isp.
3. I disabled the dns forwarder in KWF.
4. In the gateway of my client i put the KWF pc's ip address and in the pref dns i put DNS server's ip add.

Now the internet doesnt works but if i disable the DNS forwarder in KWF pc & change the client dns to KWF pc's ip add then internet does works but the domain login gives problems.

Sorry germanr, for giving you trouble, i will be very grateful if you please help me with this.
Thanks
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
You don't need to put forwarders on the DNS server.

Why don't you try to make a nslookup (nslookup.exe command from the cmd prompt) and type any domain to see if the DNS server is resolving properly the names. For information on how to use: http://support.microsoft.com/kb/200525/en-us

Don't forget to make the rule in the traffic policy. Otherwise the DNS server cannot make the queries. (see the image of my settings)

In my case I have a group named Servidores with the IP's of the servers that need to query DNS.

  • Attachment: new-1.jpg
    (Size: 15.14KB, Downloaded 774 times)

German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
What dns do i need to put in clients dns address?
If i put KWF address then login takes ages and if i put win 2000 server address then internet doesnt works but no problem with login.

And from client machine if i type NSLOOKUP then it gives me the name of my windows 2000 server and its ip address.
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
What dns do i need to put in clients dns address?
The windows 2000 server IP. 90.0.0.2 in your case

If i put KWF address then login takes ages and if i put win 2000 server address then internet doesnt works but no problem with login.
Then the DNS server of your 2000 server is not resolving names. KWF is not the problem.

And from client machine if i type NSLOOKUP then it gives me the name of my windows 2000 server and its ip address.

That's correct. Then query it with cnn.com for example to see what it responds.

German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
Client has dns address of 90.0.0.2.
Now client cannot browse internet.

I did nslookup and got this

DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 90.0.0.2: Timed out
*** Default servers are not available
Default Server: UnKnown
Address: 90.0.0.2

The first thing is that client cannot browse when u use 90.0.0.2 as dns but works fine if i use 90.0.0.1.
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
Then you have a problem with the DNS server. Check the link at microsoft on previous messages for the most common errors in DNS configuration.

(are you sure that the server can connect to the internet in port 53??)

German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
bickyz

Messages: 11
Karma: 0
Send a private message to this user
Atlast i problem been sorted.

Many Many thanks to u "germanr" for your kind help.

5 star for your help.
Previous Topic: VPN Nortel Contivity
Next Topic: KPF + Linksys Wireless Network Adapter Problem
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 05:45:43 CET 2017

Total time taken to generate the page: 0.00453 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.