trip0125 Posted October 29, 2010 Posted October 29, 2010 This is probably going to be something simple, however I can't figure it out. I have a 2008 DC running on one virtual machine and a Forefront server running on another. The DC has DNS installed (of course) and that all works fine. Now this is where I'm running into a problem; I have DNS also installed on the FF server to resolve DNS from the internet. The DC is set as the primary DNS server, with no fowarders listed, and the FF is set as the secondary DNS server which does have the fowarders to my ISPs DNS servers. This setup is working, mostly. It resolves but far more slowly than it should. My friend tells me that I shouldn't need a DNS server on the FF server, but if I try to just put the fowarders in my DC and remove DNS off the FF server, I can not resolve anything outside of the LAN. I'm probably making this over complicated, but I'm not sure in what way. Anyone have an idea? Thanks in advance. Quote
mmthomas Posted October 29, 2010 Posted October 29, 2010 You don't say anything about the rest of your network. Are the NS lookups slow from client machines or from the servers? Are you allowing all traffic outbound through your firewall or are you restricting DNS traffic to only your server? When you remove DNS from the FF server, can you do resolution from the DC and not from clients, or does it fail from all machines? Your friend is correct that you shouldn't need DNS on both the DC and FF server. I'm assuming that the FF server is your gateway to the internet, in which case my guess is that you need to configure FF to allow the DNS traffic from your DC out to the internet. That would also explain some slowness -- your clients would try the primary DNS server which was available but blocked from querying external servers. Eventually it would time out and your clients would move to the secondary NS. But I could be wrong without knowing more about your setup. Quote
trip0125 Posted October 30, 2010 Author Posted October 30, 2010 Lookups are slow from both clients and servers. Except the FF server. All DNS has been allow from anywhere to anywhere for the duration of my troubleshooting this issue. If I remove DNS from the FF server, the only machine (server or client) that can resolve is the FF server. FF = Forefront. Yes it is my gateway. DNS has been allowed through. The configuration of the FF server was imported from a previous installation on the same server prior to my reinstalling windows. And prior to reinstalling windows, everything worked fine. But I also reinstalled windows on the DC. After talking to my friend today, he suggested that I put a fowarder in the DC's DNS to point to the FF DNS. As soon as I am able to, I will try that and post whether it worked or not. Thank you for your response and time! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.