Jump to content
Forum²

Recommended Posts

Posted

This is probably going to be something simple, however I can't figure it out.

 

I have a 2008 DC running on one virtual machine and a Forefront server running on another. The DC has DNS installed (of course) and that all works fine. Now this is where I'm running into a problem; I have DNS also installed on the FF server to resolve DNS from the internet. The DC is set as the primary DNS server, with no fowarders listed, and the FF is set as the secondary DNS server which does have the fowarders to my ISPs DNS servers.

 

This setup is working, mostly. It resolves but far more slowly than it should. My friend tells me that I shouldn't need a DNS server on the FF server, but if I try to just put the fowarders in my DC and remove DNS off the FF server, I can not resolve anything outside of the LAN.

 

I'm probably making this over complicated, but I'm not sure in what way. Anyone have an idea?

 

Thanks in advance.

2008printprob.jpg.0d98303391291a569d58031634bcb8bb.jpg

Posted

You don't say anything about the rest of your network. Are the NS lookups slow from client machines or from the servers? Are you allowing all traffic outbound through your firewall or are you restricting DNS traffic to only your server? When you remove DNS from the FF server, can you do resolution from the DC and not from clients, or does it fail from all machines?

 

Your friend is correct that you shouldn't need DNS on both the DC and FF server. I'm assuming that the FF server is your gateway to the internet, in which case my guess is that you need to configure FF to allow the DNS traffic from your DC out to the internet. That would also explain some slowness -- your clients would try the primary DNS server which was available but blocked from querying external servers. Eventually it would time out and your clients would move to the secondary NS. But I could be wrong without knowing more about your setup.

Posted

Lookups are slow from both clients and servers. Except the FF server. All DNS has been allow from anywhere to anywhere for the duration of my troubleshooting this issue. If I remove DNS from the FF server, the only machine (server or client) that can resolve is the FF server.

 

FF = Forefront. Yes it is my gateway. DNS has been allowed through. The configuration of the FF server was imported from a previous installation on the same server prior to my reinstalling windows. And prior to reinstalling windows, everything worked fine. But I also reinstalled windows on the DC.

 

After talking to my friend today, he suggested that I put a fowarder in the DC's DNS to point to the FF DNS. As soon as I am able to, I will try that and post whether it worked or not.

 

Thank you for your response and time!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...