none
LAN to WAN routing using Server 2003 - LAN clients unable to resolve names

    Question

  • Hi All

    Thanks in advance for taking time to read

    I have just configured a Windows Server 2003 R2 machine with 2 NICs to provide Internet access to my AD Domain users using RRAS.

    AD Users can ping using internet IP addresses but not friendly urls. Can anyone help me solve this problem.

    I have a dns Server in My AD which is 10.0.0.248 

    following is the ip config of the Server 2003 Router I have just configured

    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : router
       Primary Dns Suffix  . . . . . . . : corp.mycorp.net
       Node Type . . . . . . . . . . . . : Broadcast
       IP Routing Enabled. . . . . . . . : Yes
       WINS Proxy Enabled. . . . . . . . : Yes
       DNS Suffix Search List. . . . . . : corp.mycorp.net
                                           corp.mycorp.net
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 00-90-0B-26-AA-0D
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 10.0.0.1
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 27.114.140.40
    
    Ethernet adapter Local Area Connection 2:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2
       Physical Address. . . . . . . . . : 00-90-0B-26-AA-0C
       DHCP Enabled. . . . . . . . . . . : No
       IP Address. . . . . . . . . . . . : 203.104.25.102
       Subnet Mask . . . . . . . . . . . : 255.255.255.252
       Default Gateway . . . . . . . . . : 203.104.25.101
       DNS Servers . . . . . . . . . . . : 27.114.138.4
                                           27.114.140.40

    Following is the routing table of the Server 2003 router

    IPv4 Route Table
    ===========================================================================
    Interface List
    0x1 ........................... MS TCP Loopback interface
    0x10003 ...00 90 0b 26 aa 0d ...... Realtek PCIe GBE Family Controller
    0x10004 ...00 90 0b 26 aa 0c ...... Realtek PCIe GBE Family Controller #2
    ===========================================================================
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0   203.104.25.101   203.104.25.102     20
             10.0.0.0        255.0.0.0         10.0.0.1         10.0.0.1     20
             10.0.0.1  255.255.255.255        127.0.0.1        127.0.0.1     20
       10.255.255.255  255.255.255.255         10.0.0.1         10.0.0.1     20
            127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
       203.104.25.100  255.255.255.252   203.104.25.102   203.104.25.102     20
       203.104.25.102  255.255.255.255        127.0.0.1        127.0.0.1     20
       203.104.25.255  255.255.255.255   203.104.25.102   203.104.25.102     20
            224.0.0.0        240.0.0.0         10.0.0.1         10.0.0.1     20
            224.0.0.0        240.0.0.0   203.104.25.102   203.104.25.102     20
      255.255.255.255  255.255.255.255         10.0.0.1         10.0.0.1      1
      255.255.255.255  255.255.255.255   203.104.25.102   203.104.25.102      1
    Default Gateway:    203.104.25.101
    ===========================================================================
    Persistent Routes:
      None

    And here is the ipconfig of an AD client machine

    C:\Users\Administrator>ipconfig
    
    Windows IP Configuration
    
    
    Wireless LAN adapter Wireless Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : Home
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : corp.mycorp.net
       Link-local IPv6 Address . . . . . : fe80::3456:2d54:abe2:c2fe%11
       IPv4 Address. . . . . . . . . . . : 10.0.0.4
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . : 10.0.0.1
    
    Tunnel adapter isatap.Home:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
    
    Tunnel adapter Local Area Connection* 12:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
    
    Tunnel adapter isatap.corp.mycorp.net:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : corp.mycorp.net
    So far I have not done any configuration on our DNS server. It has the defaults as installed. Any help will be highly appreciated.

    • Moved by Santosh BhandarkarMVP Wednesday, May 08, 2013 7:30 AM Moved from Server General forum to more appropriate one
    Tuesday, May 07, 2013 11:34 AM

All replies

  • Assuming those are all of the details then you haven't assigned any DNS servers to your client machines, which would explain why they can ping an IP address (routing's working) but can't ping a DNS address since they've no way to resolve them. If they're receiving their IP details via DHCP then you need to add your DNS server to the DHCP scope so they pick that up, otherwise you'll need to manually add it to their network settings. Once that's done they should be able to resolve the url addresses and connect successfully.
    Tuesday, May 07, 2013 8:17 PM
  • Keith, Thanks for the help

    DNS Server is not there because it was an ipconfig. Below is the client's ipconfig /all

    In fact I have an Active Directory DNS Server (10.0.0.248). AD Clients receive details via DHCP.

    Active Directory users can resolve internal computer names but they are unable to resolve internet domain names as said earlier. By reading related material I'm feeling that I need a FORWARDER. Am I correct?

    Windows IP Configuration
    
    
    Wireless LAN adapter Wireless Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : Home
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : corp.mycorp.net
       Link-local IPv6 Address . . . . . : fe80::3456:2d54:abe2:c2fe%11
       IPv4 Address. . . . . . . . . . . : 10.0.0.4
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Default Gateway . . . . . . . . . : 10.0.0.1
    
    Tunnel adapter isatap.Home:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
    
    Tunnel adapter Local Area Connection* 12:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
    
    Tunnel adapter isatap.corp.mycorp.net:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : corp.mycorp.net
    
    C:\Users\Administrator>ipconfig /all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : AE-EM-Techs
       Primary Dns Suffix  . . . . . . . : corp.mycorp.net
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ccorp.mycorp.net
    
    Wireless LAN adapter Wireless Network Connection:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : Home
       Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
       Physical Address. . . . . . . . . : 00-1F-3A-B1-19-47
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Local Area Connection:
    
       Connection-specific DNS Suffix  . : corp.mycorp.net
       Description . . . . . . . . . . . : Marvell Yukon 88E8039 PCI-E Fast Ethernet
     Controller
       Physical Address. . . . . . . . . : 00-1D-72-2D-9A-A9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::3456:2d54:abe2:c2fe%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.0.0.4(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.0.0.0
       Lease Obtained. . . . . . . . . . : Wednesday, May 08, 2013 3:18:53 AM
       Lease Expires . . . . . . . . . . : Thursday, May 16, 2013 3:18:53 AM
       Default Gateway . . . . . . . . . : 10.0.0.1
       DHCP Server . . . . . . . . . . . : 10.0.0.249
       DHCPv6 IAID . . . . . . . . . . . : 234888562
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-F7-57-66-00-1D-72-2D-9A-A9
    
       DNS Servers . . . . . . . . . . . : 10.0.0.248
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.Home:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter Local Area Connection* 12:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.corp.mycorp.net:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : corp.mycorp.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Wednesday, May 08, 2013 3:47 AM
  • Funnily enough it suddenly dawned on my that was the output from a simple ipconfig when I was going to bed! :-) Shows how rarely I leave off the /all.

    In that case it definitely sounds like the issue is with your DNS server being able to do external look ups. Using forwarders tends to be recommended since it's less load on the server, but normally unless something's blocking it I'd expect the server to be able to do lookup directly via root hints. That said I have seen situations where a server simply won't / can't do recursive lookups, I've been unable to determine why, but adding forwarders has resolved it.

    Is your DNS server able to resolve external addresses? Is it using itself for DNS resolution? If you've got some DNS forwarder addresses available then I'd suggest adding them to your DNS server properties and see if that resolves the issue, otherwise OpenDNS and Google both provide public DNS servers you can use.

    Wednesday, May 08, 2013 7:06 AM
  • Hi Keith

    My AD DNS Server is a newly built one and not yet connected to internet.  The very purpose of configuring Server 2003 as a router is to provide internet access to the new AD DNS server, member servers, DCs and clients in my domain.

    May be the lack of internet was why the DNS server was unable to look up via root hints. Not sure!

    But now the problem is solved by doing the following.

    Installed DNS role on the Server 2003 machine I'm using as a router and configured it as a forwarder for my ISPs DNS server and configured my AD DNS Server to forward DNS requests to the Server 2003 machine.

    Now all AD users are able to resolve names. Thanks for your time spent on seeing my progress

    Wednesday, May 08, 2013 9:33 AM
  • That'd be it then, if the DNS server didn't have internet access then it obviously wouldn't be able to do external DNS lookups.

    Good to hear you got it working in the end though.

    Wednesday, May 08, 2013 10:33 AM