none
Cannot Communicate with Primary DNS Server

    Question

  • I can't get internet access through the router and to my SBS 2008 server.  I'm configured as follows:

    Modem(Comcast; SMC) - bridge settings done by Comcast

    Router(DLink; Wireless with 4 ethernet ports):

    • Static IP
    • IP Address:  abc.acd.xy.zzz
    • Subnet Mask:  255.255.255.0
    • Gateway: abc.acd.xy.zza
    • Primary DNS:  gg.hh.ii.jj
    • Secondary DNS: gg.hh.kk.mmm
    • Advanced DNS:  disabled
    • LAN IP: 192.168.0.1
    • LAN Mask: 255.255.255.0
    • DHCP Server: Disabled
    • WISH: Inactive
    • Guest Zone: Disabled
    • QOS Traffic Shaping: Enabled
    • QOS Engine:  Enabled
    • Firewall SPI:  Disabled
    • UDP Filtering: Address Restricted
    • TCP Filtering: Port/Address Restricted
    • WIFI Protected: Enabled
    • UPnP:  Enabled
    • PPPoE Pass Through:  Enabled
    • Virtual Server and Port Forward:  25, 80, 443, 500, 987, 1723, 3389, 4125, 4500, 60443
    • to server:  192.168.0.2

    Network Adapter Settings:

    • IP Address: 192.168.0.2
    • Subnet Mask: 255.255.255.0
    • Gateway: 192.168.0.1
    • Primary DNS: gg.hh.ii.jj
    • Secondary DNS: gg.hh.kk.mmm

    I've tinkered with just about every setting.  I'm plum out of ideas.  I can't get Internet through the router, even though I can verify that Internet is accessable by plugging the server directly into the modem and configuring the settings accordingly.  I've run the FMN wizard.  I keep getting the same error code:  Cannot Communicate with Primary DNS Server(gg.hh.ii.jj).

    All help will be appreciated.


    • Edited by Gorlaw Sunday, April 24, 2011 3:33 AM typos
    Sunday, April 24, 2011 3:16 AM

Answers

  •   No. That would be fine if you were not using a domain. If you want to have a domain setup, all machines must use the local DNS. The DNS addresses supplied by your ISP cannot resolve names of your local machines, so AD will fail. AD depends on DNS.

      You must use the local DNS and configure that local DNS to forward to a public DNS service. You can use the addresses spplied by your ISP for this if you like. 

     


    Bill
    • Marked as answer by Gorlaw Thursday, April 28, 2011 2:17 AM
    Sunday, April 24, 2011 11:11 PM

All replies

  •   You cannot do that with a domain controller, and SBS must be a DC. The DNS relay method used by your NAT router is not compatible with AD.

      All AD machines, including the DC itself should use only the IP address of the DC for DNS. No other addresses, even as secondaries. Your local DNS is the only on which can find domain resources.

      To enable this local DNS to resolve foreign URLs, configure DNS to forward to a public DNS service. You can use your ISP, or a public DNS service like 4.2.2.2  .

       Client machines should use the the DLink as their gateway but the DC for DNS. If you want to automate this you will need to disable the DHCP service on the DLink and run your own DHCP on the server.

     

     

     


    Bill
    • Proposed as answer by Tiger Li Monday, April 25, 2011 7:38 AM
    Sunday, April 24, 2011 6:54 AM
  • Thanks Bill.  The ISP provided the Primary and Secondary DNS I was using.  I thought they were ISP or public DNS services.  That is, the ISP gave me gg.hh.ii.jj and gg.hh.kk.mmm, so does your answer change?
    Sunday, April 24, 2011 2:49 PM
  •   No. That would be fine if you were not using a domain. If you want to have a domain setup, all machines must use the local DNS. The DNS addresses supplied by your ISP cannot resolve names of your local machines, so AD will fail. AD depends on DNS.

      You must use the local DNS and configure that local DNS to forward to a public DNS service. You can use the addresses spplied by your ISP for this if you like. 

     


    Bill
    • Marked as answer by Gorlaw Thursday, April 28, 2011 2:17 AM
    Sunday, April 24, 2011 11:11 PM
  • Hi ,

    I go with Bill, there has to be a namespace where the queries get successful response , if you are just looking at dns namespace then answer would be different, clients can register with the isp , but if you are looking at domain - follow bill's suggestion.

    Monday, April 25, 2011 2:28 AM