locked
Trying to understand dns forwarders RRS feed

  • Question

  • Hello,

    I am trying to understand dns forwarders, which seems a tough concept for me:

    In order to understand better their functioning  I have created an scenario, which should work as follows:

    I have one domain called himalaya.local. To this domain belongs the following computer / servers: PcClient1, DNS Server2, DNS Server1

    The scenario schema should be ( its a private virtualized environment):

    PcClient1 --> DNS Server2  --> DNS Server1 (has 2 ethernet networks , 1 one of them is in bridged mode to get out to theInternet --> 169.254.168.254 ) --> ISP

    PcClient1 looks up against himalaya.local domain should be resolved by DNS Server Lookup Zone of the DNS Server2.

    But, if PcClient1, looks up against internet stuff, should be resolved by DNS Server1 , BUT passing the request previously by DNS Server2. Finally DNS Server2, which can`t resolve the request sends the request to DNS Server 1 which should pass the request to the ISP (Internet Service Provider) in order to retrieve the response to PcClient1.

    Therefore, I implement the scenario as  follows:

    DNS of PcClient1: @IP 10.10.0.14,  DNS: 10.10.0.11   *Note: I consider I dont have fill the default gateway because in this level I am not going to route anything to outside.  I am not sure if this step is weel done, but I consider this.

    DNS Server2 features: @IP 10.10.0.11,  DNS: 10.10.0.11  *Note: I consider I dont have fill the default gateway because in this level I am not going to route anything to outside. I am not sure if this step is weel done, but I consider this.

    DNS Server1 features: @IP 10.10.0.10  Gateway: 10.10.0.1  DNS: 10.10.0.10. In this step I fill the gateway because I am going to router to outside (ISP). 

    In the DNSServer2 in the forwarders, I should insert 169.254.168.254 address (which points to bridge Internet Ethernet in DNS Server1 to resolve internet searches).    And in the DNS Server1, I should to fill the forwarder with ISP Dns.

    But, with any reason, it doesnt work.  The DNS Server1 when I fill the forwarder with 169.254.168.254 address shows me the message error :   The server forwarders cannot be updated. The IP address is invalid.

    I supposed that maybe I have commiteed several erorrs, but I dont know where are the errors located.

    So, I would appreciate any help to solve this question.  

    Thanks with anticipation

    Regards

    Sunday, March 13, 2016 6:59 PM

Answers

  • You are adding an APIPA address which should not work. You need to a private IP address instead.

    By the way, I am not sure I understand what you are trying to achieve with such forwarding.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, March 13, 2016 8:56 PM
  • Hi  Roberto,

    Based on my understanding, you want client1 (10.10.0.14) use DNS2 (10.10.0.11) to do name resolution, DNS server with forwarder points to DNS1 (10.10.0.10), DNS1 with forwarder points to ISP DNS server address.

    Correct me if I misunderstood.

    >In the DNSServer2 in the forwarders, I should insert 192.168.1.129 address (which points to bridge Internet Ethernet in DNS Server1 to resolve internet searches).    And in the DNS Server1, I should to fill the forwarder with ISP Dns.

    Is IP 192.168.1.129 the public IP address of DNS1 which can connect to public network.

    If so, in DNS2 forwarder we need to enter the 10.10.0.10 address of DNS1, since we need to enable DNS2 can communicate with DNS1, and according to your description, seems DNS2 can't attach IP address 192.168.1.129, you may ping 192.168.1.129 on DNS server2, check the result.

    The key point of DNS forwarder is to enable the DNS server can attach the IP address of the forwarder's IP address.

    From my point of view, the main issue in your is scenario is route issue, DNS forwarder is simple, we want to use which DNS server as forwarder then enter which DNS server's IP address, then enable the IP address is accessible.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, March 14, 2016 2:17 AM

All replies

  • You are adding an APIPA address which should not work. You need to a private IP address instead.

    By the way, I am not sure I understand what you are trying to achieve with such forwarding.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, March 13, 2016 8:56 PM
  • Hello Ahmed, 

    Thanks for you answer. I have correct the APIPA error, and now I have as address 192.168.1.129 instead.

    But still doesnt run teh scenario, because when I try to connect to Internet form PcClient1 ---> "Internet Explorer cant show the web page", equally I can`t make ping to web pages.

    Still doesnt work

    The aim of this scenario, is to understand better the concepts of forwarders practising with an scenario I created, because I feel that with theory I am not able to understand it well.... 


    Regards


    Sunday, March 13, 2016 11:51 PM
  • Hi  Roberto,

    Based on my understanding, you want client1 (10.10.0.14) use DNS2 (10.10.0.11) to do name resolution, DNS server with forwarder points to DNS1 (10.10.0.10), DNS1 with forwarder points to ISP DNS server address.

    Correct me if I misunderstood.

    >In the DNSServer2 in the forwarders, I should insert 192.168.1.129 address (which points to bridge Internet Ethernet in DNS Server1 to resolve internet searches).    And in the DNS Server1, I should to fill the forwarder with ISP Dns.

    Is IP 192.168.1.129 the public IP address of DNS1 which can connect to public network.

    If so, in DNS2 forwarder we need to enter the 10.10.0.10 address of DNS1, since we need to enable DNS2 can communicate with DNS1, and according to your description, seems DNS2 can't attach IP address 192.168.1.129, you may ping 192.168.1.129 on DNS server2, check the result.

    The key point of DNS forwarder is to enable the DNS server can attach the IP address of the forwarder's IP address.

    From my point of view, the main issue in your is scenario is route issue, DNS forwarder is simple, we want to use which DNS server as forwarder then enter which DNS server's IP address, then enable the IP address is accessible.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, March 14, 2016 2:17 AM