Windows NT 4.0 DNS-Server behind a Hardware Router

Hi!

I'm using an old Windows NT 4.0 Server with DNS and DHCP Services in my LAN. All machines in my internal domain are correctly resolved by the DNS-server.

Last week we got an external Broadband Router for our internet access. It works very well!

How can I tell the NT-DNS-Server to resolve external DNS-names by accessing the router?

HELP ME PLEASE!!

At least I think this is what you were asking for. I couldn't hardly understand the question.

1) You need to configure the router to forward your public IP port 53 via UDP and TCP to your NT dns server private IP.

However, maybe you were talking about the other way around.

2) You need to configure the NT computer to use the router as the gateway.

Hi SilentRage!

Thx for your reply. I'm sorry for my incomplete question.

Here all facts I know:

My Problem is, that I have an internal DNS-Domain (name "internal.local") in my NT 4.0 Domain (name "internal").

Via DHCP my three client-computers shall (if possible) receive all IP-information to resolve

1.) my internal DNS-Domain (works fine) and
2.) all external internet domains (doesn't actually work) by accessing my hardware router (ZyXEL Prestige series)

from my old NT-Server.

Actually DHCP provides the following information to connected clients (with option numbers):

003 Router (my external ZyXEL's IP)
006 DNS Servers (the IP of my NT-Server)
015 Domain Name (internal.local)
044 WINS/NBNS Servers (the IP of my NT-Server)
046 WINS/NBT Node Type (value: 0x8)

The "Forwarding" option (DNS-Server properties) is set to my external ZyXEL's IP.

My Prob is, that my DNS-Server doesn't resolve itnernet domain names and doesn't forward them to my clients. I solved this Prob in another network (using W2K-Server) by activating the "Forwarding"-option in the DNS-Server.

If I switch my clients to fixed IPs with a gateway everything works well ...

Hope my question was a bit better now!

This line:

003 Router (my external ZyXEL's IP)

Is probably just a odd way of saying, the gateway. DHCP provides a gateway IP you know, and that line was the closest thing to it. However, you said you specified your external ZyXEL's IP. You should specify the internal IP of your router. Something like 192.168.0.1 or 10.0.0.1 or whatever.

... of course I used the LAN-IP not the WAN-IP of my router. ;-)

External means, that my router is an external device!

But that's not the prob. If I try to resolve an external (internet) domain name (i.e. by typing "nslookup forums.devshed.com") I receive a timeout message. A "ping 64.41.73.216" works well ...

So the Gateway seems to be correctly set up.

If I use my ZyXEL as the DNS-Server the nslookup-command works.

Do I have to setup special settings in my router to work as a forwarder?

[getting more info]

so is the problem as simple as a LAN computer not being able to resolve internet domains? Go to a windows box and type the following command:

c:\>ipconfig /all

And paste for me the results. Otherwise, if you don't have a windows box, paste for me the resolves in the following file:

resolv.conf

[a guess as to the problem]

If your DNS Server came with Windows 2003, then set the setting to allow recursive queries. If you are using BIND, then you need to specify "recursion yes;" in your named.conf.

This is the output of "ipconfig -all" on my Windows NT 4.0 Server (this is the DNS-Server):


Windows NT IP-Konfiguration

Host-Name . . . . . . . . . : pdc.internal.local
DNS-Server. . . . . . . . . : 192.168.115.1
Knotentyp . . . . . . . . . : Hybrid
NetBIOS-Bereichs-ID . . . . :
IP-Routing aktiviert. . . . : Nein
WINS-Proxy aktiviert. . . . : Nein
NetBIOS-Auswertung mit DNS : Ja

Ethernet-Adapter El90x1:

Beschreibung. . . . . . . . : 3Com EtherLink PCI
Physikalische Adresse . . . : 00-50-DA-00-00-00
DHCP aktiviert. . . . . . . : Nein
IP-Adresse. . . . . . . . . : 192.168.115.1
Subnet Mask . . . . . . . . : 255.255.255.0
Standard-Gateway. . . . . . : 192.168.115.2
Primärer WINS-Server. . . . : 192.168.115.1


Here the Output of "ipconfig -all" on a Win2k-Client:


Windows 2000-IP-Konfiguration

Hostname. . . . . . . . . . . . . : client01
Primäres DNS-Suffix . . . . . . . : internal.local
Knotentyp . . . . . . . . . . . . : Hybridadapter
IP-Routing aktiviert. . . . . . . : Ja
WINS-Proxy aktiviert. . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : internal.local

Ethernetadapter "Realtek RTL8139(A) PCI-Fast Ethernet-Adapter":

Verbindungsspezifisches DNS-Suffix: internal.local
Beschreibung. . . . . . . . . . . : Realtek RTL8139(A) PCI-Fast Ethernet-Adapter
Physikalische Adresse . . . . . . : 00-20-ED-00-00-00
DHCP-aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IP-Adresse. . . . . . . . . . . . : 192.168.115.11
Subnetzmaske. . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.115.2
DHCP-Server . . . . . . . . . . . : 192.168.115.1
DNS-Server. . . . . . . . . . . . : 192.168.115.1
Primärer WINS-Server. . . . . . . : 192.168.115.1
Lease erhalten. . . . . . . . . . : Samstag, 20. März 2004 18:28:21
Lease läuft ab. . . . . . . . . . : Dienstag, 23. März 2004 18:28:21


I'm wether using Windows 2003 nore any UX as my DNS-Server (I'd switch to Linux - if it only was possible ;-)!!

I only have an old WinNT 4.0 Server here (it can't be upgraded because of a specific CNC-machine controlling software).

Is 192.168.115.2 the internal IP of your router?

execute the following command on the win2k client:

C:\>nslookup
> yahoo.com

paste for me the results.

Hi, I'm back again ...

Yes, it's the router's internal IP.

Here the nslookup-results:


C:\>nslookup
Standardserver: pdc.internal.local
Address: 192.168.115.1

> yahoo.com
Server: pdc.internal.local
Address: 192.168.115.1

DNS request timed out.
timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an pdc.internal.local


"Zeitüberschreitung" means "Exceeding the time"

I'm sorry, but I never saw an English message - so I don't exactly know how to translate it ... ;-)

It looks like that client computer can't access the DNS server on 192.168.115.1. I think this IP is a windows NT 4.0 server right? If so, I want to see the results for this following command on the server.

C:\>netstat -an | find ":53"

Yes, 192.168.115.1 is my NT 4.0 PDC.

netstat -an|find ":53" produces no output!

Well then, no DNS server at all is running.

current status of problem if anybody wants to comment:

lanzi and I worked with the problem in the IRC channel of mine and we determined that the problem was, his NT4 DNS server is resolving requests for internal.local zone just fine. But it refuses to resolve requests for domains like "yahoo.com". This could be either because the server does not support recursion, or the forwarders are not properly setup. In any case, I can't help him cause Microsoft DNS Server is not my thing.

Guys,

I have had this problem for ages, and found the answer elsewhere. (I wanted to post the URL but the rules prevent me).


Open up the DNS manager and in the forwarders folder, delete the '.' entry if you have it. (mine was there by default). The problem for me was that this option was grayed out. The '.' entry seems to fool the server into thinking it is a root server.

You will need to wait a few seconds or refresh, but right click the DNS server node, click the forwarders tab.

I entered my local IP for the router that connects to the WAN and et voila! months of workarounds were resolved instantly.