Hi,
I'm not able to resolve Internet from any pc or from the server in my company when i use my dns server with root hints !!.
Note:. Root Hints are available and validates
but when i put Google DNS IP "8.8.8.8" in forwarders Tab then all of pc & server can surf the internet normally wihtout problems ?
I Have 2 Modules Of Firewall "ASA & FortiGate " But no Rule Applied on the server !!!!
can anyone help me on this case please ?
Thanks A lot Guys,
0
4 replies to this topic
#2
MarkinManchester
-
- Veterans
-
- 3933 posts
Village Elder
- Gender:Male
- Location:KABUL
Posted 20 June 2012 - 07:42 AM
try this http://www.itgeared....er-may-fail-to/
or this http://www.itgeared....s-issues-edns0/
or any of these
Using DNS Security Extensions (DNSSEC) Windows 2003
http://technet.micro......8WS.10).aspx
Distribute Trust Anchors
http://technet.micro......8WS.10).aspx
DNS Security Extensions (DNSSEC)
http://technet.micro......8WS.10).aspx
Configure DNSSEC.
http://technet.micro......8WS.10).aspx
Modify DNSSEC configuration: (DNS)
http://technet.micro......8WS.10).aspx
Server 2008 and don't forget to read the comments.
http://blogs.technet....windows-7.aspx
One of them will relate to your problem but also look at your firewall because of this "DNSSec utilizes UDP DNS packets larger than 512 bytes and many firewalls don't recognize the larger packet size as being legitimate DNS packets" so read this http://technet.micro...y/hh972393.aspx
and this for general guidance if you FW is cisco but just follow the guidelines as it applies to protocol rather than vendor so its based around the Core DNSSEC RFCs are RFC 4033, RFC 4034, and RFC 4035
Mark
or this http://www.itgeared....s-issues-edns0/
or any of these
Using DNS Security Extensions (DNSSEC) Windows 2003
http://technet.micro......8WS.10).aspx
Distribute Trust Anchors
http://technet.micro......8WS.10).aspx
DNS Security Extensions (DNSSEC)
http://technet.micro......8WS.10).aspx
Configure DNSSEC.
http://technet.micro......8WS.10).aspx
Modify DNSSEC configuration: (DNS)
http://technet.micro......8WS.10).aspx
Server 2008 and don't forget to read the comments.
http://blogs.technet....windows-7.aspx
One of them will relate to your problem but also look at your firewall because of this "DNSSec utilizes UDP DNS packets larger than 512 bytes and many firewalls don't recognize the larger packet size as being legitimate DNS packets" so read this http://technet.micro...y/hh972393.aspx
and this for general guidance if you FW is cisco but just follow the guidelines as it applies to protocol rather than vendor so its based around the Core DNSSEC RFCs are RFC 4033, RFC 4034, and RFC 4035
Mark
#3
MER007
-
- Members
-
- 3 posts
Newbie
Posted 20 June 2012 - 06:35 PM
i've tried these steps but the problem is still !
google dns is working but root hints are not working, when i switch forwarders to 8.8.8.8 i can get to the internet and i've tried to put the root hints IP's in Forwarders tab but still not working too .
google dns is working but root hints are not working, when i switch forwarders to 8.8.8.8 i can get to the internet and i've tried to put the root hints IP's in Forwarders tab but still not working too .
#4
MarkinManchester
-
- Veterans
-
- 3933 posts
Village Elder
- Gender:Male
- Location:KABUL
Posted 21 June 2012 - 05:13 AM
It would have taken me two days to test all of that in a methodical manner!! Maybe I am slow and dont know what I am doing anymore?
#5
MER007
-
- Members
-
- 3 posts
Newbie
Posted 21 June 2012 - 07:26 AM
I do not have a way of thank you for your interest and I appreciate your effort Thank you Mark .
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
