(Msg. 9) Posted: Tue Feb 19, 2008 11:50 pm
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: microsoft>public>win2000>dns (more info?)
HI;
Thanks for the reply. Actually WINS is not setup that is correct. But the
only thing is that makes me worried is that when internet access is not
allowed at server i mean server cannot access any web page but the specific
clients are allowed in this case the internet access must be fine but it is
not. Once the access to internet is provided to server itself then the
clients are able to browse the WebPages. Can it be because the workstation is
sending request to server which has DNS installed and then via the internet
provided to server the DNS send request to forwarder and get reply for the
website i.e www.google.com??
Thanks
Essa
"Ace Fekay [MVP]" wrote:
> In news:362571FC-24DC-4759-8BFF-9824177FC77B@microsoft.com,
> Muhammad Essa <MuhammadEssa RemoveThis @discussions.microsoft.com> typed:
> > HI;
> > The problem is not with name resolution within the LAN at all. Users
> > can work and access resources over different subnets , initiate the
> > remote terminal connection. Only i want to know if the server is not
> > allowed to access the internet and the workstation is allowed to
> > access the net behind the pix firewall the name to IP problem
> > happens.following are some more details.
> >
> > DNS server is working perfectly and can resolve name to IP locally.
> > PIX firewall the configured to allow the required traffic.
> > DNS server is blocked to access the internet.
> > Specific workstations are allowed to access the net.
> >
> > Thanks
>
> I'm not sure what users are using as names to access resources over the VPN.
> Are they accessing by FQDN? If so, it should work. If by single name, then
> no, because we need to resolve the NetBIOS names. When you run an ipconfig
> /all on a connected VPN client, what DNS addresses are being given? Do you
> also have split tunneling defined in the access lists for the VPN group?
>
> Accessing resources across a router by NetBIOS names is blocked by default,
> firewall or not. Therefore I'm assuming that users are accessing resources
> between your current internal subnets by FQDN and not single name if not
> using WINS. Network neighborhood (based on the Browser service) will only
> broadcaset and work on the local subnet and they will not be able to find
> things in that manner in other subnets. Same goes with printer browsing.
>
> I bet that if you are not using WINS, and you have Exchange in place, and
> they are using meeting requests, that calendar Free/Busy info is not working
> for everyone other than the folks on the same subnet as the Exchange server.
>
> In any scenario where there are multiple subnets, or even one subnet and we
> install a PIX or any other VPN appliance, we immediately install WINS to
> allow single name resolution across the subnet. This is standard proc
> especially if we want to allow resource access by using NetBIOS names.
>
> Ace
>
>
>
(Msg. 10) Posted: Wed Feb 20, 2008 7:46 am
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Read inline please.
In news:15F9E779-A359-4BDB-BEC7-8F1EB57AA9BE@microsoft.com,
Muhammad Essa <MuhammadEssa.TakeThisOut@discussions.microsoft.com> typed:
> HI;
> Thanks for the reply. Actually WINS is not setup that is correct. But
> the only thing is that makes me worried is that when internet access
> is not allowed at server i mean server cannot access any web page but
> the specific clients are allowed in this case the internet access
> must be fine but it is not. Once the access to internet is provided
> to server itself then the clients are able to browse the WebPages.
> Can it be because the workstation is sending request to server which
> has DNS installed and then via the internet provided to server the
> DNS send request to forwarder and get reply for the website i.e
> www.google.com??
You must allow the server to have access to the internet so its DNS server
can resolve names for the clients, which must use the server only for DNS.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
(Msg. 11) Posted: Thu Feb 21, 2008 12:45 am
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
In news:15F9E779-A359-4BDB-BEC7-8F1EB57AA9BE@microsoft.com,
Muhammad Essa <MuhammadEssa.TakeThisOut@discussions.microsoft.com> typed:
> HI;
> Thanks for the reply. Actually WINS is not setup that is correct. But
> the only thing is that makes me worried is that when internet access
> is not allowed at server i mean server cannot access any web page but
> the specific clients are allowed in this case the internet access
> must be fine but it is not. Once the access to internet is provided
> to server itself then the clients are able to browse the WebPages.
> Can it be because the workstation is sending request to server which
> has DNS installed and then via the internet provided to server the
> DNS send request to forwarder and get reply for the website i.e
> www.google.com?? >
> Thanks
>
> Essa
In DNS, under Forward Lookup Zones, does a "." zone exist (looks like a
period)?
(Msg. 12) Posted: Thu Feb 21, 2008 12:45 am
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hi All;
Thanks for the reply. As ace fekay asked, under forwarder ALL OTHER DNS
DOMAINS and in the bottom the ISP DNS address are mentioned. As Kavin
mentioned that DNS server must have access to internet i tried to block
internet over one of my DNS servers which is in another site and clients are
behind ISA firewall are able to access the internet but those who are in
separate site cannot. Over all i have 7 sites and every site has DNS server
which is AD_I.
Thanks
--
Essa
"Ace Fekay [MVP]" wrote:
> In news:15F9E779-A359-4BDB-BEC7-8F1EB57AA9BE@microsoft.com,
> Muhammad Essa <MuhammadEssa.DeleteThis@discussions.microsoft.com> typed:
> > HI;
> > Thanks for the reply. Actually WINS is not setup that is correct. But
> > the only thing is that makes me worried is that when internet access
> > is not allowed at server i mean server cannot access any web page but
> > the specific clients are allowed in this case the internet access
> > must be fine but it is not. Once the access to internet is provided
> > to server itself then the clients are able to browse the WebPages.
> > Can it be because the workstation is sending request to server which
> > has DNS installed and then via the internet provided to server the
> > DNS send request to forwarder and get reply for the website i.e
> > www.google.com?? > >
> > Thanks
> >
> > Essa
>
> In DNS, under Forward Lookup Zones, does a "." zone exist (looks like a
> period)?
>
> Ace
>
>
>
(Msg. 13) Posted: Sun Feb 24, 2008 6:29 pm
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
In news:55A8CC7B-1B3B-462A-BA25-FDEDA42AD37D@microsoft.com,
Muhammad Essa <MuhammadEssa.DeleteThis@discussions.microsoft.com> typed:
> Hi All;
> Thanks for the reply. As ace fekay asked, under forwarder ALL OTHER
> DNS DOMAINS and in the bottom the ISP DNS address are mentioned. As
> Kavin mentioned that DNS server must have access to internet i tried
> to block internet over one of my DNS servers which is in another site
> and clients are behind ISA firewall are able to access the internet
> but those who are in separate site cannot. Over all i have 7 sites
> and every site has DNS server which is AD_I.
>
> Thanks
If you are using a forwarder, and you do not allow DNS traffic to the
internet from the DNS server(s), then how is it going to resolve external
names?
(Msg. 14) Posted: Sun Feb 24, 2008 11:30 pm
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hi Ace Fekay;
You are right if the Internet is blocked then it is not possible to to send
the forwarders request to ISP. But the same i have tested in my environment
which is in another site there i have blocked the internet over the server
but the users were able to browse the internet. That site also have ISA
server.
Thanks
--
Essa
"Ace Fekay [MVP]" wrote:
> In news:55A8CC7B-1B3B-462A-BA25-FDEDA42AD37D@microsoft.com,
> Muhammad Essa <MuhammadEssa RemoveThis @discussions.microsoft.com> typed:
> > Hi All;
> > Thanks for the reply. As ace fekay asked, under forwarder ALL OTHER
> > DNS DOMAINS and in the bottom the ISP DNS address are mentioned. As
> > Kavin mentioned that DNS server must have access to internet i tried
> > to block internet over one of my DNS servers which is in another site
> > and clients are behind ISA firewall are able to access the internet
> > but those who are in separate site cannot. Over all i have 7 sites
> > and every site has DNS server which is AD_I.
> >
> > Thanks
>
> If you are using a forwarder, and you do not allow DNS traffic to the
> internet from the DNS server(s), then how is it going to resolve external
> names?
>
> Ace
>
>
>
(Msg. 15) Posted: Mon Feb 25, 2008 7:06 am
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Read inline please.
In news:D3D0D783-BAB6-4E2F-A439-8D1F1B3529F8@microsoft.com,
Muhammad Essa <MuhammadEssa DeleteThis @discussions.microsoft.com> typed:
> Hi Ace Fekay;
> You are right if the Internet is blocked then it is not possible to
> to send the forwarders request to ISP. But the same i have tested in
> my environment which is in another site there i have blocked the
> internet over the server but the users were able to browse the
> internet. That site also have ISA server.
When you have a Proxy server, the web browser gets its DNS resolution from
the Proxy Server, not from the DNS Client service. You will have to allow
the DNS server acess to the Forwarder's IP on port 53 UDP and TCP.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
(Msg. 16) Posted: Tue Feb 26, 2008 2:54 am
Post subject: Re: XP machines cannot resolve the names to IP [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
Hi Kevin;
You are right,ISA server will help the clients for DNS queries.
i will perform some more testings and will see if the result is fine.For the
time being i will close the issue. The posts were really helpful
Thanks to you and Ace Fekay for all the help.
Essa
"Kevin D. Goodknecht Sr. [MVP]" wrote:
> Read inline please.
>
> In news:D3D0D783-BAB6-4E2F-A439-8D1F1B3529F8@microsoft.com,
> Muhammad Essa <MuhammadEssa.DeleteThis@discussions.microsoft.com> typed:
> > Hi Ace Fekay;
> > You are right if the Internet is blocked then it is not possible to
> > to send the forwarders request to ISP. But the same i have tested in
> > my environment which is in another site there i have blocked the
> > internet over the server but the users were able to browse the
> > internet. That site also have ISA server.
>
> When you have a Proxy server, the web browser gets its DNS resolution from
> the Proxy Server, not from the DNS Client service. You will have to allow
> the DNS server acess to the Forwarder's IP on port 53 UDP and TCP.
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/ > ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx > ===================================
>
>
>
All times are: Eastern Time (US & Canada) (change) Goto page Previous1, 2, 3
Page 2 of 3
You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
Windows Other