Hi:

I have Active Directory and DNS server on the same box, the server is behind the firewall (vigor 2830) with internet line.
I defined forwarders on the DNS Server (8.8.8.8 and 8.8.4.4 as forwarders), but my clients are not able to connect to internet (they are pointing to the Domain controller)
I am been looking around and I found that I need to create a rule that allows DNS protocol for outbound connection from my Domain Controller, I could not find any option like that on the Draytek Vigor 2830 configuration page.

On my domain controller the network settings are:
IP 192.168.1.10
subnet mask 255.255.255.0
default gateway 192.168.1.1

preferrred dns server 127.0.0.1
alternate dns server 192.1968.1.1

Thanks in advance!

Ok, first: in general, draytek routers do not block DNS, it should just pass it through.

So, that in mind....

• From cmd window on your windows domain server, what does 'nslookup www.google.com' give you?


• What does 'nslookup www.google.com' give you from a clien windows PC


• Take a look at 'ipconfig/all' on the clients for all the basic stuff (gateway, etc)


• ping 8.8.8.8 from a client

That should give a starting point.

gabrieldcr2 wrote: ...preferrred dns server 127.0.0.1
alternate dns server 192.1968.1.1

I think these should be changed to just one entry of 192.168.1.10

Regards, Neal

nealuk wrote:

gabrieldcr2 wrote: ...preferrred dns server 127.0.0.1
alternate dns server 192.1968.1.1

I think these should be changed to just one entry of 192.168.1.10

Regards, Neal

Hi:

I forgot to mention that 192.168.1.1 is the IP of the firewall

I still think that the Domain Controller should use its ovn IP 192.168.1.10 for DNS1 and this will then follow the processing rules of DNS (currently you have these set as Google DNS) forwarding which should be your ISP's DNS servers, or some other - such as OpenDNS for excellent reliability.

I see what gabrieldcr2 is trying to do with the DNS settings (ignoring the 192.1968.1.1 typo), use localhost for primary DNS & router as backup but it has unforeseen effects on windows. I used to do this, assuming that it would use the first DNS and only go to the second if there was a problem. That is NOT what happens.

What actually happens is: the (windows) clients, including the server if you have it set like that, will use first DNS then suddenly switch to the second one and keep using it for an unspecified time. This can produce very unpredictable results especially with internal resources.

All that said, none of this would cause the original problem (clients not accessing internet) UNLESS one of the listed DNSs is unavailable or incorrect address.

IMO the server should have either 127.0.0.1 or 192.168.1.10 as DNS set and all the windows clients should have DNS=192.168.1.10 (presumably via DHCP). The forwarders on the server sound ok set to the google ones.

In this kind of setup I would NOT use the router as a DNS proxy, it really does not help anything at all when you are using a server internally.