Question

Locked

DNS Server not working with SonicWall TZ190

By jhudmon ·
I just installed a SonicWall TZ190 and our local DNS server which is setup on a win2003 server is not working correctly. It still handles the local addresses fine, it's just when i try to go to www.google.com. It doesn't even try to translate the address. I logged onto the firewall and translated www.google.com and went to the IP address and it went through fine, so I'm guessing this has to be a DNS problem. Anyone have any ideas?

Also, I'm allowing all LAN->WAN traffic for the DNS server.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

forwarders

by CG IT In reply to DNS Server not working wi ...

your DNS server must forward queries it can't resolve to root hint servers on the internet. your sonic wall should allow outbound queries and it's return traffic through.

Collapse -

Forwaders

by jhudmon In reply to forwarders

When I added my ISP's DNS server as a forwarder I could go to www.google.com, but it was extremely slow when first loading. Before, with the PIX, we didn't have anything under forwaders. Should I allow DNS traffic from WAN->LAN for the server?

Collapse -

nope security risk

by CG IT In reply to Forwaders

you should have a list of root hint servers listed in DNS. you should NOT put any other servers in the list that are not root hint servers [such as google].

See this article on MS Help and Support:

http://support.microsoft.com/kb/229840/

Collapse -

DNS Server

by jhudmon In reply to nope security risk

I really don't think I need to edit anything with my DNS server. The DNS Server works fine with a Cisco PIX firewall. It is just not working with this new SonicWall. The only idea I can come up with is that it's blocking the DNS request, but for testing purposes I'm allowing all LAN->WAN traffic coming from the DNS server's IP.

Collapse -

well as I mentioned

by CG IT In reply to DNS Server

firewalls typically allow LAN originated traffic through without the need to open a port and make it visible and pingable.

I suggest you head on over to SonicWalls site and ask in their forums. The TZ 170 has been out for quite a while so they should have some KBs on this problem.

Back to Networks Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums