# DNS Issue on Server - Help



## danmpem

I have a Windows Server 2003 machine. My boss just replaced our router today, but he accidentally reset the IP settings. The server is getting its IP address just fine, but I can't figure out what to put in for its DNS values. I'm not very familiar with DNS as my backround is in computer repair. Can anyone help? I'll be here until it's fixed. Thanks!


----------



## danmpem

It's all there, I just don't know how to figure out what to put in on my Primary & Alternate DNS Server. I'm not even looking to do anything fancy, I just don't know how to determine what numbers go there.


----------



## Semper Fidelis

danmpem said:


> I have a Windows Server 2003 machine. My boss just replaced our router today, but he accidentally reset the IP settings. The server is getting its IP address just fine, but I can't figure out what to put in for its DNS values. I'm not very familiar with DNS as my backround is in computer repair. Can anyone help? I'll be here until it's fixed. Thanks!



I would go to a forum that specializes in it. Is the router set up for DHCP or does it assign a static IP?

If a static IP has been assigned then you probably only need to enter the subnet mask and the default gateway for the server as well as the IP's for the DNS gateways if they are not auto-assigned.

Again, I recommend going to a forum like anandtech.com or webhostingtalk.com and ask some questions there. They might even point you to an even better forum to ask those kinds of server configuration and DNS questions.


----------



## danmpem

Semper Fidelis said:


> danmpem said:
> 
> 
> 
> I have a Windows Server 2003 machine. My boss just replaced our router today, but he accidentally reset the IP settings. The server is getting its IP address just fine, but I can't figure out what to put in for its DNS values. I'm not very familiar with DNS as my backround is in computer repair. Can anyone help? I'll be here until it's fixed. Thanks!
> 
> 
> 
> 
> I would go to a forum that specializes in it. Is the router set up for DHCP or does it assign a static IP?
> 
> If a static IP has been assigned then you probably only need to enter the subnet mask and the default gateway for the server as well as the IP's for the DNS gateways if they are not auto-assigned.
> 
> Again, I recommend going to a forum like anandtech.com or webhostingtalk.com and ask some questions there. They might even point you to an even better forum to ask those kinds of server configuration and DNS questions.
Click to expand...


Yeah, I've my static IP ready as well as my default gateway. It's just the blank DNS values that are throwing me off.


----------



## Semper Fidelis

danmpem said:


> Semper Fidelis said:
> 
> 
> 
> 
> 
> danmpem said:
> 
> 
> 
> I have a Windows Server 2003 machine. My boss just replaced our router today, but he accidentally reset the IP settings. The server is getting its IP address just fine, but I can't figure out what to put in for its DNS values. I'm not very familiar with DNS as my backround is in computer repair. Can anyone help? I'll be here until it's fixed. Thanks!
> 
> 
> 
> 
> I would go to a forum that specializes in it. Is the router set up for DHCP or does it assign a static IP?
> 
> If a static IP has been assigned then you probably only need to enter the subnet mask and the default gateway for the server as well as the IP's for the DNS gateways if they are not auto-assigned.
> 
> Again, I recommend going to a forum like anandtech.com or webhostingtalk.com and ask some questions there. They might even point you to an even better forum to ask those kinds of server configuration and DNS questions.
> 
> Click to expand...
> 
> 
> Yeah, I've my static IP ready as well as my default gateway. It's just the blank DNS values that are throwing me off.
Click to expand...



If your client that you're surfing with right now is on the same network as the server then go to the command line (if you're using XP) and type "ipconfig /all" and it will tell you what your DNS values are for the client you're using.

If you're on Linux or MAC then I don't know how to find it easily but that's how I find my DNS IP's using Windows XP and Vista.


----------



## Seb

OH.... You're trying to enter the DNS values for the server's nic. Not setup the server to serve DNS to your LAN.

MY BAD...I misunderstood, that's easy enough.

Goto Control Panel.

double-click "Network connections".

right-click "Local area connection"

select "properties"

double-click "Internet Protocol (TCP/IP)"

Fill in the blanks.

Is that what you're looking for?

and Ditto what Rich said for finding the DNS values you should use.


----------



## danmpem

I did that, but the problem is is that it's blank. 

I just learned that the router is assigning the server it's static DNS (a little detail they forgot to tell the new guy). I'm telling the server to take that now. Let's see what happens...


----------



## danmpem

Seb said:


> OH.... You're trying to enter the DNS values for the server's nic. Not setup the server to serve DNS to your LAN.
> 
> MY BAD...I misunderstood, that's easy enough.
> 
> Goto Control Panel.
> 
> double-click "Network connections".
> 
> right-click "Local area connection"
> 
> select "properties"
> 
> double-click "Internet Protocol (TCP/IP)"
> 
> Fill in the blanks.
> 
> Is that what you're looking for?



No, I got there already. I just had no idea what to put into the blanks.


----------



## skellam

As stated above, if you are using DHCP, the router should obtain the DNS settings from the upstream provider (whether that is the DSL or cable provider). If they are not auto assigned then you will need to contact whoever provides your internet service to obtain them. Most ISP's have a server that provides DNS services. However, there is no rule that you have to use the ISP's DNS server. One option you could use is to try OpenDNS which provides DNS services and also the added bonus of free filtering of websites. They have detailed instructions for setting your routers DNS setting here.


----------



## Seb

Also, if you can access the router's interface it should show you the values it uses. You can put those in your workstation and they should work.

You can also put the gateway's IP in the workstation's Primary DNS field and that will probably work too.


----------



## danmpem

skellam said:


> As stated above, if you are using DHCP, the router should obtain the DNS settings from the upstream provider (whether that is the DSL or cable provider). If they are not auto assigned then you will need to contact whoever provides your internet service to obtain them. Most ISP's have a server that provides DNS services. However, there is no rule that you have to use the ISP's DNS server. One option you could use is to try OpenDNS which provides DNS services and also the added bonus of free filtering of websites. They have detailed instructions for setting your routers DNS setting here.



I thought I heard that we had some other arrangement for our DNS, so I counted the router out of the equation. It may just be what I was looking for...


----------



## Semper Fidelis

...but if your client is using the same router then the router can "see" the internet and a DNS is resolving names for you. Why is the client able to access DNS and the server is not if they are on the same network?

Is your client assigning a static IP or is it just set up to obtain an IP and DNS information from the router?


----------



## danmpem

Semper Fidelis said:


> ...but if your client is using the same router then the router can "see" the internet and a DNS is resolving names for you. Why is the client able to access DNS and the server is not if they are on the same network?
> 
> Is your client assigning a static IP or is it just set up to obtain an IP and DNS information from the router?



The latter.

Okay, the server is obtaining the IP and DNS from the router, but we're still having the same problem as before - no one can get on a remote connection to the server from home.


----------



## Semper Fidelis

danmpem said:


> Semper Fidelis said:
> 
> 
> 
> ...but if your client is using the same router then the router can "see" the internet and a DNS is resolving names for you. Why is the client able to access DNS and the server is not if they are on the same network?
> 
> Is your client assigning a static IP or is it just set up to obtain an IP and DNS information from the router?
> 
> 
> 
> 
> The latter.
> 
> Okay, the server is obtaining the IP and DNS from the router, but we're still having the same problem as before - no one can get on a remote connection to the server from home.
Click to expand...


Before you troubleshoot DNS any further, ping a hostname like puritanboard.com from the server to see if it can resolve a hostname. Maybe it's not a DNS issue.


----------



## skellam

It sounds more like a firewall issue if you are having trouble accessing the server from outside the network. DNS is really only used to resolve domain names to IP addresses. If you have a static IP on the server, you should be able to access it from outside without even having a DNS server.

You may want to try turning off the firewall temporarily on the router and see if you can access the server.


----------



## Timothy William

Assuming the issue is what I think it is, which I'm not quite sure of:

You should be able to set the router so it automatically obtains the DNS server address. 

Failing that, give your ISP a quick call. I used to work tech support for a large ISP here in Australia, and we often had to give out the DNS server address if clients' modems weren't picking it up automatically. They were very quick calls, we all knew the numbers off the top of our heads, could just recite them when a client rang up and asked.

<<Crossposted with about 4 posts. What I said may no longer be relevant, or I may have misdiagnosed the problem>>


----------



## danmpem

Here's where I am at now. The DNS problem is over (I showed up this afternoon and was told that was the problem and to fix it. I don't think it was the whole picture). The Remote Desktop Connection is not working for the users. I thought that it could be a firewall issue, but the firewall on the router and on the server are both turned off.


----------



## skellam

My suspicion is that you had some kind of port forwarding on the router that was replaced that needs to be replicated on the new router. You will need to forward the ports for the Remote Desktop Connection to the server that you are running on the LAN.


----------



## danmpem

skellam said:


> My suspicion is that you had some kind of port forwarding on the router that was replaced that needs to be replicated on the new router. You will need to forward the ports for the Remote Desktop Connection to the server that you are running on the LAN.



Could say that a little slower please? I don't see any port forwarding on the router (I see it, but nothing is listed).


----------



## skellam

Routers work by translating incoming traffic and forwarding it the appropriate computer on your network. When you are accessing webpages and surfing the web, the router sees the traffic going out and knows to forward incoming traffic back to the same computer that requested it. However, if people at home are trying to access a server behind a router, there has to be specific port forwarding to forward their traffic to the particular server. From what you are describing, their Remote Desktop Connection was working until the router was replaced. This suggests that there was port forwarding set up to tell the router to use the Windows 2003 server for Remote Desktop connections. Which ports you would need to forward depends on what protocol/software they are using for their Remote Desktop Connection.


----------



## skellam

This might help.


----------



## Seb

skellam said:


> Routers work by translating incoming traffic and forwarding it the appropriate computer on your network. When you are accessing webpages and surfing the web, the router sees the traffic going out and knows to forward incoming traffic back to the same computer that requested it. However, if people at home are trying to access a server behind a router, there has to be specific port forwarding to forward their traffic to the particular server. From what you are describing, their Remote Desktop Connection was working until the router was replaced. This suggests that there was port forwarding set up to tell the router to use the Windows 2003 server for Remote Desktop connections. Which ports you would need to forward depends on what protocol/software they are using for their Remote Desktop Connection.





For example:

I have my firewall at work block ALL incoming ports, except for TCP 3389 which is the standard Remote Desktop Protocol port. When the Firewall "sees" a request come in on that port it "forwards" the request through to my Win2003 server's IP address. Otherwise it would block it along with all other incoming requests.


----------



## danmpem

Thank you all so much. I got the full story just a bit ago. And it seems you guys figured it out before I was even told. Comcast replaced the router, but did not set it up. It was just left with default settings. The TCP/IP settings on the server were set back to default by someone else who shouldn't have been playing with the server. Everything is back to normal except for the RDC, which we won't need for a few more days anyway. I'm going back in Wednesday, and will research the issue some more until then.


----------



## skellam

I'm glad you got things working. When you go back on Wednesday, consider installing Hamachi on the Windows 2003 server and on the clients who access the server from home. This is a free program that will allow you to establish a private VPN (Virtual Private Network). As it is now, your Remote Desktop Connections are not encrypted and not secure. With Hamachi, you would have full encryption to protect your data and you wouldn't have to mess around with the port forwarding on your router. Hamachi bypasses the router automatically.


----------



## danmpem

skellam said:


> I'm glad you got things working. When you go back on Wednesday, consider installing Hamachi on the Windows 2003 server and on the clients who access the server from home. This is a free program that will allow you to establish a private VPN (Virtual Private Network). As it is now, your Remote Desktop Connections are not encrypted and not secure. With Hamachi, you would have full encryption to protect your data and you wouldn't have to mess around with the port forwarding on your router. Hamachi bypasses the router automatically.



Yeah, at my old job we used VPN. I didn't know until yesterday that one could use RDC without it. I don't remember using Hamachi or any other 3rd party program to connect. I believe Windows Server already has what it needs to take VPN connections. Although, I could be wrong.


----------



## Seb

danmpem said:


> I believe Windows Server already has what it needs to take VPN connections. Although, I could be wrong.



Server 2003 does. You just have to add the "Remote Access/VPN Server role" to it if it's not already installed.

Glad to see your day's going better than yesterday.


----------



## skellam

I don't think Remote Desktop Connection has encryption as part of the protocol. The problem with using Windows 2003 for VPN is that people outside your local network (people at home trying to access it) would have no access to the Windows 2003 machine since it is blocked by the router (unless you set up the port forwarding manually). Hamachi is a VPN solution that works by going out and punching a hole (virtually) through your router to a remote hamachi server that then negotiates connections back in to your server. The developer designed it to be a simple way to securely bypass a router without manually configuring the router. The other benefit is that you can keep all of your ports on your router closed to the outside world which is more secure. If you manually forward ports, there will always be open ports on your router that hackers can attack.


----------



## danmpem

Nice. But if I don't do that, then I have to have port forwarding?


----------



## Seb

danmpem said:


> Nice. But if I don't do that, then I have to have port forwarding?



Yes. If you use Windows "Remote Desktop Connection" you'll need to open a port through the router.

My : If you have a strong user password policy on the server, and you use Windows update on a regular basis - the Windows Remote vulnerabilities are minimal. Besides, weren't you using W.R. before the router replacement?

Hamachi is a nice product, but it also has it's own vulnerabilities. Personally, I lean towards a simple / minimalist approach. Why bring in a third party if unnecessary? 

Like I said, that's just my


----------



## danmpem

Seb said:


> danmpem said:
> 
> 
> 
> Nice. But if I don't do that, then I have to have port forwarding?
> 
> 
> 
> 
> Yes. If you use Windows "Remote Desktop Connection" you'll need to open a port through the router.
> 
> My : If you have a strong user password policy on the server, and you use Windows update on a regular basis - the Windows Remote vulnerabilities are minimal. Besides, weren't you using W.R. before the router replacement?
> 
> Hamachi is a nice product, but it also has it's own vulnerabilities. Personally, I lean towards a simple / minimalist approach. Why bring in a third party if unnecessary?
> 
> Like I said, that's just my
Click to expand...


We were using WR before the router was replaced, but I don't know if were using port forwarding or a third party program. I doubt it was the latter, but my boss didn't recall ever having to set up port forwarding either.


----------



## Seb

btw...Remote Desktop Connection on 2003 has up to 128 bit encryption, depending on what the client PC is capable of.


----------



## danmpem

Seb said:


> btw...Remote Desktop Connection on 2003 has up to 128 bit encryption, depending on what the client PC is capable of.



 Hmm, how would I know what the other PC's can do?


----------



## Seb

danmpem said:


> Seb said:
> 
> 
> 
> 
> 
> danmpem said:
> 
> 
> 
> Nice. But if I don't do that, then I have to have port forwarding?
> 
> 
> 
> 
> Yes. If you use Windows "Remote Desktop Connection" you'll need to open a port through the router.
> 
> My : If you have a strong user password policy on the server, and you use Windows update on a regular basis - the Windows Remote vulnerabilities are minimal. Besides, weren't you using W.R. before the router replacement?
> 
> Hamachi is a nice product, but it also has it's own vulnerabilities. Personally, I lean towards a simple / minimalist approach. Why bring in a third party if unnecessary?
> 
> Like I said, that's just my
> 
> Click to expand...
> 
> 
> We were using WR before the router was replaced, but I don't know if were using port forwarding or a third party program. I doubt it was the latter, but my boss didn't recall ever having to set up port forwarding either.
Click to expand...


If your client PCs on the WAN side of the Firewall were using specifically Microsoft's Remote Desktop Connection I don't see how you could do it without opening a port on the router.

If you can, look at one of the clients Remote Desktop Connection setups. Is it pointing to the WAN IP address of the firewall? If so, then you weren't going through a third party.


----------



## skellam

Port forwarding is necessary to get through the router. I'm not aware of any vulnerabilities with Hamachi. The only interaction with the third party server is during the initial connection, after which a secure VPN tunnel between the two machines is established. Definitely, the simplest way would just be to forward the TCP 3389 port on the router to whatever the static IP is for your Windows 2003 machine.


----------



## Seb

danmpem said:


> Seb said:
> 
> 
> 
> btw...Remote Desktop Connection on 2003 has up to 128 bit encryption, depending on what the client PC is capable of.
> 
> 
> 
> 
> Hmm, how would I know what the other PC's can do?
Click to expand...


I'm not absolutely sure, but I think anything newer than WIN2K Sp2 will automatically go to 128bit encryption.


----------



## danmpem

Awesome. Tomorrow I'll see if all of this is what we need.


----------



## danmpem

Alright, here's where we were at when I came in today:

Although the DNS that the router was giving to the server was the same, the server said it was something completely different. I set up port forwarding in the router for TCP port 3389, but RDC won't connect from a computer outside the local network.


----------



## Seb

danmpem said:


> Alright, here's where we were at when I came in today:
> 
> Although the DNS that the router was giving to the server was the same, the server said it was something completely different. I set up port forwarding in the router for TCP port 3389, but RDC won't connect from a computer outside the local network.



Two things:

Is the client's RDC pointing to the correct IP address (the firewall's WAN Side IP)?

Is the firewall pointing to the correct IP (The server's)?


----------



## danmpem

Yes to both.


----------



## Seb

Have you pinged the firewall from outside?


----------



## danmpem

No. How do I do that?


----------



## danmpem

Do you just mean ping the wan IP?


----------



## danmpem

If I set the port to be forwarded, does that also mean it's open? Or is the router set to forward that when I do decide to open it?


----------



## danmpem

On the router, I have two sections that look very similar. One is the port forwarding and the other is True Static IP Port Management. Do I need to concern myself with the latter?


----------



## Seb

never mind the PM, I got distracted 



> On the router, I have two sections that look very similar. One is the port forwarding and the other is True Static IP Port Management. Do I need to concern myself with the latter?



I don't know what the "True Static IP Port Management" could be. 

From a PC outside of your lan (Home, etc.), in a 'dos' window, you need to run ping as shown:

Ping 123.456.789.123 _<enter>_
(substitute _your_ WAN SIDE IP for the numbers)

If you get a reply - good, if not - you've got something wrong with the address.


----------



## Seb

Hey Dan,

Is this a Comcast Business IP Gateway?


----------



## danmpem

Yeah...


----------



## Seb

A couple of other tools that can help:

This will verify that you're using the right IP for your RDC clients:What's My IP Address?

You can use this scanner to make sure that TCP port 3389 is indeed open: GRC | ShieldsUP!


----------



## Seb

danmpem said:


> Yeah...



The "True Static IP Port Management" is a static routing function in the firewall. You don't need to use that to do port forwarding.


----------



## danmpem

Awesome. I'll keep these suggestions ready for when I go back in. I'm only there an hour or two at a time, because it's such a small space. I get in the way of everyone else working.


----------



## Seb

When you use the GRC | Shields Up! Site...

Click Proceed

Then you'll see a blank field in the middle to enter the custom ports you want to scan. 

Type: 3389 then click: "User Specified Custom Port Probe"

It will scan your FW to see if the 3389 port is open, then give you a report.

If you are "Stealth" or "Closed" on that port then it's not open to do it's job.

If the port is Open, then you probably have the port forwarded to the wrong address (should be the server's) in the FW. 

OR

You don't have the "Enabled" box checked on the Port forwarding screen in your FW. 

I hope it goes well, Good night and God Bless.


----------

