Topic: DNS Issues

[Bill Prescott]

I am running a Fractional T1 with a Adtrans CSU/DSU, then a Cisco 2514, then a Sonicwall SOHO50, then the hubs. Internally I have an SME 5.6 server for Mail and Web site.

The Sonicwall SOHO50 is the firewall/dhcp server. It's DNS settings are pointed to the internal IP of the SME 5.6 server and the SME 5.6 server is pointed tot he service providers DNS servers outside my network.

I did this so that we could resolve www.calvertretail.com from inside and out. I recently upgraded from SME 5.1.2 to the 5.6 and now this no longer works. I'm sure that this is the hard way to do this, but I know no other way. I need to be able to resolve mail.calvertretail.com, mail, www.calvertretail.com internally for my clients ease of use. Currently we use the internal IP address and it does work, but it's not very clean.

Any suggestions are welcome!
Bill Prescott

[Kelvin]

Hi Bill,

Any reason you cannot use the SME as the DHCP server ?

Resolving your domain from outside should be a matter of setting up the DNS records for your domain and port forwarding on the SonicWALL.

Resolving your domain from inside is trivial if SME is the gateway as well (which will mean you need to add a 2nd NIC into the server).

I generally setup LAN side clients with the servername instead of the domain name (ie. SMTP / POP server = smeserver instead of mail.mydomain.com).

Kelvin

[Bill Talcott]

Kelvin wrote:
>
> Any reason you cannot use the SME as the DHCP server ?
>
> Resolving your domain from inside is trivial if SME is the
> gateway as well (which will mean you need to add a 2nd NIC
> into the server).

It doesn't have to be the DHCP server or gateway, it just has to be the DNS server that the LAN PCs are using. Can you set the Sonicwall's DHCP properties to just have the clients use the SME directly for DNS?

The stuff in the Hostnames panel is what the SME's DNS uses. If an internal host makes a request, that's the stuff it should be given. You can use this panel to resolve hostnames to different IPs for internal PCs.

Now that I reread it, you have a DNS server specified in the SME's config. I *think* this forwards all requests to that DNS server instead. This means that you're sending the regular public DNS (with the external IPs) to the clients, rather than having the SME act as the DNS server. Simply removing that from the config should fix it. The SME will resolve what it can, and pass on the rest. Though I'm not sure if that will affect connections from the SME to a public DNS server through the firewall... Try removing that and see if it works though.

[Kelvin]

Hi Bill T. & Bill P.,

>It doesn't have to be the DHCP server or gateway, it just has to be the DNS
>server that the LAN PCs are using. Can you set the Sonicwall's DHCP properties
>to just have the clients use the SME directly for DNS?

I'm aware of that. However, I also know that most hardware routers / firewall devices do not allow you to specify DHCP scope options and hence the suggestion to use SME as gateway and DHCP server. However, I did forget about DNS proxying (see below).

If you specify a master DNS server in the configuration screen of SME, you will see that Mitel explains it on the screen as "if another DNS server resolves local addresses on your LAN" - hence I agree with Bill T, you should not be specifying a master DNS.

As the Sonicwall should do DNS proxying, Bill T's suggestion might work. Set Sonicwall to point DNS to SME, remove master DNS setting from SME, and let the clients use DHCP from Sonicwall. The clients should see that the DHCP & DNS server settings as well as default gateway settings are set to the IP address of the Sonicwall.

Kelvin

[Bill Prescott]

Okay, so I set the Sonicwall Soho's network dns setting to uunet's dns servers. Then I set the Sonicwall Soho's DHCP server's DNS settings to point to the SME 5.6 server. Then the SME 5.6 server's dns is blank. Guess what? Works perfectly.

Then I noticed that the damned webmail up and quit working!  Frantically I rebooted, put things back the way they were and nothing. It goes to the webmail sign in screen and won't authenticate you. I put the settings back to the new working ones and rebooted and webmail still fails to authenticate.

I then downloaded the Update 2 stuff and applied it and now everything works perfectly.

Thank you both for your suggestions! It is wonderful to have helpful people available for us newbies.

Bill

[Andrew Hodgson]

Hi,

I ahve a similar setup, with a router and the sme server.  I have three dns servers, the router provides a dns server that gets its information from the isp dns servers.  My SME box gets the dns information from the root servers, which means it is much quicker, and the dns much faster (as my ISP doesn't really support the DNS servers), and another DNS server which is a desognated primary for my domains.  This is set not to use recursion, and internal clients don't use it.

The SME does the DHCP, giving itself as the DNS and the router as the gateway.  The router dns is used as a backup, if the SME box fails, but is normally not used, and as I said the public dns server is not used for recursion.

Because the SME is the default DNS server for internal clients, mail.hodgsonfamily.org gets pointed to the internal ip of the SME box, and externally, mail.hodgsonfamily.org points to the ip address of hodgsonfamily.org, which is specified by my public DNS server.  No hosts files required!!!

Andrew.

[Andrew Hodgson]

Bill Talcott wrote:
>
. Though I'm not
> sure if that will affect connections from the SME to a public
> DNS server through the firewall... Try removing that and see
> if it works though.

If using a public dns server inside the lan, port forward tcp 53 and udp 53 to the box running the public dns server.  I had an unfortunate insodent where the firewall lost its port config, meaning that the sme server was receiving the requests to the public dns server, giving out its 192.168.xxx.xxx addresses, this got copied to the secondary servers, and was a real pane to sort out, and caused a mess with mail receiving.
Andrew.