I want my DNS server to be able to forward name resolution requests to DNS servers on the Internet.
I created an Access Rule called "DNS Outbound" with the following settings:
Action: Allow
Protocols: DNS
From/Listener: Internal
To: External
Condition: All Users
----------------------------------------------------------------
Even so, if I go to the "Monitoring" tab of the DNS server, the recursive queries to "other DNS servers" fail consistently.
- nslookup on the ISA server correctly shows the IP address of the (internal) DNS server.
- nslookup on the DNS server (domain controller) itself times out in two seconds: Default Server is unknown, Address: ::1 (IPv6 address of DC/DNS server itself).
- Preferred DNS points to server itself (only one server in this network).
- There is a reverse DNS zone. There is a PTR record for the DNS server in this zone.
- DCDIAG is fine.
*
Despite the NSLOOKUP timeout and message, the local DNS server will, however, resolve local IP addresses correctly.
*
So why can't I resolve names past the ISA server?
Do I need to configure more rules? An inbound rules for the replies the queries?
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.