Re: PIX 501 Firewall and DNS

From: Sue (sue.biedling_at_visa-master.com)
Date: 10/03/03


Date: Fri, 03 Oct 2003 14:35:03 GMT

I've opened the port (53) on the firewall but still cannot access the
internet without hardcoding the ISP's DNS on the workstation. I have no
TCP/IP filtering on the DC. TCP, UDP ports are set to "permit all".

I think it is something very simple that was overlooked when the firewall
was installed. Another thing you may want to know, is when the firewall was
installed, the technician that installed it set it as the DHCP server. This
caused conflicts on all the workstations and when I explained this to the
technician, he took off the DHCP server on the firewall. Could this have
caused some problems that need to be fixed on the Domain Controller?

"ELE OLO" <dingtan@eleolo.com> wrote in message
news:ca44e3e4.0310020635.551d595d@posting.google.com...
> Hi, Sue,
>
>
> I think what you are experiencing might be a problem relating to what
> is shown below from
>
> Microsoft Knowledge Base Article - 259277
> Troubleshooting Netlogon Event 5774, 5775, and 5781 ----
>
>
>
> " ... Connectivity: This domain controller does not have Internet
> Protocol (IP), or Transmission Control Protocol/User Datagram Protocol
> (TCP/UDP), connectivity to the DNS servers that own the zones to which
> records need to be registered or deregistered...."
>
>
> In putting your PIX firewall, maybe the exact port and service needed
> to pass
> through the firewall for the above connectivity to work has not
> enabled....
>
>
>
> Dean
>
>
>
>
>
>
> "Sue" <sue.biedling@visa-master.com> wrote in message
news:<3lHeb.37811$A%3.487763@ord-read.news.verio.net>...
> > We recently installed the Cisco PIX 501 firewall. Since that time, I had
to
> > hard code our ISP's DNS address on all our workstations and our Domain
> > controller in order to connect to the internet. Our Domain Controller is
our
> > primary DHCP server and is also running a DNS server
> >
> > I have also noticed a "warning" in the event viewer on the domain
controller
> > every 2 hrs since the firewall installation:
> >
> > "Dynamic registration or deregistration of one or more DNS records
failed
> > because no DNS servers are available." Event ID:5781.
> >
> > Somehow the DNS server became unavailable but I cannot find any way to
> > restart it. Under "Services" both DHCP Server and DNS Server are started
and
> > startup is automatic.
> >
> > I've checked our DNS settings and all seem to be correct according to
> > Microsoft's How To documents. Besides, nothing was changed in the
settings
> > except hardcoding our ISP's DNS address on the DC and all workstations.
> >
> > Is there anything we need to do on the firewall side? Do we have to use
the
> > DNS Alias command on the Pix?
> >
> > We are using Windows 2000 Server, Service Pack 4 w/Active directory as
our
> > domain controller and currently have apprx. 20 workstations on the
domain.
> >
> > Thank you in advance for your help.



Relevant Pages

  • Website setup questions.
    ... Create firewall rule to direct HTTP port 80 to the SBS External NIC ... Create firewall rule to point DNS port 53 to the SBS External NIC ... NICS to get this request to not timeout or be refused. ...
    (microsoft.public.windows.server.sbs)
  • Re: Update KB951748 causes no connect to internet, anyone have thi
    ... a major snafu from MS to not let firewall makers in on the plan. ... Make sure your DNS and DHCP server IP's are in your Firewall's Trusted zone. ...
    (microsoft.public.windowsxp.network_web)
  • Re: For Microsoft Partners and Customers Who Cant Download or Access
    ... Using ipconfig /all showed the DNS IP is in fact the same IP ... as the firewall as you mentioned. ... Microsoft for msdn2.microsoft.com. ... use a static IP and set the DNS server addresses to the DNS ...
    (microsoft.public.dotnet.general)
  • Re: Setting another machine as a firewall
    ... I don't think a firewall is really the right technology to ... The alternative to implementing a proxy mail server on your firewall ... internet, then that is just a matter of writing filter rules to allow ... As far as DNS goes, combining a NAT'ing firewall with a mailserver on ...
    (freebsd-questions)
  • Re: E-Mail Address Cant Receive E-Mail from *Some* External Organizations
    ... The fact that _some_ messages are delivered is because they are sent from different IPs, so double-check your firewall settings. ... So, that looks right to me, anyway; both resolve to the proper IP address of the external interface for our firewall, and the only difference is that for "company.org" our ISP's mail server acts as a backup server in case our internal mail server is down. ... However, if I send a message to "me@xxxxxxxxxxxxxxxx" from my Yahoo e-mail account, I get an NDR returned to my Yahoo account. ... I have checked with our ISP who handles our DNS settings, and they indicate that all appears to be in order with our DNS and MX records. ...
    (microsoft.public.exchange.admin)