Re: PIX 501 Firewall and DNS

From: Sue (sue.biedling_at_visa-master.com)
Date: 10/03/03


Date: Fri, 03 Oct 2003 14:35:03 GMT

I've opened the port (53) on the firewall but still cannot access the
internet without hardcoding the ISP's DNS on the workstation. I have no
TCP/IP filtering on the DC. TCP, UDP ports are set to "permit all".

I think it is something very simple that was overlooked when the firewall
was installed. Another thing you may want to know, is when the firewall was
installed, the technician that installed it set it as the DHCP server. This
caused conflicts on all the workstations and when I explained this to the
technician, he took off the DHCP server on the firewall. Could this have
caused some problems that need to be fixed on the Domain Controller?

"ELE OLO" <dingtan@eleolo.com> wrote in message
news:ca44e3e4.0310020635.551d595d@posting.google.com...
> Hi, Sue,
>
>
> I think what you are experiencing might be a problem relating to what
> is shown below from
>
> Microsoft Knowledge Base Article - 259277
> Troubleshooting Netlogon Event 5774, 5775, and 5781 ----
>
>
>
> " ... Connectivity: This domain controller does not have Internet
> Protocol (IP), or Transmission Control Protocol/User Datagram Protocol
> (TCP/UDP), connectivity to the DNS servers that own the zones to which
> records need to be registered or deregistered...."
>
>
> In putting your PIX firewall, maybe the exact port and service needed
> to pass
> through the firewall for the above connectivity to work has not
> enabled....
>
>
>
> Dean
>
>
>
>
>
>
> "Sue" <sue.biedling@visa-master.com> wrote in message
news:<3lHeb.37811$A%3.487763@ord-read.news.verio.net>...
> > We recently installed the Cisco PIX 501 firewall. Since that time, I had
to
> > hard code our ISP's DNS address on all our workstations and our Domain
> > controller in order to connect to the internet. Our Domain Controller is
our
> > primary DHCP server and is also running a DNS server
> >
> > I have also noticed a "warning" in the event viewer on the domain
controller
> > every 2 hrs since the firewall installation:
> >
> > "Dynamic registration or deregistration of one or more DNS records
failed
> > because no DNS servers are available." Event ID:5781.
> >
> > Somehow the DNS server became unavailable but I cannot find any way to
> > restart it. Under "Services" both DHCP Server and DNS Server are started
and
> > startup is automatic.
> >
> > I've checked our DNS settings and all seem to be correct according to
> > Microsoft's How To documents. Besides, nothing was changed in the
settings
> > except hardcoding our ISP's DNS address on the DC and all workstations.
> >
> > Is there anything we need to do on the firewall side? Do we have to use
the
> > DNS Alias command on the Pix?
> >
> > We are using Windows 2000 Server, Service Pack 4 w/Active directory as
our
> > domain controller and currently have apprx. 20 workstations on the
domain.
> >
> > Thank you in advance for your help.