Create an internal DNS Server

Source: Internet
Author: User
Tags dns forwarder
DNS is a very important basic service. Many applications are based on DNS services, such as the most commonly used HTTP browser. Many of my friends said they could not access the internet in the Forum. In fact, they could not resolve the FQDN name, that is, there was a problem with accessing the DNS service. If they only used IP addresses for access, for example, QQ would use IP addresses for access, yes. Therefore, when you cannot browse the Web page, you must first distinguish between connection problems and DNS problems. Through this article, you can learn how to build an internal DNS server.

Many scenarios where Nat software is used are usually because the external network card of the gateway obtains the DNS server address of the ISP and can be resolved. However, if an internal customer wants to resolve the DNS name, there are only two methods: 1. Set the DNS address on the internal client to the DNS server of the external ISP; 2. Create a DNS server internally, and the internal customer uses the internal DNS server, the internal DNS server is then forwarded to the DNS server of the external ISP. In terms of client efficiency, the first method is better; but in terms of controllability and scalability, as well as network efficiency, the second method is better, especially for environments with a domain, the second method must be used for DNS forwarding.

Kwf has a DNS forwarder, which is more efficient than Windows DNS servers. It only supports DNS forwarding. ISA does not have a DNS forwarder. However, using the full-featured DNS server in the Windows Server version can perfectly implement internal DNS servers.

Note that you do not need to configure the DNS server when browsing the Web. The reason is that the Web proxy client does not directly access the DNS service when browsing the Web through the ISA Web Proxy service, as long as the ISA Server can resolve the DNS name. However, if other web proxy client accesses (non-Web browser access) require DNS resolution, failure may occur if the DNS server is not configured.

Although the firewall client will also be configured as a web proxy client by default, the firewall client (fwc) will directly send all non-local TCP/UDP data to the ISA Server. Therefore, no matter whether you have configured the default gateway and DNS server locally, fwc always sends data to the ISA server it is connected to. Therefore, as long as the isaserver can correctly resolve the DNS, then the firewall customer can resolve the DNS normally.

Next, I will explain it to you through examples. Because the structure is very simple, I did not draw a picture of the network structure. The client IP address is, And the IP address of the Gateway (ISA Server 2004 English version) is The procedure of this test is as follows:

1. No DNS server is set on the client, but you can access the Internet by setting it as a Web Proxy;

2. Create and configure an internal DNS server on the ISA Server;

3. The client sets the DNS server address as the new internal DNS server. At this time, the client can access the Internet normally;

Now go to the test:


1. The customer cannot resolve DNS, but can browse the webpage through Web Proxy

No DNS server is set on the client,

In this case, if ipconfig/All is used, no DNS server is displayed. Ping display the domain name;

Web browsing will naturally fail.

However, you can ping my DNS server. This indicates that the network connection is successful, but the DNS cannot be resolved;

However, I set the proxy server in the connection. For example, the proxy server can be accessed normally;



2. Create an internal DNS Server

Open on ISA ServerControl PanelUnderAdd/delete programs, ClickAdd/delete Windows ComponentsIn the Windows component wizard, double-clickNETWORK SERVICE, SelectDomain Name System (DNS), ClickOKAnd then click"Next stepYou may need to insert a Windows installation CD during the installation process.

After the installation, you can see the "DNS" console in the management tool. After clicking it, the page is displayed as follows. Right-click the server and select Properties;

The DNS server is easy to set, mainly in the following aspects:

(1) interface: because it is only for internal use, it can be bound only to the internal interface;

(2) forwarder: the settings in this area are important. First select "all other DNS domains" above and then in the list of forwarder IP addresses below, add the IP address of the DNS server you obtained from the ISP.

The internal DNS server is set up. Of course, you can also set up a name resolution and a DNS name domain. In addition, it should be noted that DNS can be used independently, not necessarily in combination with the Active Directory.


3. Configure internal customers to use internal DNS servers

For example, configure the customer and set the DNS server address to the new internal DNS server address;

In this case, Ping
Http://, you can rename it.

Browsing successful.

So far, the internal DNS server application has been successfully completed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.