I have a Windows Server 2008 installed on a machine at a co-lo facility. I made it a domain controller for Active Directory, and it also runs DNS.
On the machine if I ping one of the hosted A entries – for example foo.example.com – it works fine. If I use netstat -a
, it shows me the server listening on port 53 (UDP and TCP). The DNS Manager properties for the server shows "Listen on all IP addresses". I also disabled the firewall for all profiles temporarily just to check. So it should just work, right?
Using DNSStuff to look up the DNS entries I get an error – the DNS server isn't responding. If I ping the domain from an external machine, it does not resolve the name. A web-based port scanner says that port 53 is not responding (I assume it means TCP).
Here is a snippet from the netstat output:
TCP 10.0.0.50:53 OptimusPrime:0 LISTENING
TCP 66.240.234.144:53 OptimusPrime:0 LISTENING
UDP 10.0.0.50:53 *:*
UDP 66.240.234.144:53 *:*
There are no relevant entries in the event log as far as I can see. Other services (such as VPN) on the machine accessed via that same IP address work fine.
Does this suggest a routing issue or perhaps the co-lo facility doing some filtering? What should my next step be in diagnosing this issue?
Best Answer
If you can do nslookup internally but not externally, and you don't have a firewall setup, my guess would be the location has some sort of hardware firewall active.