Tag Archives: MCSE

Event ID 407, 408 – when NAT is used as a DNS server

QUESTION NO: 211

You are the administrator of TestKing’s network, which consists of a single Windows 2000 Domain. The

relevant portion of its configuration is shown in the exhibit.

You configure a Windows 2000 Server computer named NAT1 as the DNS server for the domain. You

install Routing and Remote Access on NAT1. You configure NAT1 to provide network address

translation services for client computers to access the Internet.

Users now report that they cannot log on to the domain or access network resources. On investigation,

you discover that you cannot query NAT1 for name resolution. In the application event log on NAT1, you

find the following event messages:

Event ID: 407

Source: DNS

Description: DNS server could not bind a datagram (UDP) socket to

192.168.0.1. The data is the error.

Event ID: 408

Source: DNS

Description: DNS server could not open socket for address 192.168.0.1.

Verify that this is a valid IP address on this machine.

How should you correct this problem?

A. Disable the DNS proxy functionality on NAT1

B. Enable the DNS proxy functionality on NAT1

C. Reconfigure the DNS server service not to listen on the internal address of NAT1.

D. Reconfigure the DNS server service not to listen on the external address of NAT1.

Answer: C

Explanation: This problem can occur when you have a NAT server that also is used as a DNS server. NAT has

a DNS Proxy setting that enables DHCP clients to direct DNS queries to the NAT server. The client DNS

queries are then forwarded to the NAT server’s configured DNS server. The DNS Proxy and the DNS Server

service cannot coexist on the same host, if the host is using the same interface and IP address with the default

settings.

There are three methods to overcome this problem:

1. Reconfigure the DNS server service not to listen on the internal address. This is the solution in this scenario.

2. Install NAT and DNS on different servers. We cannot change this configuration here since this option is not

listed.

3. Use the DHCP server Service in NAT, NOT the DHCP Allocator and DNS Proxy.

Reference: JSI Tip 3284, Your DNS Event Log reports Event Ids 407 and 408

Incorrect Answers:

A: We could disable both the DNS proxy functionality and the DHCP allocator.

B: The DNS proxy function on the NAT server is partly to blame. Enabling it will not help.

D: We must configure the DNS server not to listen to the internal address, not the external address.