1

Hello All,

I am hoping someone can help me, as i have a DNS issue that is doing my nut in.

I have DNS setup on my domain controller, and everything works ok for about a week.

then noone can get to any webpages, everyone gets a page cannot be displayed, it is a very easy fix, i just reset the “DNS Server” services and all is working again fine.

I just want to fix this for good, i checked the logs and nothing, i cannot see anything work with the DNS server at all.

Help…

5 Spice ups
2

Could we have a bit more info about your setup?

What version of Windows server are you running? Are your DNS servers internal (and is there more than1?)

Do you have forwarders set up for every DNS server, and, if so, are they resolving correctly?

Do you have a firewall, that is perhaps blocking outbound or inbound DNS traffic?

You say resetting (I expect you mean restarting) the DNS service fixes the problem? Does flushing the DNS cache do the same?

Are your clients showing the correct DNS information when you run ipconfig/all?

3

Try and workout if its the Server Service or further down the chain (where it’s forwarded to)

  1. From a PC at the CMD prompt do a nslookup command to test the name resolution do one internal name (eg HP99) and one external (e.g www.google.com) do they both fail or just the external lookup ?

  2. If name resolution fails for the internal lookup then we’ll drill deeper into the DNS Server service.

  3. If name resolution fails for the External lookup only then we need to check the link to the External DNS your using

Please check all NIC drivers (especially Broadcom) are upto date

4

Check that your DNS is bound to the correct adapter

5

Hello,

Sorry, I know I missed some details off, (been a very long night),

This is my test rig,

1st Server is a home build server (using server parts), running ESXi5, I have three virtual servers running on it.

all of the servers are running Windows Server 2008 R2 all update and service packs

(16gb ram, lots of HDs)

Virtual Server 01 (2gb ram, 3 drives (40gb, 40gb, 40gb)

DNS and Domain Controller (domain set to 2008 R2 level)

Virtual Server 02 (4gb ram, 3 drives, 40gb, 40gb, 150gb)

Exchange 2010 SP2

Virtual Server 03 (4gb ram lots of drive)

WSUS

Service Manager

SQL Server, and everything else i throw at it.

File and Print

2nd Server (8gb ram, 2x1tb drive)

HP DL140

File Server, and System Center Config Manager

3rd Server (4gb ram, 1x1tb, 1x500gb)

Dell Poweredge 850

not used as of yet, it is going to be a 2nd domain controller and 2nd DNS server, but wanted to get the above issues sorted first.

4th Server (2gb ram, 2x500gb)

This is a homemade small desktop, which I am going to use as a media server.

Client machines,

Dell XPS 420, Dell XPS 17, HP touch laptop

All drivers for network cards are up to date on computers and Servers.

When it went down last time, I did some “nsloopup” and “pings” but only to external address and their all failed on all machines, not sure to internal address as did not check, i will do next time it goes wrong.

Flushing the DNS does not work, rebooting the client machines also does not work.

The only way I can get it to work again, is by rebooting the domain controller or restarting the service (DNS SERVER).

No forwarders are setup, i just leave the DNS server to do it use thing.

(do you think this could be the issue, should i start to use forwarders to point to a external dns?)

I am sorry if this does not read very well, i have dyslexia,(and only 1 hour sleep in the last 18 or so)

Andrew

6

Andrew,

You should setup DNS Forwarders to point to your external DNS Servers provided by your ISP, and sometimes a public DNS Server doesn’t hurt (4.2.2.1). You can do this by right clicking on the DNS Server in the MMC console and selecting Properties. Then add them to the Forwarders tab. Once you add your second DNS Server you will NEED to make sure that when you setup the static IPs of both Servers that the DNS Server listed for each, is the other DNS Server. For example:

DNS Server 1
IP: XXX.XXX.XXX.XXX
MASK: XXX.XXX.XXX.XXX
DNS: DNS Server 2 IP

DNS Server 2
IP: XXX.XXX.XXX.XXX
MASK: XXX.XXX.XXX.XXX
DNS: DNS Server 1 IP

This will make sure that they replicate their DNS information correctly!

1 Spice up
7

Steve M hit the nail right on the head, public forwarding is the way to go with Microsoft DNS. The only difference I would say is that I add more than 2 DNS servers in the forward section. I use the 2 ISP providers, and then 2 more Public, lately I’ve been using Google’s (8.8.8.8) and open (4.2.2.2). It is highly doubtful though that you will need that redundancy very often, as ISP Provider DNS servers are usually pretty hardy and are rarely down.

8

Check out the below link to see what the best public dns might be for you to use. http://www.pcworld.com/downloads/file/fid,201708/description.html

9

What does running “dcdiag /test:DNS” show you?

10

I am going to update my DNS to have some forwarders point to openDNS

Walter1703,

C:\Windows\system32>DCDiag /test:DNS

Directory Server Diagnosis

Performing initial setup:
Trying to find home server…
Home Server = REMOVED

  • Identified AD Forest.
    Done gathering initial info.

Doing initial required tests

Testing server: REMOVED
Starting test: Connectivity
… REMOVED passed test Connectivity

Doing primary tests

Testing server: REMOVED

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes…
… REMOVED passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : REMOVED

Running enterprise tests on : REMOVED.org.uk
Starting test: DNS
Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

REMOVED.org.uk passed test DNS

11

There has always been a flaw with root hint servers in Windows DNS. Setup the forwards, restart the DNS Service and then re-run your dcdiag, you should see the last 3 DNS tests pass.

12

yeah, the test runs ok now.

I will leave it on the openDNS for a bit and see what happens

cheers anyone

13

I found this link that kind of explains the reason for the root hints issue as well as a registry entry that supposedly fixes the problem. I’m not sure of the registry as I’ve just always used the forwarding solution, but here’s the link:

14

+1 for using DNS forwarders. Steve Gibson has an excellent DNS benchmarking tool that can help you determine which public DNS servers are better suited for your local network.

15

i been using opendns and so far no more errors.

looking good so far :slight_smile: