A reply for Herb Martin - from earlier post - DNS stops respondingthroughout the day

[Steve Grosz]

The above implies that your IP is broken unless you
are merely saying that tracert never resolves the name
-- and thus never even starts the trace.

That is what happens, the name doesn't resolve, and the trace won't begin.

If I wait about 5 minutes and do another tracert, the domain is found.

Do you have a mix of INTERNAL and EXTERNAL (or other)
DNS servers listed on the clients or on any forwarders at the
servers?

(Don't do that. Internal clients get internal only, forwarders
[usually] get external only.)

I do have a forwarder to my ISP DNS servers so if anything isn't found
internally it should try at the ISP DNS servers.

What happens when you use NSLookup to try specific and
individual DNS servers, e.g.,

nslookup server.domain.com 192.168.10.1
nslookup server.domain.com 192.168.10.2

(Assuming that .1 is DNS1 and .2 is DNS2)

What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's) is:

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.161.x.x

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

IGNORE any initial error in NSlookup relating to not finding
the NAME of the DNS SERVER. All you care about is if
the actual question you ask gets answered.


DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

I'm not using AD with DNS, just DNS server itself.

Steve

 

[Herb Martin]

If I didn't respond to a thread, then it was unintentional,
but sometimes they get lost in OE.

That is what happens, the name doesn't resolve, and the trace won't begin.

Then it is name resolution. DNS mostly.

Tracert itself is not failing, the name resolution is failing.

[I did respond to this before, so maybe the message
was lost.]

Sounds like a DNS server resolving LATE, so it gets
into cache and then is available later, but not this time
due to timeouts.

Do you have a mix of INTERNAL and EXTERNAL (or other)
DNS servers listed on the clients or on any forwarders at the
servers?

(Don't do that. Internal clients get internal only, forwarders
[usually] get external only.)

I do have a forwarder to my ISP DNS servers so if anything isn't found
internally it should try at the ISP DNS servers.

That is not a "Mix" on the client -- that IS WHAT you should
have for resolving both internal and external names.

What we are looking for is (one or both of):

1) Clients with both Internal and External ON THE NIC
2) DNS servers with a mix of Int/Ext in the Forwarders

That "usually" worries me -- if you have an Internal DNS
server with a MIX on the Forwarder list then it will give
unpredictable results (perhaps) or late results (perhaps.)

What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's)

is:

What if you try various DNS servers? Several internal,
and the ISP directly?

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.161.x.x

IGNORE any initial error in NSlookup relating to not finding

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.

IGNORE any initial error in NSlookup relating to not finding


What we care about is does it go on and RESOLVE.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

I'm not using AD with DNS, just DNS server itself.

Do you have any ZONES internally?

If not, you could actually do some mixing.

Why do you run DNS internally?
(I can think of some good reasons but without Internal
zones they are not as numerous.)

 

[Steve Grosz]

Herb,

Ok, here are some more answers to your questions!

Do you have a mix of INTERNAL and EXTERNAL (or other)
DNS servers listed on the clients or on any forwarders at the
servers?

(Don't do that. Internal clients get internal only, forwarders
[usually] get external only.)

I do have a forwarder to my ISP DNS servers so if anything isn't found
internally it should try at the ISP DNS servers.

That is not a "Mix" on the client -- that IS WHAT you should
have for resolving both internal and external names.

What we are looking for is (one or both of):

1) Clients with both Internal and External ON THE NIC
2) DNS servers with a mix of Int/Ext in the Forwarders

That "usually" worries me -- if you have an Internal DNS
server with a MIX on the Forwarder list then it will give
unpredictable results (perhaps) or late results (perhaps.)

What I have is my WAP doing DHCP, and for the DNS server I have it
handing out the IP of my internal DNS server only, no external DNS is
listed.

is:

What if you try various DNS servers? Several internal,
and the ISP directly?




IGNORE any initial error in NSlookup relating to not finding



IGNORE any initial error in NSlookup relating to not finding





What we care about is does it go on and RESOLVE.

I may be having problems from within a corporate firewall, and other
systems, because it never resolves.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

I'm not using AD with DNS, just DNS server itself.

Do you have any ZONES internally?
If not, you could actually do some mixing.

If I'm remembering correctly, no, there are no zones set up.

Why do you run DNS internally?
(I can think of some good reasons but without Internal
zones they are not as numerous.)

I run DNS because I host a couple of separate domains, for email and web
hosting.

Steve

 

[Herb Martin]

Why do you run DNS internally?
Do NONE of the NSlookup commands ever give
back anything (useful)?

Including the ones where you specify a ISP DNS
server?

I run DNS because I host a couple of separate domains, for email and web
hosting.

That still doesn't explain why you run internal
DNS (might be good reasons) if you don't have
any INTERNAL zones?

You need to use NSLookup or a similar tool
and figure out WHERE the resolution is breaking
down...move to that server and try the same from
there.


--
Herb Martin

Herb,

Ok, here are some more answers to your questions!

Do you have a mix of INTERNAL and EXTERNAL (or other)
DNS servers listed on the clients or on any forwarders at the
servers?

(Don't do that. Internal clients get internal only, forwarders
[usually] get external only.)

I do have a forwarder to my ISP DNS servers so if anything isn't found
internally it should try at the ISP DNS servers.

That is not a "Mix" on the client -- that IS WHAT you should
have for resolving both internal and external names.

What we are looking for is (one or both of):

1) Clients with both Internal and External ON THE NIC
2) DNS servers with a mix of Int/Ext in the Forwarders

That "usually" worries me -- if you have an Internal DNS
server with a MIX on the Forwarder list then it will give
unpredictable results (perhaps) or late results (perhaps.)

What I have is my WAP doing DHCP, and for the DNS server I have it
handing out the IP of my internal DNS server only, no external DNS is
listed.

is:

What if you try various DNS servers? Several internal,
and the ISP directly?




IGNORE any initial error in NSlookup relating to not finding



IGNORE any initial error in NSlookup relating to not finding





What we care about is does it go on and RESOLVE.

I may be having problems from within a corporate firewall, and other
systems, because it never resolves.

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /serverC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Lable domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


I'm not using AD with DNS, just DNS server itself.

Do you have any ZONES internally?
If not, you could actually do some mixing.

If I'm remembering correctly, no, there are no zones set up.

Why do you run DNS internally?
(I can think of some good reasons but without Internal
zones they are not as numerous.)

I run DNS because I host a couple of separate domains, for email and web
hosting.

Steve

 

[Steve Grosz]

Ok, what I did was log onto the server, and ran the nslookup command,
what I got was:
Server: 209-161-4-74.sgrosz.d1.boi.fiberpipe.net
Address: 209.161.4.74

Name: ns1.computicle.com
Address: 209.161.4.74

But does that help at all in this problem?

Steve

 

[Herb Martin]

Ok, what I did was log onto the server, and ran the nslookup command,
what I got was:
Server: 209-161-4-74.sgrosz.d1.boi.fiberpipe.net
Address: 209.161.4.74

Name: ns1.computicle.com
Address: 209.161.4.74

But does that help at all in this problem?

It won't help you JUST to see it work, but it might if you
can pinpoint WHEN or WHERE it fails and works by
contrast.

So, it might if you perform the same action from
a client experiencing the problem, and SPECIFY
that IP of the DNS server the client is using (check
with IPConfig /all if you don't know), then working
through each DNS server that might be involved.

You might also play with the timeout value to see if
one of them works, but works slowly:

nslookup SOMEWHERE ip.of.a.DNSServer

....and...

nslookup -time=10 SOMEWHERE ip.of.a.DNSServer

time=10 or 5 or whatever to see where the delays are.