DNS Crashes

[Jasper Recto]

Every once and a while our DNS service crashes BUT when you look at the
services, it says it's still running.
I believe DNS crashes because Exchange can not send emails because it can't
resolve the domain it needs to send to. Also, I can't ping using the Domain
name nor can I use NSLookup to resolve anything. What I usually do is just
restart the DNS server and Client service and everything's back to normal.
This happens sporadically. Sometimes it won't happen for weeks and other
times it happens several times a day. I can't seem to figure out what's
going on. Our DNS server is also the DC and Exchange server.

Any ideas would be greatly appreciated!

Thanks,
Jasper

 

[Michael Johnston [MSFT]]

This sounds like a DNS cache pollution problem. Make sure that Protect cache against pollution is enabled on the server. Also make sure that the dns server
has the lasted service pack and critical updates applied. When the problem occurs, if you try to resolve a name, do you actually get an answer? In many
cases like this, an answer is returned but it's the wrong answer. This would indicate DNS hijacking.

Thank you,
Mike Johnston
Microsoft Network Support

--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Jasper Recto]

When I try to resolve I get no answer. It just tells me it can't resolve
it.

Where do I enable 'Protect cache against pollution' on the DNS server?

Thanks,
Jasper

This sounds like a DNS cache pollution problem. Make sure that Protect

cache against pollution is enabled on the server. Also make sure that the
dns server

has the lasted service pack and critical updates applied. When the

problem occurs, if you try to resolve a name, do you actually get an answer?
In many

cases like this, an answer is returned but it's the wrong answer. This would indicate DNS hijacking.

Thank you,
Mike Johnston
Microsoft Network Support

rights. Use of included script samples are subject to the terms specified at

http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this

message are best directed to the newsgroup/thread from which they
originated.

 

[Ace Fekay [MVP]]

In

When I try to resolve I get no answer. It just tells me it can't
resolve it.

Where do I enable 'Protect cache against pollution' on the DNS server?

Thanks,
Jasper

Rt-click your DNS computer name in the DNS console, properties, Advanced
tab, in the list of available options, check "Secure Cache Against
Pollution".
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Christoph Steindorff]

I have the same problem as Jasper. The tip to
activate "Secure Cache Against Pollution" didn´t helped.
The problem still exists. After 30 minutes up to some
hours I have to restart the dns-server service.
Any another idea?

Thanx
Christoph

 

[Jasper Recto]

I don't know about Christoph but our DNS server is Microsoft's Small
Business Server. Not sure if this information may help or not.
Thanks,
Jasper

I have the same problem as Jasper. The tip to
activate "Secure Cache Against Pollution" didn´t helped.
The problem still exists. After 30 minutes up to some
hours I have to restart the dns-server service.
Any another idea?

Thanx
Christoph

 

[Kevin D. Goodknecht]

In

I don't know about Christoph but our DNS server is Microsoft's Small
Business Server. Not sure if this information may help or not.
Thanks,
Jasper

I have the same problem as Jasper. The tip to
activate "Secure Cache Against Pollution" didn´t helped.
The problem still exists. After 30 minutes up to some
hours I have to restart the dns-server service.
Any another idea?

Thanx
Christoph

How many DNS servers do you have and how are they configured?
Are there any events being logged?

 

[Jasper Recto]

We have 2 DNS servers. The are setup as Active Directory integrated.
Forwarders are enabled; Do not use recursion is checked; Dynamic updates are
allowed; secure cache against pollution is checked; Zone transfers to Any
Server is checked; No WINS forward lookup.

No events are being logged.

Thanks,
Jasper

 

[Kevin D. Goodknecht]

In

We have 2 DNS servers. The are setup as Active Directory integrated.
Forwarders are enabled; Do not use recursion is checked; Dynamic
updates are allowed; secure cache against pollution is checked; Zone
transfers to Any Server is checked; No WINS forward lookup.

No events are being logged.

This could very well be your forwarders failing, or the link to your
forwarders. Let me ask, you are not forwarding your DNS servers to each
other are you? This could cause a DNS loop that will cause the DNS service
to fail.
You could try clearing the "Do not use recursion" box to see if it helps. If
the forwarder fails then your DNS server can use its root hints then.

 

[Jasper Recto]

I don't have the forwarders pointing to each other. When you say that our
'forwarders' are failing, do you mean the external DNS server we are
forwarding them to or the actual service that is doing the forwarding on my
system is failing.
If it's the external DNS server, then why would restarting the DNS server
and client service resolve the issue?

I will uncheck the "Do not use recursion" box to see if it helps.

Thanks!!!!
Jasper

 

[Ace Fekay [MVP]]

Kevin is saying that the Forwarders might be having issues. You can try this
IP as a forwarder, which is good forwarder to see if it helps:
4.2.2.2

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory