DNS Forwarder inconsistent

  • Thread starter Thread starter JohnB
  • Start date Start date
J

JohnB

I recently setup our 2 internal DNS servers to be DNS
forwarders. I used the DNS server provided by our ISP
But, the results with IE, are inconsistent.

The servers are 2k, SP4.
The inconsistent results are on 2k Pro SP4 and XP SP1
clients.

The problem: at the bottom of IE it will say "connecting
to www.google.com And then it will say "connecting to
IP_Address_of_Yahoo. And a minute or 2 later the page
will timeout. And then other times, it works fine.

What could be the cause?
How can I troubleshoot this?
Thanks
 
The problem: at the bottom of IE it will say "connecting
to www.google.com And then it will say "connecting to
IP_Address_of_Yahoo. And a minute or 2 later the page
will timeout. And then other times, it works fine.

What could be the cause?
How can I troubleshoot this?
Click to expand...

Admin error? <grin>

Are you serious that it shows YAHOO when you request GOOGLE?

Have you checked:
Cache of client?
Cache of server?
NSLookup explicitly to the internal (each) servers?
NSLookup explicitly to the forward (each if more than one) servers?

Until you do these things you won't even know which is/are reporting the
wrong
answer.

Also, make sure that ALL internal machines use ONLY internal servers on the
NIC settings -- this includes the servers themselves.
 
In
JohnB said:
I recently setup our 2 internal DNS servers to be DNS
forwarders. I used the DNS server provided by our ISP
But, the results with IE, are inconsistent.

The servers are 2k, SP4.
The inconsistent results are on 2k Pro SP4 and XP SP1
clients.

The problem: at the bottom of IE it will say "connecting
to www.google.com And then it will say "connecting to
IP_Address_of_Yahoo. And a minute or 2 later the page
will timeout. And then other times, it works fine.

What could be the cause?
How can I troubleshoot this?
Thanks
Click to expand...

This sounds like the Qhosts trojan. See
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.removal.tool.html
 
Are you serious that it shows YAHOO when you request
GOOGLE?
Click to expand...
Doh!! that should have said IP_address_of_google
Have you checked:
Cache of client?
Click to expand...
yes, even rebooted
Cache of server?
Click to expand...
yes, even rebooted
NSLookup explicitly to the internal (each) servers?
Click to expand...
I'll try that the next time it fails in IE. Right now
that works.
NSLookup explicitly to the forward (each if more
than one) servers?
Click to expand...
Works now. I'll try when IE fails.
Also, make sure that ALL internal machines use ONLY
internal servers on the NIC settings
Click to expand...
I know of a few servers that have an external DNS server
on their NIC. I wasn't testing this on those machines.
this includes the servers themselves.
Click to expand...
The DNS servers do not have an external DNS server on
their NIC.
Thanks
 
The best test will be to use NSLOOKUP when things are failing. To use NSLOOKUP open a command prompt and type "NSLOOKUP" and press enter. You
may get a timeout error when you initiall run NSLOOKUP, don't worry about that. At the NSLOOUP prompt type "www.google.com" this should return the IP
address of google. This name is a cname and will point you to www.google.akadns.net. A IN 300 216.239.37.99. If you get anything other than this, clear the
cache on your DNS server and try again. If you get the wrong IP again, remove any forwarders from the DNS server, clear the cache again and test again.

Thank you,
Mike Johnston
Microsoft Network Support


--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
 
J> The problem: at the bottom of IE it will say "connecting
J> to www.google.com And then it will say "connecting to
J> IP_Address_of_Google. And a minute or 2 later the page
J> will timeout. And then other times, it works fine.

This sounds, given that by the "connecting" stage your web browser will have
mapped the domain name to an IP address, like an HTTP connectivity problem,
and not a DNS problem at all.
 
Are you serious that it shows YAHOO when you request
Doh!! that should have said IP_address_of_google
Click to expand...

Then what is the actual problem?
yes, even rebooted
Click to expand...

Don't flail -- IPConfig /flushDNS or Net Stop "DNS Client" will flush
the cache just fine.
yes, even rebooted
Click to expand...

Again, don't flail...use the tools (at least at first.)

What did the caches show? Correct or incorrect values?
I'll try that the next time it fails in IE. Right now
that works.

Works now. I'll try when IE fails.
Good.

I know of a few servers that have an external DNS server
on their NIC. I wasn't testing this on those machines.
Click to expand...

Ok, but almost always internal machines should point to internal
DNS (if available) and NEVER point a machine to different sets
of DNS -- clients assume that all servers return the SAME (correct)
answers.
The DNS servers do not have an external DNS server on
their NIC.
Click to expand...

Good -- probably not relevant to this problem but it's the right thing to
do and a common error.
 
Then what is the actual problem?the page times out. Weird, because it obviously resolves correcty because
IE displays Google's IP. It takes about 90-120 seconds to timeout. But it
resolves the IP address instantly.
sorry, mis-read the question the first time. Yes, cache is correct. But
again, I need to check this when it fails.
 
Ok, so your real problem is not DNS related (most likely) -- but
rather an IE issue.

What happens if you put that IP address (when it happens) in the
IE URL instead of the DNS name -- if that gives the same behavior
you don't have a DNS problem.
 
Problem solved. Thanks for your and everyone elses suggestions.

It was our ISP's DNS server. We use MCI (formerly Worldcom) and they use uu
net DNS servers. I called them today and was told that the DNS server of
theirs that I'd been using had "quite a bit of latency". They gave me 2
more to try - I put them in as forwarders, and walla, problem solved.
For myself, this was a tough one to troubleshoot - but now I know - the next
time this, or something similar happens :)
 
Back
Top