DNS forwarding

[ppp]

We have a DNS server that, out of the blue, no longer forwards unresolved
DNS names to our ISP's DNS servers. Name resolution work fine for our
internal DNS/AD domain, but external DNS names can no longer be resolved.
There are NO warnings or errors in the EVENT LOG.

The ISP's DNS servers is not the problem - I can use NSLOOKUP and set it to
use the ISP's DNS server and resolution would work without problems.

I have seen this problem on one Win2000 server and one Win2003 server on
different networks. Both DNS Servers (incidentally also DC, GC and Ops
Masters respectively) would work fine for months then all of sudden stop
forwarding. Stopping and starting the DNS Service would fix the problem,
but only temporarily. Today however, stopping and starting the service did
not work.

What could be wrong?

 

[Kevin D. Goodknecht [MVP]]

In

We have a DNS server that, out of the blue, no longer forwards
unresolved DNS names to our ISP's DNS servers. Name resolution work
fine for our internal DNS/AD domain, but external DNS names can no
longer be resolved. There are NO warnings or errors in the EVENT LOG.

The ISP's DNS servers is not the problem - I can use NSLOOKUP and set
it to use the ISP's DNS server and resolution would work without
problems.

I have seen this problem on one Win2000 server and one Win2003 server
on different networks. Both DNS Servers (incidentally also DC, GC and
Ops Masters respectively) would work fine for months then all of
sudden stop forwarding. Stopping and starting the DNS Service would
fix the problem, but only temporarily. Today however, stopping and
starting the service did not work.

What could be wrong?

The DNS server should be able to resolve external domains, even without a
forwarder configured. Forwarders are optional, unless you have "Do not use
recursion" checked on the forwarders tab.
Can I ask what are the addresses you have for your forwarders?
Are your root hints resolved? (on the root hints tab)

 

[Ace Fekay [MVP]]

In

In

The DNS server should be able to resolve external domains, even
without a forwarder configured. Forwarders are optional, unless you
have "Do not use recursion" checked on the forwarders tab.
Can I ask what are the addresses you have for your forwarders?
Are your root hints resolved? (on the root hints tab)

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================

Just to add Kevin, an unreliable connection or actually a connection that
needs to be intiated, such as an ADSL connection, (IIRC), which is directly
connected to the machine, can also cause DNS to stop such as this when the
connection times out.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[ppp]

Kevin D. Goodknecht [MVP] wrote:

The DNS server should be able to resolve external domains, even without a
forwarder configured. Forwarders are optional, unless you have "Do not use
recursion" checked on the forwarders tab.
Can I ask what are the addresses you have for your forwarders?
Are your root hints resolved? (on the root hints tab)

Forwarders: (1) 203.2.75.132 and 198.142.0.51, (2) 210.15.254.240 and
210.15.254.241 (I think)



I have removed the forwarders and yes the root hints do work. However, our
DNS server started behaving well shortly before removing the forwarders
anyhow - we were down for quite a few hours despite restarting the server
and stopping/restarting the DNS service. External name resolution
sporadically worked for moments here and there at that time. Note that our
ISP Internet service was not down at all: by using a proxy server or
manually setting the client to use the ISP's DNS server, external
connectivity worked fine with no loss packets whatsoever during testing.

 

[Ace Fekay [MVP]]

In

Forwarders: (1) 203.2.75.132 and 198.142.0.51, (2) 210.15.254.240 and
210.15.254.241 (I think)



I have removed the forwarders and yes the root hints do work.
However, our DNS server started behaving well shortly before removing
the forwarders anyhow - we were down for quite a few hours despite
restarting the server and stopping/restarting the DNS service.
External name resolution sporadically worked for moments here and
there at that time. Note that our ISP Internet service was not down
at all: by using a proxy server or manually setting the client to use
the ISP's DNS server, external connectivity worked fine with no loss
packets whatsoever during testing.

Just to eliminate any possible config errors, can we possibly see an
ipconfig /all?

Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Kevin D. Goodknecht [MVP]]

In

Kevin D. Goodknecht [MVP] wrote:



Forwarders: (1) 203.2.75.132 and 198.142.0.51, (2) 210.15.254.240 and
210.15.254.241 (I think)



I have removed the forwarders and yes the root hints do work.
However, our DNS server started behaving well shortly before removing
the forwarders anyhow - we were down for quite a few hours despite
restarting the server and stopping/restarting the DNS service.
External name resolution sporadically worked for moments here and
there at that time. Note that our ISP Internet service was not down
at all: by using a proxy server or manually setting the client to use
the ISP's DNS server, external connectivity worked fine with no loss
packets whatsoever during testing.

Just to be sure, I checked these servers to verify they were doing recursive
queries, which they are.

Make sure that "Secure cache against pollution" is checked on the Advanced
tab. The next time DNS fails try clearing the cache on your DNS servers To
verify it is not cache pollution.

If you have not checked "Do not use recursion" on the forwarders tab, even
if the forwarders fail, DNS should continue to resolve using recursion.

On a side note, if the Win2k3 is behind a router or firewall, take a look at
the below KB article to disable EDNS extensions. This has been a fairly
common issue with Win2k3 DNS, what happens is Win2k3 DNS supports UDP
packets that exceed 512 bytes, many firewalls will reject these packets and
cause external DNS resolution to fail.
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&Product=winsvr2003

 

[DevGD]

Was there ever a solution to the problem? I have the same problem.

Thanks
DevGD

*In

Just to be sure, I checked these servers to verify they were doin
recursive
queries, which they are.

Make sure that "Secure cache against pollution" is checked on th
Advanced
tab. The next time DNS fails try clearing the cache on your DN
servers To
verify it is not cache pollution.

If you have not checked "Do not use recursion" on the forwarders tab
even
if the forwarders fail, DNS should continue to resolve usin
recursion.

On a side note, if the Win2k3 is behind a router or firewall, take
look at
the below KB article to disable EDNS extensions. This has been
fairly
common issue with Win2k3 DNS, what happens is Win2k3 DNS support
UDP
packets that exceed 512 bytes, many firewalls will reject thes
packets and
cause external DNS resolution to fail.
828731 - An External DNS Query May Cause an Error Message in Window
Server
2003
http://tinyurl.com/259s3

-
DevG

 

[Jeff Westhead [MSFT]]

In the forwarder IP list below it appears that in this case some internal
DNS servers were specified along with ISP DNS servers. This is not a valid
configuration. All forwarders must have the same view of the entire DNS
universe.

You might want to check that you are not in that boat, or provide more
information.