DNS not resolving .com only

  • Thread starter Thread starter Jamie Young
  • Start date Start date
J

Jamie Young

We have 2 DC's at a client running AD integrated DNS with
no forwarders, and yesterday a couple of times for a few
hours each .com resolution was not beiong done at all. All
others (.net, .org, etc...) would resolve just fine, but
not .com. We could not find anything in the logs, and
finally after a reboot was done to the servers it seemed
to start working again. (We had cleared the cache and
restarted the services prior) - Any insight on why this
may have happened or how to prevent it from happening
again without having to reboot?
tia
Jamie
 
Jamie Young said:
We have 2 DC's at a client running AD integrated DNS with
no forwarders,
Click to expand...

Then any resolution for zones not held on that server and it's
delegated child zones would be resolved by ACTUAL
"recursion" from the ROOT zone down and be dependent
on any issues with firewalls and reaching the Internet root,
and .Com servers on the Internet.

BTW, it is usually a BAD idea to have your DCs doing full
scale Internet resolution like this -- they might need to visit,
ReallyBadCrackersOurUs.com and I don't want my DCs
doing that.

One reason to forward is to protect your Internal servers from'
such associations. (Others include Firewalls and WAN efficiency.)
and yesterday a couple of times for a few
hours each .com resolution was not beiong done at all. All
others (.net, .org, etc...) would resolve just fine, but
not .com. We could not find anything in the logs, and
finally after a reboot was done to the servers it seemed
to start working again.
Click to expand...

My guess: Your DNS server had a wrong (or downed) DNS
server for .Com in cache.

General principle in such cases: Clear the DNS server (and maybe
the client-side) caches.
(We had cleared the cache and
restarted the services prior)
Click to expand...

Well, so much for that idea -- second idea is to actually do the resolutions
yourself using NSLookup (or a better substitute tool) and see what
descrepancies, if any, you find.

Once you resolve the problem this isn't possible.
- Any insight on why this
may have happened or how to prevent it from happening
again without having to reboot?
Click to expand...

Another possibility is (unlikely) that some of the clients are actually
doing their OWN "Internet resolution" by being INCORRECTLY
configured with both an Internal and an External DNS server.

Internal DNS clients should ONLY use Internal DNS servers -- which
should either forward (preferred generally) or do the actual root-down
recursion (if necessary) for Internet resolution.
 
Back
Top