DNS Problems???

  • Thread starter Thread starter Bob Showalter
  • Start date Start date
B

Bob Showalter

I'm having what would appear to be DNS issues on a network
I just took over support of. Exchange will say that DNS
can't locate the server of the addressee. When people go
to a web page, they may get a DNS error and then after
hitting refresh 1 or 2 times they get where they want to
go. I am not sure that DNS request are being efficiently
forwarded, but would like some advice:

The network has 2 servers, both domain controllers running
Windows 2000 with one of them running Exchange Server
2000. They both are set to be DNS servers on the local
network. The preferred DSN is set to the primary server
and the secondary is set to the Exchange server. There is
a Symantec VPN200 Firewall/VPN device between the network
and the Cisco DSL Modem/Router. The VPN has a static
address and is set as the Primary Gateway for the
network. It has other DSN servers programmed in. It's
WAN address corresponds with the LAN address for the Cisco
DSL Modem/Router.

In the DNS Console, in Forwarders for the domain it shows
the servers, but does not point out (to the Firewall or to
any other DNS servers).

Is this how it should be, and is there a better, more
efficient way?

Thanks in advance for any help you can provide
 
In the DNS Console, in Forwarders for the domain it shows
the servers, but does not point out (to the Firewall or to
any other DNS servers).

I'm not sure if I read this right, but what I get here is that the Servers
themselves are listed in the "Fowarders" list. If this is the case, remove
the servers from the list. They should not forward to themselves. They
forward OUTSIDE (e.g. your ISP) or don't forward at all.

Now, in order to better help with your specific issue, you will need to send
the output of the ipconfig /all from your servers and at least one client
that has the problem.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Thanks for the quick reply. When I say that the servers
are listed as forwarders, what I mean is that they are
shown as the Start of Authority and the Name Server. I
will get the information you asked for this evening from
the site and post it in the morning.

Thanks
 
In Bob Showalter <[email protected]> posted a question
Then Kevin replied below:
: It has other DSN servers programmed in. It's
: WAN address corresponds with the LAN address for the Cisco
: DSL Modem/Router.<----------Remove the routers address from all machines
TCP/IP for DNS, Do not use the router anywhere accept in the DNS server as a
forwarder, period.
:
: In the DNS Console, in Forwarders for the domain it shows
: the servers, but does not point out (to the Firewall or to
: any other DNS servers).<----------Use the router as the Forwarder ONLY.
 
Here is the ipconfig info from the two servers:

Server1:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : gjha.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gjha.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82544GC Based Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-26-4B-
22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.5
Server2 (Exchange Serveer)
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : exchange
Primary DNS Suffix . . . . . . . : gjha.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gjha.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82544GC Based Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-26-4A-
D3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.0.2
In the DNS Console, the domain is the only Forward Lookup
Zone, and under it, the server(s) shows up as the Start of
Authority and the Name Server.

It seems that there should be mention somewhere of the
router/firewall/vpn which is the default gateway as a
forward lookup zone. But am I mistaken on this?

Thanks again for any help.
 
The IPconfig looks very OK to me. This lead me to think that the problem you
described:

May be due to one of 2 things:
1. Your firewall/router/gateway is not returning the DNS lookup packet in
a timely fashion, so your DNS server times out and tells the client it can't
find the address. When the client tries multiple times, then the DNS server
eventually receives the record and hands it over to your client. To resolve
this, I'd suggest that you configure the "Forwarders" in your DNS to use
your ISP's DNS server. Also when the problem happens, look in the DNS
servers's "Cached Lookup" zone (in DNS MMC. You will need to enable
"Advanced" view in order to see this) and see if you can actually see the
record that's being requested

2. The clients are not using your internal DNS servers for lookup. I
don't think this is the case, though. But you should verify anyway.

you asked:which is the default gateway as a forward lookup zone. But am I mistaken on
this?

You are mistaken :) It should not be anywhere in your DNS. You want to
ensure, though, that "192.168.0.1" is what you have specified as the Default
Gateway in your DHCP scope, if you use DHCP

Now, I forgot to ask you: Does this problem also happen on the Servers, or
is it just on the clients?

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Here is the ipconfig info from the two servers:

Server1:
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : server1
Primary DNS Suffix . . . . . . . : gjha.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gjha.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82544GC Based Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-26-4B-
22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
192.168.0.5
Server2 (Exchange Serveer)
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : exchange
Primary DNS Suffix . . . . . . . : gjha.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gjha.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
82544GC Based Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-26-4A-
D3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
192.168.0.2
In the DNS Console, the domain is the only Forward Lookup
Zone, and under it, the server(s) shows up as the Start of
Authority and the Name Server.

It seems that there should be mention somewhere of the
router/firewall/vpn which is the default gateway as a
forward lookup zone. But am I mistaken on this?

Thanks again for any help.
 
We don't use the servers for anything but servers so if
the problem does occure on the servers it is never
noticed. I only get calls about users having problems at
their workstations.

Thanks
 
In Bob Showalter <[email protected]> posted a question
Then Kevin replied below:
: We don't use the servers for anything but servers so if
: the problem does occure on the servers it is never
: noticed. I only get calls about users having problems at
: their workstations.
:

Can you post an ipconfig from one of the clients?

Check this in both of your DNS servers, in the DNS console expand Forward
Lookup Zones, you should have:
gjha.local
If there is a "." in either's under Forward lookup zones, delete it!
Then go to the forwarders tab, and put your ISP's DNS in as a forwarder or
the router or firewall depending on their setup. Do NOT use the router in
any machine's TCP/IP settings for DNS, only use the servers' addresses for
DNS.
 
I will get the ipconfig from a client; I have looked at it
and it shows the 2 servers as the primary and secondary
DNS (192.168.0.2 and 192.168.0.5) and has the router as
the default gateway (192.168.0.1).

In saying that I should add the DSN that is set into the
firewall/router as a forward lookup zone, is that a zone
in addition to gjha.local (which is there). Does it need
to resolve to something or can I just give it a name (such
as "firewall".

Today I tried to get on the internet from the server(s)
and it was iffy at best. I connected a notebook to the
DSL modem/router and it worked fine. I then connected it
to the LAN side of the firewall but w/o logging onto the
network and the internet connection was fine. But when I
logged onto the network, attempts to brouse the internet
were sporatic at best. So it is pretty certain that
something is messed up in the servers. Is there some
utility for cleaning out DNS, or is there ever any benefit
to just starting over on it. What are the pitfalls.

Thanks for all of the responses I have been getting.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
: I will get the ipconfig from a client; I have looked at it
: and it shows the 2 servers as the primary and secondary
: DNS (192.168.0.2 and 192.168.0.5) and has the router as
: the default gateway (192.168.0.1).
:
: In saying that I should add the DSN that is set into the
: firewall/router as a forward lookup zone, is that a zone
: in addition to gjha.local (which is there). Does it need
: to resolve to something or can I just give it a name (such
: as "firewall".

I didn't say anything about a forward lookup zone on or for the router, a
Forwarder is not a zone, it is a DNS server that your DNS server can use to
help it resolve external queries.
Open the DNS console, right click on the DNS server's icon, choose
properties, look on the Forwarders tab.
 
Sorry I mis read your previous message. So would it then
be acceptable to put the ip address of the router AND/OR
the ISPs DSN in as Forwarders?
-----Original Message-----
In (e-mail address removed)
Click to expand...
 
In Bob Showalter <[email protected]> posted a question
Then Kevin replied below:
: Sorry I mis read your previous message. So would it then
: be acceptable to put the ip address of the router AND/OR
: the ISPs DSN in as Forwarders?
:
It depends on the router some routers act as a DNS proxy others don't if the
router has a DNS proxy use it. But only as a forwarder, never point a
machine to it.
 
Back
Top