DNS resolution not working (Win2k Pro)

  • Thread starter Thread starter Gerhard Fiedler
  • Start date Start date
G

Gerhard Fiedler

Hello,

I have a problem with the DNS resolution on a Win2k Pro system. The network
adapter is set up with hardcoded addresses and DNS server addresses, and
access from it to the internet and from the internet to the system works.

For example, "ping 216.109.112.135" works fine. But "ping yahoo.com"
returns "unknown host", even though I can ping both DNS server IP addresses
fine and both the "DNS Client" and "DHCP Client" services are running.

In the event viewer I get a dnscache warning whenever the computer starts
(event id 11050) that says that the computer can't contact any DNS servers.
Why is this, when I can ping the two DNS servers from the same computer,
and they seem to work as DNS servers on other systems?

(The behavior is independent of the installed firewall Tiny PF 5. When I
disable it, nothing changes.)

Can anybody help me out here, please? What can I check, what is necessary
for the DNS resolution to work?

Thanks,
Gerhard
 
Gerhard Fiedler said:
Hello,

I have a problem with the DNS resolution on a Win2k Pro system. The network
adapter is set up with hardcoded addresses and DNS server addresses, and
access from it to the internet and from the internet to the system works.
Click to expand...
For example, "ping 216.109.112.135" works fine. But "ping yahoo.com"
returns "unknown host", even though I can ping both DNS server IP addresses
fine and both the "DNS Client" and "DHCP Client" services are running.
Click to expand...

What are the DNS server addresses?

Do you have an INTERNAL DNS server (set)?

If you use internal DNS servers then your client must
be set to use ONLY the internal server (set).

In that case, the INTERNAL DNS servers will usually
"Forward" to an External (e.g, at the ISP.)
In the event viewer I get a dnscache warning whenever the computer starts
(event id 11050) that says that the computer can't contact any DNS
Click to expand...
servers.

Sounds like the client machine is set with INCORRECT
addresses for DNS server -- or those servers are not
funtioning.
Why is this, when I can ping the two DNS servers from the same computer,
and they seem to work as DNS servers on other systems?
Click to expand...

Then maybe it is a routing problem for the client, or
some filtering on your network.

Try:

nslookup www.yahoo.com
nslookup www.yahoo.com ADDRESS_OF_DNS_SERVER

See if you get a difference.

(The behavior is independent of the installed firewall Tiny PF 5. When I
disable it, nothing changes.)
Click to expand...

Are you sure it is disable? (Really, weirder things have happened.)
Can anybody help me out here, please? What can I check, what is necessary
for the DNS resolution to work?
Click to expand...


Client machines specify the (correct) DNS servers in their
NIC->IP properties.

That is pretty much it unless you have firewalled yourself
into isolation.
 
In
Gerhard Fiedler said:
Hello,

I have a problem with the DNS resolution on a Win2k Pro
system. The network adapter is set up with hardcoded
addresses and DNS server addresses, and access from it to
the internet and from the internet to the system works.

For example, "ping 216.109.112.135" works fine. But "ping
yahoo.com" returns "unknown host", even though I can ping
both DNS server IP addresses fine and both the "DNS
Client" and "DHCP Client" services are running.

In the event viewer I get a dnscache warning whenever the
computer starts (event id 11050) that says that the
computer can't contact any DNS servers. Why is this, when
I can ping the two DNS servers from the same computer,
and they seem to work as DNS servers on other systems?
Click to expand...

Just because you can ping a certain IP address does that mean you can
connect to a given port at those same IP addresses?
(The behavior is independent of the installed firewall
Tiny PF 5. When I disable it, nothing changes.)

Can anybody help me out here, please? What can I check,
what is necessary for the DNS resolution to work?
Click to expand...

I suspect a firewall rule in place the blocks outbound connections to port
53 UDP.
 
Kevin D. Goodknecht Sr. said:
I suspect a firewall rule in place the blocks outbound connections to port
53 UDP.
Click to expand...

Popular (and free) tool for resolving this is NetCat (NC.exe).

Telnet is commonly used to test text based TCP services
by connection thus: telnet server.domain.com 80

Problem is that Telnet doesn't support UDP connections so
it won't work for (most) DNS testing.
 
I have a problem with the DNS resolution on a Win2k Pro system. The
network adapter is set up with hardcoded addresses and DNS server
addresses, and access from it to the internet and from the internet to the
system works.
Ok

For example, "ping 216.109.112.135" works fine. But "ping yahoo.com"
returns "unknown host", even though I can ping both DNS server IP
addresses fine and both the "DNS Client" and "DHCP Client" services are
running.
Click to expand...
<snippage>

Either the configured DNS servers are wrong, or they are
unreachable from the machine; to perform a quick test
open a command prompt on the machine, then enter the
command "nslookup", you'll see some messages and
a ">" prompt, enter www.microsoft.com and press enter
if the configured DNS are working you should see the
IP addresses of the Microsoft site, if that's not true, try
entering the command "server 4.2.2.2" and then retry
entering www.microsoft.com if neither works, there is
probably something blocking DNS traffic from/to the
machine; if the second check (using the DNS 4.2.2.2)
works the DNS servers you're currently using aren't
reachable or aren't working properly

Let me/us (the NG) know

Regards

--

* ObiWan

Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://mvp.support.microsoft.com

DNS "fail-safe" for Windows clients.
http://ntcanuck.com

408+ XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm
 
What are the DNS server addresses?
Click to expand...

209.116.241.10 and 209.205.242.132 (as given by the local ISP)

From all I can tell, there is a problem with these two DNS servers.
However, what people from that site told me, that's the DNS servers their
(working) machines are using. But I'll investigate that further. (Takes a
bit, though -- I'm off site.)
Do you have an INTERNAL DNS server (set)?
Click to expand...

No. Both external.
Sounds like the client machine is set with INCORRECT addresses for DNS
server -- or those servers are not funtioning.
Click to expand...

Exactly what seems to be.
Then maybe it is a routing problem for the client, or some filtering on
your network.

Try:

nslookup www.yahoo.com
nslookup www.yahoo.com ADDRESS_OF_DNS_SERVER
Click to expand...

This (and the netdiag tool that somebody else mentioned) are exactly what I
needed to investigate that. (Plus the reassuring explanations that there's
no tricky stuff behind that I don't know about... :)
Are you sure it is disable? (Really, weirder things have happened.)
Click to expand...

I know... no offense taken :) But when I use the DNS servers of my own ISP
(for example 200.174.144.14), it all works -- the nslookup works, and
normal Internet access and DNS resolution too if I add it to the DNS
servers in the connection configuration. So I guess the firewall is not a
problem.

It looks like something's wrong with the DNS server addresses they got from
their ISP. The only thing I have to find out is why their other computers
work and this one not, even though they assured me that they are set to the
same DNS servers. Anyway, thanks to all for your help -- I think I have
enough information now to get to the bottom of this.

Thanks,
Gerhard
 
Kevin said:
Just because you can ping a certain IP address does that mean you can
connect to a given port at those same IP addresses?
Click to expand...

Yes, I knew that. I just didn't know how to specifically test for a DNS
connection. But I guess the nslookup tool does exactly that.
I suspect a firewall rule in place the blocks outbound connections to port
53 UDP.
Click to expand...

If so, I think it is not a firewall on this system. The symptoms don't
change when I disable the firewall. Maybe somewhere in the ISP's routing...

Thanks,
Gerhard
 
In
Gerhard Fiedler said:
209.116.241.10 and 209.205.242.132 (as given by the local
ISP)
Click to expand...
I cannot make either a UDP or TCP connection to port 53 of either of these
addresses.
Try 4.2.2.1 and 4.2.2.2
 
Gerhard Fiedler said:
209.116.241.10 and 209.205.242.132 (as given by the local ISP)

From all I can tell, there is a problem with these two DNS servers.
However, what people from that site told me, that's the DNS servers their
(working) machines are using. But I'll investigate that further. (Takes a
bit, though -- I'm off site.)
Click to expand...

They do NOT work from here (even with 10 second timeouts),
but then they might be firewall or restricted to servicing only
local clients.

No. Both external.
Click to expand...

You need a reliable DNS server (set) even if you have
to install one yourself.

(No zones or registration are required if you just wish
to RESOLVE addresses on behalf of your own clients.)

Well, they don't work from here, so perhaps you aren't
allowed through the firewalls or considered local addresses
either.
Exactly what seems to be.

This (and the netdiag tool that somebody else mentioned) are exactly what I
needed to investigate that. (Plus the reassuring explanations that there's
no tricky stuff behind that I don't know about... :)


I know... no offense taken :) But when I use the DNS servers of my own ISP
(for example 200.174.144.14), it all works -- the nslookup works, and
normal Internet access and DNS resolution too if I add it to the DNS
servers in the connection configuration. So I guess the firewall is not a
problem.
Click to expand...

What do you mean "of your own ISP"?

Although clients can TECHNICAL use any DNS server (that
will respond with the correct answers), it is impolite to use
one owned by others without permission (for more than just
a brief test), and really the clients should typically use the
closest, correct, working DNS server.

Why aren't you using YOUR ISP DNS?
It looks like something's wrong with the DNS server addresses they got from
their ISP.
Click to expand...

Oh, different set of clients -- sorry.

Or the DNS servers are firewall -- or set so the clients are
considered "foreign" and therefore not serviced.
The only thing I have to find out is why their other computers
work and this one not, even though they assured me that they are set to the
same DNS servers. Anyway, thanks to all for your help -- I think I have
enough information now to get to the bottom of this.
Click to expand...

nslookup is a pretty funky tool (e.g., it gives bogus errors if their is
no reverse-PTR record for the DNS server) but it has the advantage
of being available on all NT-class machines that have IP.
 
Kevin's test is a good one because if the clients can
connect to these addresses, then the problem lies
either with the DNS server or at least close to that
server and not with the clients.
 
First off, thank you all very much for your help. That's a not so common
experience in newsgroups these days... :)

It seems I created some confusion not describing the complete situation.
Here it is:

- I am off-site, using my own ISP to connect through pcAnywhere to one
computer on a client's internal network.
- This one computer is an FTP server. All other computers on that network
are normal office PCs.
- The client's internal network is connected to the Internet through the
client's ISP.
- The ISP has some firewall running, but opened the ports I need to connect
to that one computer (and some others we need for that machine).
- The two DNS servers that don't work are the ones that my client has
received from their ISP.
- They are also the ones they see in the ipconfig output of their office
PCs (which work fine).
- But I haven't yet seen an actual copy of ipconfig or nslookup output. So
far they just confirmed that the numbers were the ones. This is what I'm
waiting for now.
- In the meantime, I have set up that one machine to use the DNS servers of
my own ISP (which is different from my client's ISP). It works fine with
these DNS servers. I think that's ok, as long as it is a temporary
solution. After all, they only get used very rarely (that machine is not
typically used for browsing, only when I download updates etc.)

Hope this clarifies some of the confusion I created.

At this point, I'm waiting for the copies of the outputs of a few commands
run on their normal PCs to see what exactly these PCs do, and whether they
in fact are using these two DNS servers that don't work -- not from that
machine, not from here, and not from a few other places (as you were nice
enough to check also).

I guess if in fact the other office PCs use these two DNS servers and they
work there, we have some kind of firewall problem with my client's ISP.

If the office PCs use other DNS servers, then the whole thing was a
miscommunication from my client's ISP to my client and from my client to
me.

See also some inline comments below.

Thanks,
Gerhard


Herb said:
You need a reliable DNS server (set) even if you have to install one
yourself.
Click to expand...

I know. And I intend to get one from my client's ISP :) I think it's their
responsibility to provide that.

What do you mean "of your own ISP"?
Click to expand...

I hope that the above has cleared that up. I am off-site and using a
different ISP than my client, where the one computer with the DNS server
problem is located.
Why aren't you using YOUR ISP DNS?
Click to expand...

I think I wrote that I'm using my ISP's DNS server :) And the whole
problem is that the client's DNS servers (or what I currently have reason
to believe what they are) don't work from that one computer. So I added
temporarily the DNS servers of my own ISP to the list of DNS servers on
that problematic machine, just to get it working for now.
Or the DNS servers are firewall -- or set so the clients are
considered "foreign" and therefore not serviced.
Click to expand...

Yes. I'm waiting for some feedback about other machines on the network to
see what their exact setup is.
nslookup is a pretty funky tool (e.g., it gives bogus errors if their is
no reverse-PTR record for the DNS server) but it has the advantage
of being available on all NT-class machines that have IP.
Click to expand...

Thanks for that info. I've always thought that networking is some kind of a
black art... :)
 
209.116.241.10 and 209.205.242.132 (as given by the local ISP)
Kevin's test is a good one because if the clients can connect to these
addresses, then the problem lies either with the DNS server or at least
close to that server and not with the clients.
Click to expand...

I didn't try these DNS servers, but I tried the DNS servers of my own ISP
(one is 200.174.144.14), and everything works fine when I use them.

Thanks,
Gerhard
 
Jonathan said:
GF> I can ping both DNS server IP addresses fine

"ping" is a tool for testing ICMP/IP connectivity, and that is all that
you have tested with it.
Click to expand...

I know... :) Only after I asked here, I became aware of nslookup.
Test, with a DNS diagnosis tool, whether you can send a DNS query to the
DNS server and receive a response.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-diagnosis-tool
s.html>
Click to expand...

Thanks for the link! Unluckily, as this site explains, there seems to be a
certain lack of DNS tools (well, they give at least one that looks good
http://mvptools.com/ ).

But from the investigation so far, it seems that for some reason this one
computer can't access the same DNS servers that all other computers on the
network are using. If I get that confirmed, I guess it is a problem with
their ISP's firewall or routing.

Thanks,
Gerhard
 
Gerhard Fiedler said:
I didn't try these DNS servers, but I tried the DNS servers of my own ISP
(one is 200.174.144.14), and everything works fine when I use them.
Click to expand...

That pretty much gives you (or the authorized users)
the information/ammunition to discuss the problem
with the DNS admins, or for them to get their network
admins to fix it.
 
Gerhard Fiedler said:
First off, thank you all very much for your help. That's a not so common
experience in newsgroups these days... :)
Click to expand...

You are very welcome.

I do appreciate the thanks and you will probably find that
your experience with news groups in general is not the same
as these Microsoft newsgroups.

Generally, any well-formed question will get some response
and more often than not a LOT of help.

Part of the reason may be the MVP system Microsoft uses to
recognize and reward those of us who help a lot.
It seems I created some confusion not describing the complete situation.
Here it is:
Click to expand...

I think you have explained it pretty well.

(In the other part of the thread, you seem to have it
focused on the problem if not completely resolved
so I am not going to address the items below unless
you reply and indicate otherwise.)
- I am off-site, using my own ISP to connect through pcAnywhere to one
computer on a client's internal network.
- This one computer is an FTP server. All other computers on that network
are normal office PCs.
- The client's internal network is connected to the Internet through the
client's ISP.
- The ISP has some firewall running, but opened the ports I need to connect
to that one computer (and some others we need for that machine).
- The two DNS servers that don't work are the ones that my client has
received from their ISP.
- They are also the ones they see in the ipconfig output of their office
PCs (which work fine).
- But I haven't yet seen an actual copy of ipconfig or nslookup output. So
far they just confirmed that the numbers were the ones. This is what I'm
waiting for now.
- In the meantime, I have set up that one machine to use the DNS servers of
my own ISP (which is different from my client's ISP). It works fine with
these DNS servers. I think that's ok, as long as it is a temporary
solution. After all, they only get used very rarely (that machine is not
typically used for browsing, only when I download updates etc.)

Hope this clarifies some of the confusion I created.

At this point, I'm waiting for the copies of the outputs of a few commands
run on their normal PCs to see what exactly these PCs do, and whether they
in fact are using these two DNS servers that don't work -- not from that
machine, not from here, and not from a few other places (as you were nice
enough to check also).

I guess if in fact the other office PCs use these two DNS servers and they
work there, we have some kind of firewall problem with my client's ISP.

If the office PCs use other DNS servers, then the whole thing was a
miscommunication from my client's ISP to my client and from my client to
me.

See also some inline comments below.
Click to expand...
 
Try 4.2.2.1 and 4.2.2.2
That pretty much gives you (or the authorized users) the
information/ammunition to discuss the problem with the DNS admins, or
for them to get their network admins to fix it.
Click to expand...

Just one more question: I saw these two DNS servers recently in another
context (the 4.2.2.1 and 4.2.2.2 addresses). Are they some kind of basic,
public, always available DNS servers, generally used for tests like what I
needed to do?

Gerhard
 
Just one more question: I saw these two DNS servers recently in
another context (the 4.2.2.1 and 4.2.2.2 addresses). Are they some
kind of basic, public, always available DNS servers, generally used
for tests like what I needed to do?
Click to expand...

Not, exactly.

They belong to a large network and have fairly easy to remember addresses.

Since they don't block requests from random addresses they work.

It is sort of rude to use such permanently without asking permission
however.
No one much minds for a bit or for testing however.

And if they really didn't want it to happen they could disable recursion or
disallow public addresses from making requests.
 
Back
Top