DNS server not working

  • Thread starter Thread starter locc
  • Start date Start date
L

locc

I have a problem and cannot get it fixed no matter what I try. Any
help would be appreciated.

1. On 10/27/2003 The Domain of Windows 2000 was working fine and came
back the next day and internet was not working.

2. So I was thinking no big deal I will just set up another DNS
server and I did...it worked fine and when I tried to change the DNS
entry for exchange it wouldn't connect anywhere on the net...I tried
to change the dns entry for the DC and same thing.

3. The weird thing is I am able to ping both IP's and when I went to
www.dnsreport.com and tried to see if it can even check my email
server and it could not connect as well. I use the Pix firewall using
NAT.

any help will be great..thanks.
 
In
locc said:
I have a problem and cannot get it fixed no matter what I try. Any
help would be appreciated.

1. On 10/27/2003 The Domain of Windows 2000 was working fine and came
back the next day and internet was not working.

2. So I was thinking no big deal I will just set up another DNS
server and I did...it worked fine and when I tried to change the DNS
entry for exchange it wouldn't connect anywhere on the net...I tried
to change the dns entry for the DC and same thing.

3. The weird thing is I am able to ping both IP's and when I went to
www.dnsreport.com and tried to see if it can even check my email
server and it could not connect as well. I use the Pix firewall using
NAT.

any help will be great..thanks.
Click to expand...

First thing I would check and make absolutely sure that you do NOT have any
external DNS servers in all of your machines' IP properties. This is
problematic with AD.

During many domain
communication and functions, the clients and DCs query the DNS server for
the location of domain services and resources, which is what the SRV records
store. If using an ISP's DNS in your IP properties, then numerous numerous
errors will abound, one of which long logon times or cannot logon, will
occur. So what's happening probably is that they maybe trying to query the
external DNS for that domain name's LDAP services, which it does not have an
answer for, so the need to point to your own DNS that's hosting the AD zone
is essential in an AD infrastructure, no matter how small.

So, if using an external DNS or the Netware DNS, they need to be removed and
only use your own internal DNS. To achieve efficient Internet resolution (if
required if not using Proxy), then suggested to configure a forwarder

Here's how to configure a forwarder. If the option is grayed out, delete the
root zone. This will show how:
http://support.microsoft.com/?id=300202

Here's more info on DNS and AD's requirements:
http://support.microsoft.com/?id=291382

Here's an AD and DNS troubleshooting guide:
http://www.microsoft.com/windows2000/dns/tshoot/dns_tshoot2A.asp



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I am sure no external is there except for the forwarders.
I tried netdiag dcdiag and no errors.

I tried to change the dns for qwest for my workstation
which works and when I change it back to the dns of my
domain it doesn't. and the forwarders are the of qwest's
dns'
 
Try changing the forwarder from the Qwest address to 4.2.2.2 and see if that
helps.

You say you are using PIX. Just curious, any rules blocking DNS traffic
(inbound or outbound)?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Okay I just changed the forwarder to 4.2.2.2 what is
that anyways? Still doesn't work. It is pretty
frustrating, it all worked fine until 10/29/2004 and
nothing changed on anything.

Yes I have a cisco pix firewall and nothing is blocking
dns traffic, we used the nat and global groups to go in
and out. and I am able to get out by using the qwest dns
on my workstation...if you are wondering how I am on the
net.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
I am sure no external is there except for the forwarders.
I tried netdiag dcdiag and no errors.

I tried to change the dns for qwest for my workstation
which works and when I change it back to the dns of my
domain it doesn't. and the forwarders are the of qwest's
dns'
Click to expand...

Are the root hints resolved?
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
Can you tell me how to do this, to make sure the root
hints are resolved.
Click to expand...
Use the DNS snap in on the property sheet for the DNS server on the Root
Hints tab.
 
I added hint root servers suggest by the microsoft
article still didnt work. I added dns to another server
and it is another dc and now has dns it can get to the
net. but exchange or the other dc can not.

-----Original Message-----
In (e-mail address removed)
Click to expand...
 
4.2.2.2 actually belongs to Genuity Networks, an ISP. Easy one to remember
when offering alternate forwarders.

Can you remember what happened on that date when it stopped, as
inconsequential as it may seem? Maybe solar flares? Now, I'm not being
facetious here, there were warnings that this can cause numerous issues, but
not sure what type of issues concerning this field. I've seen various news
on it. Just do a google search on it.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
apparently qwest was updating there servers at the time
it happened, but they are now up and running and now we
are still not able to get the dc onto the net. I set up
another server for dc and put dns on it and it works
fine, I used dns for my workstation and it works...when I
try to put the exchange server to point to the dns it
looks like it resolves the name to the ip but it seems
that something is blocking something.
 
In (e-mail address removed) <[email protected]>
posted a question
Then Kevin replied below:
I added hint root servers suggest by the microsoft
article still didnt work. I added dns to another server
and it is another dc and now has dns it can get to the
net. but exchange or the other dc can not.
Click to expand...
If the Root Hints were not resolved then the chances are that the server is
unable to access the internet to resolve them.
I would have to take another look at the firewall rules.
 
In
wwloccd said:
apparently qwest was updating there servers at the time
it happened, but they are now up and running
Click to expand...

I have a Qwest T1 and didn't experience any problems at all.
and now we
are still not able to get the dc onto the net. I set up
another server for dc and put dns on it and it works
fine, I used dns for my workstation and it works...
Click to expand...

Not sure what happened here, but I would at this juncture point to the new
DNS you just created and see if that DC can get on the net. I would also
make sure DNS registration is properly functioning by confirming the SRV
records are registered properly for AD.
when I
try to put the exchange server to point to the dns it
looks like it resolves the name to the ip
Click to expand...

Not sure what you mean by this, but that's DNS' job, to resolve names to IP.
but it seems
that something is blocking something.
Click to expand...

I don't understand. Is this the new server? What's being blocked? It's
resolving, correct?


Ace
 
In
so you are saying it might be the firewall, that's weird
nothing has changed.

This week sucks.
Click to expand...

There were solar flairs reported hitting Earth yesterday (this is not a
joke). It was warned some anamolies may occur due to it. Not sure if this
applies or not, but I would check your firewall access lists and confirm all
is open.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Well it was supposed to be down the seattle area for
qwest.

I meant that you can type ie www.google.com and at the
status bar of IE I see it has already resolved the ip
address and trying to open it, but it cannot open it
somehow. The new DNS server I setup is working and it
can get to the net, but when the other two servers use
it...it does the same thing resolving the ip but cannot
open the page.

What I meant by blocking was that, it does the name
resolution but fails to open the page. for instance when
I ping from the dns server(the one that can get on the
net) I get responses back. Now when I ping from the
other two servers, I get the IP address back then get
timed out.
 
Ok, at this juncture I would start looking at the PIX. If it's working on
one machine, and not another, then something is being blocked or something
at the PIX. Not sure what else to suggest at this point. Kind of exhausted
all other possibilities. Maybe the solar flares had something to do with it
from 10/29 (no joke here).

Ace



In
Well it was supposed to be down the seattle area for
qwest.

I meant that you can type ie www.google.com and at the
status bar of IE I see it has already resolved the ip
address and trying to open it, but it cannot open it
somehow. The new DNS server I setup is working and it
can get to the net, but when the other two servers use
it...it does the same thing resolving the ip but cannot
open the page.

What I meant by blocking was that, it does the name
resolution but fails to open the page. for instance when
I ping from the dns server(the one that can get on the
net) I get responses back. Now when I ping from the
other two servers, I get the IP address back then get
timed out.
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Yeah I think I am just gonna call cisco and see what's
going on. Ohh by the way the two servers that can't get
on the net are by chance the statics and conduits that I
have configured on the PIX.

It's bizzare because all started happening when quest did
an upgrade though.

Well thanks for all your suggestions...you been very
helpful, if you have any more please email me at
(e-mail address removed)

thanks.
 
In
Yeah I think I am just gonna call cisco and see what's
going on. Ohh by the way the two servers that can't get
on the net are by chance the statics and conduits that I
have configured on the PIX.

It's bizzare because all started happening when quest did
an upgrade though.

Well thanks for all your suggestions...you been very
helpful, if you have any more please email me at
(e-mail address removed)

thanks.
Click to expand...


You got it! Hope they straighten it out for you.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top