DNS Server stops resolving queries..

  • Thread starter Thread starter Jim P. Barber
  • Start date Start date
J

Jim P. Barber

Hi,

I have a W2k DNS Server on my DMZ, the server stops
resolving queries at random intervals between 2 minutes
and 2 hours. The server produces no errors, no error
events or the like.

Any ideas at this point will be entertained.

TIA.

Jim Barber
 
In
Jim P. Barber said:
Hi,

I have a W2k DNS Server on my DMZ, the server stops
resolving queries at random intervals between 2 minutes
and 2 hours. The server produces no errors, no error
events or the like.

Any ideas at this point will be entertained.

TIA.

Jim Barber
Click to expand...

Hmm, only thing I can think of at this time is if you have Secure Cache
Against Pollution set? (DNS properties, Adv tab).

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Yup, it is secured. That's the funny thing. I have set
up this server with all the right settings and suggestions
from MS. This is my upteenth DNS Server and I have not
ever seen this.

Jim P. Barber
MCP, MCSA, MCSE
 
In
Yup, it is secured. That's the funny thing. I have set
up this server with all the right settings and suggestions
from MS. This is my upteenth DNS Server and I have not
ever seen this.

Jim P. Barber
MCP, MCSA, MCSE
Click to expand...


Hmm. Then I can understand how frustrating this can be if not your first. I
assume you've run an AV scan and such on it? Latest updates and SP too. If
it continues, I would suggest probably (long shot) to remove the service and
reinstall it with an SP integrated i386 source.

If you do some captures, maybe you can see where it starts to hang or maybe
if it's being naile, you can see a boatload of hits coming at it from the
outside. Not sure where else to take this. I remember a problem with NT4 DNS
years ago that it would stop resolving, but an SP fixed this. If one of the
later SPs is causing this (which I've seen some related posts on this but
they do not coorelate with any SP) that a fix would be out, but have not
heard of anything as of yet. The one only other thing I can think of is
firewall rules blocking UDP >1023 other than EDNS0, which is W2k3 specific.

I know you have Win2k, but just an FYI if you see this with any of your W2k3
machines, here's a couple of links to review. Sorry I have nothing on W2k
relating to this.

830381 - Server Responsiveness Degrades and Queries Time Out When You Run
the DNS Server Service:
http://support.microsoft.com/default.aspx?scid=kb;en-us;830381

830905 - DNS Intermittently Stops Resolving Some Host Names:
http://support.microsoft.com/?id=830905


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Jim P. Barber said:
Hi,

I have a W2k DNS Server on my DMZ, the server stops
resolving queries at random intervals between 2 minutes
and 2 hours. The server produces no errors, no error
events or the like.

Any ideas at this point will be entertained.

TIA.

Jim Barber
Click to expand...

Does this thing have a forwarder?
Where are you forwarding to?
DNS loops have been popular this week.
 
Nope Flat config, cache only, no local domains. protected
against cache pollution etc...

Jim.
 
Well, I reinstalled as you suggested. I slipstreamed my
service packs into the source directory and uninstalled
then reinstalled the DNS Services. No Joy! I see a
similar problem showing up in 2003, but see no mention of
it on 2k.

Jim P. Barber
MCP, MCSA, MCSE
 
In
Jim P. Barber said:
Well, I reinstalled as you suggested. I slipstreamed my
service packs into the source directory and uninstalled
then reinstalled the DNS Services. No Joy! I see a
similar problem showing up in 2003, but see no mention of
it on 2k.

Jim P. Barber
MCP, MCSA, MCSE
Click to expand...


Not sure what else to suggest other than remoting into it to take a peek.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Please expand on the comment DNS loops have been popular. I am experiancing
a DNS problem and have a temp workaround by restarting the DNS service every
1/2 hour to clear the cache.
 
In
John Tolmachoff said:
Please expand on the comment DNS loops have been popular. I am
experiancing a DNS problem and have a temp workaround by restarting
the DNS service every 1/2 hour to clear the cache.
Click to expand...

In the past several weeks there have been quite a few posters with a setup
similar to yours. Then, having their DMZ DNS forwarding to the internal DNS
and the internal DNS forwarding to the DMZ DNS. Doing this will cause a DNS
loop between the two. It is kind of like putting a microphone in front of a
speaker.
I'm not saying that is the problem, but I have to ask just in case. That is
the reason I asked what you had set for forwarders.
 
Ok, I thought you meant some kind of DNS attack on the Internet.

I am having a problem, but a different setup. DNS server cache only mode
stops responding, with or without forwarders configured. This is on a mail
server, (not Exchange and DNS is used for DNS based spam tests) and is
therefore servering a hugh amount of requests. By clearing the cache,
everything starts working agian.
 
In John Tolmachoff <[email protected]> posted a question
Then Kevin replied below:
: Ok, I thought you meant some kind of DNS attack on the Internet.
:
: I am having a problem, but a different setup. DNS server cache only
: mode stops responding, with or without forwarders configured. This is
: on a mail server, (not Exchange and DNS is used for DNS based spam
: tests) and is therefore servering a hugh amount of requests. By
: clearing the cache, everything starts working agian.
:

Hmm, I get the picture now. Try this give your DNS server multiple
forwarders then check the box "Do not use recursion" on the forwarders tab.
Not to be confused with "Disable recursion" on the Advanced tab. Make sure
all your Forwarders are capable of doing recursive lookups.

"Do not use recursion" requires your DNS server to forward all queries
instead of resolving the lookups itself using root hints. This makes it a
true caching only Proxy DNS server because it only caches records and does
simple lookups from its cache. It sends all queries not in it's cache to the
defined forwarder.
 
Back
Top