DNS timeout

  • Thread starter Thread starter nich
  • Start date Start date
N

nich

Hi,

We have a Firewall machine, basically Windows 2000 Server with ISA Server
installed. DNS is used by the internal LAN and we have our local ISP DNS
Servers as forwarders. The problem is that every now and then the IsaServer
DNS stops responding to client queries. A restart of the DNS Service solves
the problem but this is getting quite annoying..... No errors whatsoever are
logged in the event logs!

Any Ideas?

Thanks
Nich
 
3 things to check for. First, make sure that the INTERNAL NIC of the ISA
server does not have a Default Gateway specified. The Default Gateway should
be on the EXTERNAL NIC. Second, check the DNS Properties and ensure that
this server is listening only on the INTERNAL NIC.

Then you also want to be sure that the server is not using your ISP DNS
server on either of the NICs, not even on the external NIC. Check those
things and reboot if you made any corrections, then let's hear how it goes.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
So, this is how it's set up

The isaserver has a router in front. External nic has the router is set as
gateway and internal IP as DNS Server
2 internal Nic cards serving 2 different subnets with no gateway and the
internal ip as DNS Server.
All internal clients on both lans use the respective internal interface ip
as gateway and dns
Also, DNS Server on the ISA Machine listens on all IPS (2 int & 1 ext)

At first I thought it was an EDNS problem since we had just upgrdaded one of
the internal servers to 2003, but with EDNS disabled it is still happening.

Thanks

Nicholas
 
So, the thing to "fix" right now is to remove the external NIC's IP from the
"listening" list. You are publishing the DNS service to the outside world in
ISA, right?

Let's hear if it still exhibits the same symptom after this.
--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
Hi Deji,

Well, outside the isa we have the DMZ. But anyway, we do not use the ISA dns
from dmz... I removed it from listening on that nic card.
Will let you know how it goes :)

Thanks

Nich
 
Back
Top