Help - Cached A Records Disappeared - Unable to Resolve External Host

[CB]

Hello,
Any help is greatly appreciated.

Environment
Windows 2003 Interim Forest Functional Mode
AD Integrated DNS

Servers
INTERNALHOST1.DOMAIN.COM: Primary DNS (w/forward & reverse zones) with
forwarding enabled to ISP for non-local domains
INTERNALHOST2.DOMAIN.COM: Secondary DNS (w/secondary zones) with
forwarding enabled to ISP for non-local domains
NOTE: INTERNALHOST1 & INTERNALHOST2 also are Pri/Sec WINS servers

Recent Changes
This past week I collapsed all my internal services (dhcp/dns/wins)
down to these 2 servers. The process went (mostly) smoothly except
for...

Problem 1:
My mail server was unable to resolve smtp.external.com and outbound
email started bouncing. Web surfing worked fine. NSLOOKUP could not
resolve smtp.external.com.
Action Taken: Checked the DNS cache and found ns1 & ns2 for
external.com but no A record for smtp.external.com. After looking into
other domain caches...only A records for names servers were being
listed...no www or smtp hostnames. I found that odd. I restarted DNS
and then...I could now resolve smtp.external.com.
Followup: This lasted for a day then it happened again. I restarted
DNS and it worked.

My only guess at this point is either the DNS service malfunctioned or
it has something to do with TTL expiring. Does anyone see anything
else?

Problem2:
We've got macs on our network. All my OSX macs have no problems
authenticating & mounting MAC volumes on my Windows2000 box, but mac
OS9 cannot authenticate...it hangs and timeouts. These OS9 boxes are
using AppleTalk to mount the volumes so ... it's not technically MS
DNS here, but maybe a DNS issue in AD?

Again, any help is appreciated!

CB

 

[Herb Martin]

Cached records are SUPPOSED to disappear (eventually).

Hello,
Any help is greatly appreciated.

Environment
Windows 2003 Interim Forest Functional Mode
AD Integrated DNS

Servers
INTERNALHOST1.DOMAIN.COM: Primary DNS (w/forward & reverse zones) with
forwarding enabled to ISP for non-local domains
INTERNALHOST2.DOMAIN.COM: Secondary DNS (w/secondary zones) with
forwarding enabled to ISP for non-local domains
NOTE: INTERNALHOST1 & INTERNALHOST2 also are Pri/Sec WINS servers

Recent Changes
This past week I collapsed all my internal services (dhcp/dns/wins)
down to these 2 servers. The process went (mostly) smoothly except
for...

Problem 1:
My mail server was unable to resolve smtp.external.com and outbound
email started bouncing. Web surfing worked fine. NSLOOKUP could not
resolve smtp.external.com.
Action Taken: Checked the DNS cache and found ns1 & ns2 for
external.com but no A record for smtp.external.com. After looking into
other domain caches...only A records for names servers were being
listed...no www or smtp hostnames. I found that odd. I restarted DNS
and then...I could now resolve smtp.external.com.

You have your DNS mangled somehow, see below for
the proper methods and tests.

Followup: This lasted for a day then it happened again. I restarted
DNS and it worked.

My only guess at this point is either the DNS service malfunctioned or
it has something to do with TTL expiring. Does anyone see anything
else?

It has nothing to do with TTL -- you name servers must
either HOLD every name (authoritatively) that they will
resolve OR they must be able to find a server that holds
the names (or use a forwarder to do the this.)

Problem2:
We've got macs on our network. All my OSX macs have no problems
authenticating & mounting MAC volumes on my Windows2000 box, but mac
OS9 cannot authenticate...it hangs and timeouts. These OS9 boxes are
using AppleTalk to mount the volumes so ... it's not technically MS
DNS here, but maybe a DNS issue in AD?

Chances are it is a DNS issue if you are authenticating to or
looking for Windows resources but it could also be a WINS
NetBIOS issue if your Macs have that software AND especially
if you have multiple subnets (where broadcasts fail to traverse
routers.)

Again, any help is appreciated!

Start here:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

 

[Rebecca Chen [MSFT]]

Hello,

As I have understand the DNS are unable to resolve the smtp.external.com.
however, as I know A record and MX record for smtp.external.com should be
hosted in ISP instead of the local DNS server. I suspect there is something
wrong when DNS cache the record.

I suggest you use the following steps to isolate this issue:

Step 1:
=========
1. Bring up DNS management by keying in "dnsmgmt.msc" in RUN box.
2. Right click your DNS server name to choose Properties
3. Switch to Debug Logging and check Log packets for debugging.
4. Check Details under Other section and specify a file location in Log
file section, such as "c:\dns.log".

5. Switch to Advanced tab and check Secure cache against pollution.

This option is set to prevent the hijack. For more details, pleaser refer
to the following article:

Description of the DNS Server Secure Cache Against Pollution Setting
http://support.microsoft.com/kb/316786/EN-US/

The following article is worth to have a look:

884421 Some of your SMTP e-mail messages may remain in your outgoing mail
http://support.microsoft.com/?id=884421

Step 2:
===========
1. Refer to the following article to install Network Monitor (netmon) on
your DNS server and set the netmon to monitor the external NIC:

243270 HOW TO: Install Network Monitor in Windows 2000
http://support.microsoft.com/?id=243270

148942 How to Capture Network Traffic with Network Monitor
http://support.microsoft.com/?id=148942



2. Start the netmon to capture the network packet
3. Open CMD and issue the following command:

Nslookup
Set d2
Smtp.external.com

4. Right click the mouse then select Mark, copy all output result and paste
the contents to a notepad file named d2.txt.

5. Stop the netmon and save the log

Please send the c:\dns.log, the netmon log and d2.txt to
(e-mail address removed) for research.

I look forward to your reply.


Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[CB]

Herb & Rebecca,
Thank your for your assistance and advice....

here is the latest...

I've opened a case with PSS.
1. DCDIAG & NETDIAG & and another tool (MPSREPORT) was run and
verified all configurations are fine and standard practices are
correct and everything is functioning correctly.
2. ONLY smtp.external.com is affected. Intermittently, when it
normally expires in the cache...it cannot be resolved again...but on
one server only (internalhost1.domain.com). My other DNS server can
resolve it just fine.
3. I changed my forwarders from my ISP to an MS suggestion (did not
fix).

In summary, periodically this one DNS server cannot resolve JUST this
one host...smtp.external.com (any other hostname will resolve).

I have to contact PSS again to followup that changing my forwarders
did not work. The only thing I can think of is that it's getting a
'negative' response to the query and that's getting cached...still
looking into that though.

In the interim, I'm specifying my ISP's smarthost for external email
to an IP address instead of a hostname (which my DNS is able to
reverse resolve).

Thanks again for you ideas...I'll post the updates.

-CB

 

[Herb Martin]

Herb & Rebecca,
Thank your for your assistance and advice....

here is the latest...

I've opened a case with PSS.
1. DCDIAG & NETDIAG & and another tool (MPSREPORT) was run and
verified all configurations are fine and standard practices are
correct and everything is functioning correctly.
2. ONLY smtp.external.com is affected. Intermittently, when it
normally expires in the cache...it cannot be resolved again...but on
one server only (internalhost1.domain.com). My other DNS server can
resolve it just fine.

What is the actual external name?

3. I changed my forwarders from my ISP to an MS suggestion (did not
fix).

To what? Changing it without understanding is not
going to fix it...

Normally you forward to YOUR firewall/DMZ DNS server
or to your ISP DNS servers....

In summary, periodically this one DNS server cannot resolve JUST this
one host...smtp.external.com (any other hostname will resolve).

Explain how it would get to the DNS servers for external.com

DNS is extremely logical so if nothing is blocking it (e.g., firewall)
it is VERY consistent.

I have to contact PSS again to followup that changing my forwarders
did not work. The only thing I can think of is that it's getting a
'negative' response to the query and that's getting cached...still
looking into that though.

Negative caching is about 5 minutes usually.

Where is it getting cached, in the problem server?

In the interim, I'm specifying my ISP's smarthost for external email
to an IP address instead of a hostname (which my DNS is able to
reverse resolve).

Thanks again for you ideas...I'll post the updates.

You likely have a basic misunderstanding or (probably trivial)
configuration error.

 

[CB]

Herb...
Answers inline...

What is the actual external name? smtp.visi.com


To what? Changing it without understanding is not
going to fix it...

changed my forwarders from my ISP's DNS servers to MS PSS suggestion
(4.2.2.2 & 4.2.2.1)...also Root Hints are in use

Normally you forward to YOUR firewall/DMZ DNS server
or to your ISP DNS servers....

Correct...that's what I've been doing for 2 years, forwarding to my
ISP's DNS servers

Explain how it would get to the DNS servers for external.com

My ISP's DNS servers were queried> starting at internal DNS
server>through firewall>over T1>port 53

DNS is extremely logical so if nothing is blocking it (e.g., firewall)
it is VERY consistent.

Yes...I agree...that's why I'm at a loss. My secondary DNS server can
resolve smtp.visi.com till the cows come home. My primary DNS server
can .... for awhile... then it starts failing until I clear the
cache...then it's back in action.

Negative caching is about 5 minutes usually.

Where is it getting cached, in the problem server?

I've never seen this 'negative' cache...I've just read about it so I'm
not sure if that is an issue here.

You likely have a basic misunderstanding or (probably trivial)
configuration error.

Hopefully, otherwise I have to bust out the protocol analyzer and
start examining the lower layers.

 

[Rebecca Chen [MSFT]]

Hi Larry,

I understand you are currently working with our CSS support engineer. In
order to aviod confusion, please continue to work on with our support
engineer toward a resolution.

Please consider posting back if you have got any resolution. I believe
others in this newsgrroup will get benifits from your experience.

Thank you for your understanding and contribution!

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.