large amount of DNS errors

  • Thread starter Thread starter gerryR
  • Start date Start date
G

gerryR

Hi All

We're getting alot (1000s) of the following errors on our DNS server.

We have 4 DNS server IPs in our list of forwarders on the server and the one
the error is refering to is no 3 on the list. Also in one of our other
sites the IP below is no one in the list of forwarders in its DNS setup!

anyone any ideas why this would be causing errors? As I say its generating
1000s of errors so cant be good for the system!

TIA for any advice
gerryR




Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 7063
Date: 15/05/2006
Time: 10:26:39
User: N/A
Computer: Servername
Description:
The DNS server is configured to forward to a non-recursive DNS server at
192.111.39.1.

DNS servers in forwarders list MUST be configured to process recursive
queries.
Either
1) fix the forwarder (192.111.39.1) to allow recursion
- connect to it with DNS Manager
- bring up server properties
- open "Advanced" tab
- uncheck "Disable Recursion"
- click OK
OR
2) remove this forwarder from this servers forwarders list
- DNS Manager
- bring up server properties
- open "Forwarders" tab
- remove (192.111.39.1) from list of forwarders
- click OK
 
Hi

The error seems pretty informative and even provides the solution! you cant
ask for more than that....lol

I dont want to repeat the error in different syntax but it does cover it
fairly well. Does the server at 192.111.39.1. support recursion? if not you
cannot have it as a forwarder simple as

Are these four forwarders required, you could just remove 192.111.39.1. and
that would fix the event log errors unless there is a specific reason for
having all of them listed

I would assume you would get this event on ALL systems using 192.111.39.1. as
a forwarder if it wont do recursion

Regards

Si
 
Hi and thanks for the reply Si

Sorry my last post abit misleading, what I ment to was the dns IP that we
are getting the errors on (192.111.39.1) is actually the 1st IP number in
the list of forwarders on two of our other DNS servers (in differnt sites)
but they are not getting these errors so I assume it does support recursion.

1 question, does the DNS on the server not just use the 1st IP in the list
of forwarders? and then only go onto the next one if the 1st one fails and
so on and so on?

thanks
gR
 
gerryR said:
Hi and thanks for the reply Si

Sorry my last post abit misleading, what I ment to was the dns IP
that we are getting the errors on (192.111.39.1) is actually the 1st
IP number in the list of forwarders on two of our other DNS servers
(in differnt sites) but they are not getting these errors so I assume
it does support recursion.

1 question, does the DNS on the server not just use the 1st IP in the
list of forwarders? and then only go onto the next one if the 1st
one fails and so on and so on?
Click to expand...

Actually that DNS does not support recursion and cannot be used as a
forwarder.

Here is the response from a DNS that supports recursion:
opcode: Query, status: NoError, id: 42
flags: qr aa rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

See the rd bit for recursion desired follow by the ra bit for recursion
available?

Here is the response from 192.111.39.1
opcode: Query, status: NoError, id: 42
flags: qr rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

See the missing ra bit?
 
Thanks for that Kevin, I'll remove it right away.

2 questions if you don't mind (I'd like to understand whats happening if
possible)

1. How did you get that DNS info on the IP? (dos command?)
2. Any idea why the server would be trying to use this DNS IP considering
its well down in the list of forwarders, I even moved it to the bottom of
the list and the error still occoured although not as often.

thanks again for your help
gerry
 
gerryR said:
Thanks for that Kevin, I'll remove it right away.

2 questions if you don't mind (I'd like to understand whats happening
if possible)

1. How did you get that DNS info on the IP? (dos command?)
Click to expand...

I used netdig but nslookup -d2 will give you the simular results.
Here is the relevant output from nslookup:
W:\>nslookup -d2 . 192.111.39.1
------------
SendRequest(), len 43
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
1.39.111.192.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (113 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 1, authority records = 2, additional = 0

See the answer section where it says want recursion?
If the DNS supported recursion it would say recursion avail after the want
recursion.

2. Any idea why the server would be trying to use this DNS IP
considering its well down in the list of forwarders, I even moved it
to the bottom of the list and the error still occoured although not
as often.
Click to expand...

DNS using forwarders will go throught the forwarders list until one responds
with some kind of an answer.
 
thanks Kevin!


Kevin D. Goodknecht Sr. said:
I used netdig but nslookup -d2 will give you the simular results.
Here is the relevant output from nslookup:
W:\>nslookup -d2 . 192.111.39.1
------------
SendRequest(), len 43
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional =
0

QUESTIONS:
1.39.111.192.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (113 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion
questions = 1, answers = 1, authority records = 2, additional =
0

See the answer section where it says want recursion?
If the DNS supported recursion it would say recursion avail after the want
recursion.



DNS using forwarders will go throught the forwarders list until one
responds
with some kind of an answer.
Click to expand...
 
Back
Top