nslookup and DNS

  • Thread starter Thread starter Alan G. Monaghan
  • Start date Start date
A

Alan G. Monaghan

I am working on getting my Windows 2003 DNS server working.
So far, I am able to do most everything I want it to except my
nslookup requests are strange.


If I do an nslookup -q=any novell.com
it works fine and returns the exact same information as when I do this
command on a box that is pointed directly to my ISP's DNS server.

If I do an nslookup -q=any cisco.com I get a 2 second timeout from my
internal DNS server, but my workstation that is connected to the
outside world returns the entire record.

If I do an nslookup -q=any mmsonline.com, I get the same failure. This
is one of the domains we own so I would expect it to work always. This
lookup does complete sucessfully if I do it on the workstation that is
directly connected to my ISP's DNS server

If I use a browser, I can go to the internet on the internal DNS
server and on a workstation that has it listed as its primary DNS
server so I know something is working.

I do have forwarding turned on, recursion is turned on. I have not
done much yet to the box as I am just setting it up. I am using the
DNS on Windows Server 2003 book from O'Reilly to help me configure and
set this up.

Any suggestions would be appreciated.
 
Alan said:
I am working on getting my Windows 2003 DNS server working.
So far, I am able to do most everything I want it to except my
nslookup requests are strange.
Click to expand...


Just to follow up, I found and used the following tech article to fix
the issue.

http://support.microsoft.com/default.aspx?scid=kb;en-us;828731

An external DNS query may cause an error message in Windows Server
2003
View products that this article applies to.
Article ID : 828731
Last Review : November 3, 2004
Revision : 7.0

On this page
SYMPTOMS
CAUSE
WORKAROUND
MORE INFORMATION
APPLIES TO

SYMPTOMS
When a computer that is running Microsoft Windows Server 2003 makes an
external DNS query, you may receive one of the following error
messages:

Query Refused

Server unable to interpret format

Timeout
Back to the top

CAUSE
Cause #1
This problem may occur on some Cisco PIX Firewall models with software
that is earlier than PIX Firewall version 6.3(2). The Cisco PIX
Firewall drops DNS packets sent to User Datagram Protocol (UDP) port
53 that are larger than the configured maximum length. By default, the
maximum length for UDP packets is 512 bytes.
Cause #2
This problem may occur if the external DNS server does not support
Extension Mechanisms for DNS (EDNS0) or if a firewall exists between
your server and the external DNS server. DNS servers that do not
support EDNS0 cannot process EDNS0 data, and this behavior causes the
query to fail. Some firewalls may drop the EDNS0 packets that are sent
by servers that support EDNS0, or may drop UDP packets that are larger
than 512 bytes that are sent by servers that support EDNS0.
Back to the top

WORKAROUND
Workaround #1
To resolve this problem, visit the following Cisco Systems Web site
for information and update instructions:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00801a6d21.html#110415
Workaround #2
To work around this problem, turn off EDNS0 support in Windows Server
2003. To do this, follow these steps: 1. Start a command prompt.
2. Type dnscmd /Config /EnableEDnsProbes 0, and then press
ENTER.

Back to the top

MORE INFORMATION
For more information about Extension Mechanisms for DNS, visit the
following Microsoft Web site:
http://www.microsoft.com/technet/tr...proddocs/standard/sag_DNS_imp_EDNSsupport.asp
For more information about Cisco Systems visit the following Web site:
http://www.cisco.com
The third-party products that this article discusses are manufactured
by companies that are independent of Microsoft. Microsoft makes no
warranty, implied or otherwise, regarding the performance or
reliability of these products. Microsoft provides third-party contact
information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee
the accuracy of this third-party contact information.
Back to the top


----------------------------------------------------------------------
----------

APPLIES TO
• Microsoft Windows Server 2003, Web Edition
• Microsoft Windows Server 2003, Standard Edition
• Microsoft Windows Server 2003, Enterprise Edition
• Microsoft Windows Server 2003, Datacenter Edition
• Microsoft Windows Server 2003, Enterprise Edition for
Itanium-based Systems
• Microsoft Windows Server 2003, Datacenter Edition
• Microsoft Windows Small Business Server 2003 Standard Edition
• Microsoft Windows Small Business Server 2003 Premium Edition

Back to the top

Keywords: kbnetwork kbprb kbwinservnetwork KB828731
 
In
Alan G. Monaghan said:
Just to follow up, I found and used the following tech article to fix
the issue.

http://support.microsoft.com/default.aspx?scid=kb;en-us;828731
Click to expand...

<snipped>

Looks like you answered your own question and got it fixed!


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
=================================
 
Back
Top