Problem:Reply from nameservers-authority is com

  • Thread starter Thread starter David Henson
  • Start date Start date
D

David Henson

Hi all. Thanks in advance for your replies.

Perplexing DNS Problem on W2K, SP4, DC (though this happened pre-SP4 as
well)

Any queries for external addresses timeout. Looking at the trace in netmon,
the reply always comes back that the authority is:

com.

when I try something like www.lycos.com. When I trace the same thing on
another W2K/DC/DNS box, the query comes back as expected, with a referral to
the NS for that domain. The problematic box re-sends the query into each of
the com. servers, which all reply back that the authority for that domain is
com. Eventually the request times out.

I have investigated the request packet from both boxes, and the packet is
identical byte for byte except for the Query Identifier, which looks like is
just a unique number for each request.

When I enable forwarding, everything works fine, but I don't want to rely on
an external nameserver. That's not really the issue, I just thought I would
throw that in. I mainly would like to understand the issue because I'm kind
of compulsive in that way.

I tried removing DNS service and re-installing. Same behavior.

As a client, if I set the DNS server to another box like root, it works
fine.

Default root server list, default settings, default security, vanilla setup.
Internal domain name resolution(just one domain) also works fine.

Anyone seen this one?

Thanks again.

-Dave
 
In
posted their thoughts said:
Hi all. Thanks in advance for your replies.

Perplexing DNS Problem on W2K, SP4, DC (though this happened pre-SP4
as well)

Any queries for external addresses timeout. Looking at the trace in
netmon, the reply always comes back that the authority is:

com.

when I try something like www.lycos.com. When I trace the same thing
on another W2K/DC/DNS box, the query comes back as expected, with a
referral to the NS for that domain. The problematic box re-sends the
query into each of the com. servers, which all reply back that the
authority for that domain is com. Eventually the request times out.

I have investigated the request packet from both boxes, and the
packet is identical byte for byte except for the Query Identifier,
which looks like is just a unique number for each request.

When I enable forwarding, everything works fine, but I don't want to
rely on an external nameserver. That's not really the issue, I just
thought I would throw that in. I mainly would like to understand the
issue because I'm kind of compulsive in that way.

I tried removing DNS service and re-installing. Same behavior.

As a client, if I set the DNS server to another box like root, it
works fine.

Default root server list, default settings, default security, vanilla
setup. Internal domain name resolution(just one domain) also works
fine.

Anyone seen this one?

Thanks again.

-Dave
Click to expand...

Recommended is to use a Forwarder. More efficient and less work on your own
servers. Just use your ISP's DNS for the forwarder. What your system is
doing when using the Roots, it needs to determine who has records of "com"
names, then it queries down the hierarchal tree. Just use a forwarder and
all that extra traffic will be gone.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
posted their said:
Wanting to understand the root cause of a problem is not a
bad thing. Quite the contrary.

If you want us to help you to work out what the problem is, you are
going to have to give us a much better description of what is
happening than you have, however. In particular:

When you say


what, exactly, does that mean ? What are the actual resource record
sets in the response ? Where is the reply "coming back" from and
whence is it heading ?

I have an educated guess that


is your problem (and that an offhand remark that Ace Fekay made
recently is right), but you need to provide concrete data in
order for proper problem diagnosis to be performed.
Click to expand...
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/problem-report-standa
rd-litany.html>

Yes, an accurate and complete description is always essential in problem
reporting. Eliminates guessing!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top