M
Mick
I've been looking at this for most of the afternoon and I'm hoping someone
can save my sanity.
I found I couldn't get onto www.symantec.com.au using Internet Explorer. I
did an nslookup from my PC and it timed out. I tried if from the 2003
AD/DNS server, timeout also. Checked my forwarders and changed the nslookup
to each one of my forwarders in turn and nslookup was fine. Changed
nslookup back to 2003 server and still timeout for www.symantec.com.au .
Tried any other site and no problem. We have about 600 users on this
network and no one else is complaining.
I turned on DNS logging. I can see the queries go out the first forwarder
and then the second forwarder, but no reply.
I next setup our CISCO 6509 to do port monitoring of the server port and
used Ethereal to capture DNS packets. Same thing as the log, I can see DNS
queries being sent to the forwarders, but no replies. All other domains
appear to work, and when I change nslookup to go directly to the forwarder I
see the query and get an immediate reply.
On Ethereal the two queries seem very similiar, the only difference I have
noted is the query going via 2003 has an additional RR with some info such
as Name: <Root> Type: EDNS0 option, ...
I'm the first to admit I'm no DNS guru, and am hoping someone can explain to
me why I can resolve this address when talking directly to the forwarders,
but not via my 2003 DNS server.
Hoping someone can give me some clues. Thanks in advance.
can save my sanity.
I found I couldn't get onto www.symantec.com.au using Internet Explorer. I
did an nslookup from my PC and it timed out. I tried if from the 2003
AD/DNS server, timeout also. Checked my forwarders and changed the nslookup
to each one of my forwarders in turn and nslookup was fine. Changed
nslookup back to 2003 server and still timeout for www.symantec.com.au .
Tried any other site and no problem. We have about 600 users on this
network and no one else is complaining.
I turned on DNS logging. I can see the queries go out the first forwarder
and then the second forwarder, but no reply.
I next setup our CISCO 6509 to do port monitoring of the server port and
used Ethereal to capture DNS packets. Same thing as the log, I can see DNS
queries being sent to the forwarders, but no replies. All other domains
appear to work, and when I change nslookup to go directly to the forwarder I
see the query and get an immediate reply.
On Ethereal the two queries seem very similiar, the only difference I have
noted is the query going via 2003 has an additional RR with some info such
as Name: <Root> Type: EDNS0 option, ...
I'm the first to admit I'm no DNS guru, and am hoping someone can explain to
me why I can resolve this address when talking directly to the forwarders,
but not via my 2003 DNS server.
Hoping someone can give me some clues. Thanks in advance.