hidden hit counter
Help!

Strange DNS forwarding issues

 
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> DNS RSS
Next:  PERFLIB Error after installing ASP.NET 2.0  
Author Message
cqmman
External


Since: Feb 14, 2007
Posts: 4



PostPosted: Wed Feb 14, 2007 7:54 am    Post subject: Strange DNS forwarding issues
Archived from groups: microsoft>public>win2000>dns (more info?)

Hello,

I have a domain controller running Windows 2000, and DNS. The DNS is
configured with about five forwards. The two on the top of the list
are external addresses (to COMPANYA), and the others are internal.

I also have a windows 2003 server which is a member of the domain (not
a DC) and configured to point to the DC for DNS.

I am having a strange problem where intermittently (maybe for a few
hours at a time) if I try and ping servera.companya, it cannot be
resolved (unkonwn host). If I use nslookup, the request times out.

If however, I use nslookup, connect directly to the server at the top
of the forwarding list, and then try and resovle the name, it resolves
fine.

So, the server that I forwarding to can resolve the name, but my local
DC resolves sometimes and not others. There are not changes being made
to the network at these times as far as we are aware, and it seems
like the remote side is working (since NSLOOKUP works when connected
directly).

So any ideas?

Cheers
Back to top
cqmman
External


Since: Feb 14, 2007
Posts: 4



PostPosted: Wed Feb 14, 2007 8:06 am    Post subject: Re: Strange DNS forwarding issues [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Looking into this futher, when I connect to the remote server and do
an NSLOOKUP, I get the following:



> server 10.176.1.12
Default Server: serverb.companya
Address: 10.176.1.12

> servera.companya
Server: [10.176.1.12]
Address: 10.176.1.12

DNS request timed out.
timeout was 10 seconds.
Name: serverb.companyb
Address: 10.176.1.12
Aliases: servera.companya
>


So why do I have a timeout and an address? Is it that the timeout is
an attempt from the local DNS? With the server command, I thought it
would try the remote server first?

Cheers
Back to top
cqmman
External


Since: Feb 14, 2007
Posts: 4



PostPosted: Wed Feb 14, 2007 12:30 pm    Post subject: Re: Strange DNS forwarding issues [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

On 14 Feb, 14:48, "Kevin D. Goodknecht Sr. [MVP]"
wrote:

>
> The Problem with the way you have forwarding set up is that in Windows 2000,
> which does not support conditional forwarding, if you have a list of
> forwarders it will go through the forwarding list one time, or use it
> forwarding timeout setting, to decide when to use root hints. If any one of
> the servers being forwarded to answers (Either negatively or positively) the
> query stops. It will not go through the list just to find a DNS server that
> answer positively. Any answer is acceptable for the DNS server, even if it
> uses recursion. Under Windows 2000, if there are any domains it must answer
> for that cannot be found by going to the Root Servers, you would need a
> Secondary zone for that domain, and all forwarders would need to be external
> DNS servers that can resolve all internet names.
> Windows Server 2003, introduced Conditional Forwarding and Stub zones for
> this situation.


Thanks Kevin. I thought that Windows 2000, even though it doesn't
forward conditionally, would still use the first server in the list
though (this being one of the servers that can authenticate the
address)? Just to confirm, is this not the case, and can Windows 2000
go to a server other than the first in the list, even if the first in
the responds?

Cheers
Back to top
Kevin D. Goodknech1
External


Since: Jun 20, 2004
Posts: 1397



PostPosted: Wed Feb 14, 2007 1:48 pm    Post subject: Re: Strange DNS forwarding issues [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

cqmman wrote:
> Looking into this futher, when I connect to the remote server and do
> an NSLOOKUP, I get the following:
>
>
>
>> server 10.176.1.12
> Default Server: serverb.companya
> Address: 10.176.1.12
>
>> servera.companya
> Server: [10.176.1.12]
> Address: 10.176.1.12
>
> DNS request timed out.
> timeout was 10 seconds.
> Name: serverb.companyb
> Address: 10.176.1.12
> Aliases: servera.companya
>>
>
>
> So why do I have a timeout and an address? Is it that the timeout is
> an attempt from the local DNS? With the server command, I thought it
> would try the remote server first?

The Problem with the way you have forwarding set up is that in Windows 2000,
which does not support conditional forwarding, if you have a list of
forwarders it will go through the forwarding list one time, or use it
forwarding timeout setting, to decide when to use root hints. If any one of
the servers being forwarded to answers (Either negatively or positively) the
query stops. It will not go through the list just to find a DNS server that
answer positively. Any answer is acceptable for the DNS server, even if it
uses recursion. Under Windows 2000, if there are any domains it must answer
for that cannot be found by going to the Root Servers, you would need a
Secondary zone for that domain, and all forwarders would need to be external
DNS servers that can resolve all internet names.
Windows Server 2003, introduced Conditional Forwarding and Stub zones for
this situation.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Back to top
Kevin D. Goodknech1
External


Since: Jun 20, 2004
Posts: 1397



PostPosted: Wed Feb 14, 2007 4:47 pm    Post subject: Re: Strange DNS forwarding issues [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

cqmman wrote:
> On 14 Feb, 14:48, "Kevin D. Goodknecht Sr. [MVP]"
> wrote:
>
>>
>> The Problem with the way you have forwarding set up is that in
>> Windows 2000, which does not support conditional forwarding, if you
>> have a list of forwarders it will go through the forwarding list one
>> time, or use it forwarding timeout setting, to decide when to use
>> root hints. If any one of the servers being forwarded to answers
>> (Either negatively or positively) the query stops. It will not go
>> through the list just to find a DNS server that answer positively.
>> Any answer is acceptable for the DNS server, even if it uses
>> recursion. Under Windows 2000, if there are any domains it must
>> answer for that cannot be found by going to the Root Servers, you
>> would need a Secondary zone for that domain, and all forwarders
>> would need to be external DNS servers that can resolve all internet
>> names.
>> Windows Server 2003, introduced Conditional Forwarding and Stub
>> zones for this situation.
>
>
> Thanks Kevin. I thought that Windows 2000, even though it doesn't
> forward conditionally, would still use the first server in the list
> though (this being one of the servers that can authenticate the
> address)? Just to confirm, is this not the case, and can Windows 2000
> go to a server other than the first in the list, even if the first in
> the responds?

Actually, the DNS service will stick to the Forwarder that provides an
answer, no matter where it is in the list, if one forwarder times out(no
answer) it will move to the next forwarder in the list, if the next
forwarder provides an answer it uses it until it times out. The problem for
you is, that it may not get back around to the first forwarder, before the
Forwarding timeout expires, and it starts using recursion itself and goes to
the root hints.

Now, if you check the box "Do not use recursion" the DNS server will use
only its forwarders, and will not use root hints. But this cannot guarantee
that one of the other servers being used as a forwarder answer the query,

I recommend that if there is a domain that cannot be reached through the
internet root, that you add a secondary zone for that domain on the Win2k
DNS server.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Back to top
cqmman
External


Since: Feb 14, 2007
Posts: 4



PostPosted: Thu Feb 15, 2007 5:57 am    Post subject: Re: Strange DNS forwarding issues [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)

Brilliant.

Using your information, I removed some unecessary forwarders, and it
seems to be fine now. Will know in a few days, but so far, all looking
good.

Thanks VM!
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> DNS All times are: Eastern Time (US & Canada)
Page 1 of 1

 
You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum