| Author |
Message |
Xignals
Guest
|
 Posted:
Thu Jan 20, 2005 9:57 pm Post subject:
Strange DNS problem |
|
|
I have a Windows 2003 AD network with about 50 machines. My DNS
server will stop resolving internet names after about 4 days. Stoping
and restarting it will cure the problem but for only 4-5 days. I have
an ISA server up and running with no problems. All machines are
firewall and proxy clients. The only machine affected by this problem
is our SQL server. It is set to read data from a remote office over
the internet. When DNS stops working e-mail from sql server stops
working and jobs that require data from the remote office fail.
Stopping and restarting the DNS service cures the problem but only for
4 or 5 days. None of the other machines are affected. All internal
networking continues to run fine, I can ping all machines and nslookup
resolves local names. ISA server works fine when DNS stops working as
the DNS server is just for AD. I did set up forwarders and punched a
hole in ISA for DNS quires but all that did was alow me to do nslookup
from clients machines and did not solve the problem. When DNS quits
working nslookup will reslove local names but timeout on internet
names.
Event Viewer for DNS is clear no errors reported.
Query tests when DNS is working both PASS.
When DNS is not working a simple query to my DNS server will PASS,
and recursive query FAILS.
Thought about creating a batch file that will stop and start DNS every
couple of days but I would like to solve this mystery.
THe DNS server in question is a Domain controller that does DHCP as
well as DNS. WINS is running but is not being used by client
machines. I did try setting WINS on the SQL machine but it still
times out when DNS stops working. Should I pull DNS from this machine
and try another? I have one other DC.
Should also mention that the server in question was upgraded from NT4
that did not have DNS running before the upgrade. |
|
| Back to top |
|
 |
Roger Abell
Guest
|
| Posted:
Fri Jan 21, 2005 7:00 pm Post subject:
Re: Strange DNS problem |
|
|
If you tried to resolve this when you "set up forwarders and punched a
hole in ISA for DNS quires " , how did this DNS on the DC resolve the
external names before doing this? It was before doing this that the every
4-5 day external resolution would fail, right?
If there were forwarders defined to begin with, have you confirmed
that they all accept recursive queries?
Instead of restarting DNS server when it goes bonkers, have you looked
at its cache and perhaps tried clearing its cache?
When the DNS has hosed up regarding external names, it is that way
for any external name that you try? When you use nslookup against
this hosed up DNS what do you get for an external name - bad data
or no such host response?
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Xignals" <xignals> wrote in message
news:q3lvu0de85ar18ubncmrr1htkl1uf3qe43@4ax.com...
| Quote: | I have a Windows 2003 AD network with about 50 machines. My DNS
server will stop resolving internet names after about 4 days. Stoping
and restarting it will cure the problem but for only 4-5 days. I have
an ISA server up and running with no problems. All machines are
firewall and proxy clients. The only machine affected by this problem
is our SQL server. It is set to read data from a remote office over
the internet. When DNS stops working e-mail from sql server stops
working and jobs that require data from the remote office fail.
Stopping and restarting the DNS service cures the problem but only for
4 or 5 days. None of the other machines are affected. All internal
networking continues to run fine, I can ping all machines and nslookup
resolves local names. ISA server works fine when DNS stops working as
the DNS server is just for AD. I did set up forwarders and punched a
hole in ISA for DNS quires but all that did was alow me to do nslookup
from clients machines and did not solve the problem. When DNS quits
working nslookup will reslove local names but timeout on internet
names.
Event Viewer for DNS is clear no errors reported.
Query tests when DNS is working both PASS.
When DNS is not working a simple query to my DNS server will PASS,
and recursive query FAILS.
Thought about creating a batch file that will stop and start DNS every
couple of days but I would like to solve this mystery.
THe DNS server in question is a Domain controller that does DHCP as
well as DNS. WINS is running but is not being used by client
machines. I did try setting WINS on the SQL machine but it still
times out when DNS stops working. Should I pull DNS from this machine
and try another? I have one other DC.
Should also mention that the server in question was upgraded from NT4
that did not have DNS running before the upgrade. |
|
|
| Back to top |
|
|
Xignals
Guest
|
| Posted:
Fri Jan 21, 2005 9:30 pm Post subject:
Re: Strange DNS problem |
|
|
On Fri, 21 Jan 2005 06:00:57 -0700, "Roger Abell" <mvpNOSpam@asu.edu>
wrote:
| Quote: | If you tried to resolve this when you "set up forwarders and punched a
hole in ISA for DNS quires " , how did this DNS on the DC resolve the
external names before doing this?
|
All clients are firewall and proxy clients of ISA. In cluding the
servers. ISA was doing all the DNS external work.
| Quote: | It was before doing this that the every
4-5 day external resolution would fail, right?
|
Yes, it actually failed right after the upgrade. In a last ditch
effort to fix our SQL server I stoped and started DNS and that solved
the problem.
| Quote: | If there were forwarders defined to begin with, have you confirmed
that they all accept recursive queries?
|
Forwarders were not involved in the begining. I did this later to try
and find a solution.
| Quote: | Instead of restarting DNS server when it goes bonkers, have you looked
at its cache and perhaps tried clearing its cache?
|
Yes. Tried clearing the cache to no avail.
| Quote: | When the DNS has hosed up regarding external names, it is that way
for any external name that you try?
|
Yes. Any site external to our domain fails with a timeout. Tried
setting the timeout to 30 seconds and it would still fail. All
internal names resolve just fine.
| Quote: | When you use nslookup against
this hosed up DNS what do you get for an external name - bad data
or no such host response?
|
I want to say it just times out. It has been a while since we
actually checked nslookup when we have this problem. We just reset
DNS servers and be done with it. But I have put the other admin on
notice to check nslookup when the problem happens again.
Thanks so much for the help. I was hoping this was a case of a little
known problem with DNS and upgrading from a NT4 domain. I guess this
is not the case.
Thanks again. |
|
| Back to top |
|
|
Roger Abell
Guest
|
| Posted:
Sat Jan 22, 2005 6:13 pm Post subject:
Re: Strange DNS problem |
|
|
"Xignals" <xignals> wrote in message
news:e162v0tth971kj56r0ggsvi66hvmnqetpn@4ax.com...
| Quote: | On Fri, 21 Jan 2005 06:00:57 -0700, "Roger Abell" <mvpNOSpam@asu.edu
wrote:
If you tried to resolve this when you "set up forwarders and punched a
hole in ISA for DNS quires " , how did this DNS on the DC resolve the
external names before doing this?
All clients are firewall and proxy clients of ISA. In cluding the
servers. ISA was doing all the DNS external work.
|
So your only used DNS service is on ISA ?
You previously said that
<quote>
THe DNS server in question is a Domain controller that does
DHCP as well as DNS. WINS is running but is not being used
by client machines.
</quote>
I read your intial post assuming that you were using DNS on the
W2k3 DC (for all domain joined machines), and that this then
worked external queries (perhaps by forwarding to ISA).
But, if all your machines are pure ISA clients, then they are
pointing to ISA for DNS services. You indicate internal name
resolution is rock solid through this all, so how are the internal
zones that support AD accessed?
more at end
| Quote: |
It was before doing this that the every
4-5 day external resolution would fail, right?
Yes, it actually failed right after the upgrade. In a last ditch
effort to fix our SQL server I stoped and started DNS and that solved
the problem.
If there were forwarders defined to begin with, have you confirmed
that they all accept recursive queries?
Forwarders were not involved in the begining. I did this later to try
and find a solution.
Instead of restarting DNS server when it goes bonkers, have you looked
at its cache and perhaps tried clearing its cache?
Yes. Tried clearing the cache to no avail.
When the DNS has hosed up regarding external names, it is that way
for any external name that you try?
Yes. Any site external to our domain fails with a timeout. Tried
setting the timeout to 30 seconds and it would still fail. All
internal names resolve just fine.
When you use nslookup against
this hosed up DNS what do you get for an external name - bad data
or no such host response?
I want to say it just times out. It has been a while since we
actually checked nslookup when we have this problem. We just reset
DNS servers and be done with it. But I have put the other admin on
notice to check nslookup when the problem happens again.
Thanks so much for the help. I was hoping this was a case of a little
known problem with DNS and upgrading from a NT4 domain. I guess this
is not the case.
Thanks again.
|
What is unclear to me, and what must be determined, is what is
the resolution path of a query from a client (like SQL Server).
It is configured with its DNS server(s) in Tcp/Ip being ?
What DNS service forwards where ? Are you actually running
DNS service on the ISA or is it only proxying DNS? What is
set in ISA's Tcp/Ip properties as the DNS servers?
With not DNS installed on NT4 and NT4 upgraded, you should
have ended up with a pure up-to-date DNS service.
There are no issue related to this that I have noticed . . .
--
Roger |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in