| Author |
Message |
Daniel Mendes
Guest
|
 Posted:
Sun Jan 02, 2005 7:39 am Post subject:
DNS Server eventually doesn't resolve |
|
|
Hi folks,
I'm in sort of trouble trying to figure this one out (not a DNS expert!).
We're running a single server with SBS 2003, and all the configuration was
done through its wizards, including Internet access.
The server has two NICs as follows:
Internal network (LAN):
IP address 192.168.16.2,
Mask 255.255.255.0,
No default gateway,
192.168.16.2 as unique DNS server
External network (ADSL modem):
IP address 200.204.179.15 (fixed, given by ISP)
Mask 255.255.255.0,
Gateway 200.204.179.1,
192.168.16.2 as unique DNS server.
The DNS Client service isn't running on the server.
Most all of the domains accessed by the network clients are browsed OK, but
there are some - google.com, trendmicro.com, to name popular ones - that are
rarely resolved; even on the server itself, it just shows the popular
(unpopular, that is!) "page not found" error page.
We've already re-run the SBS 2003 wizard 2 times to confirm everything is
configured appropriately, but still the same thing happens. On this wizard,
the DNS servers for our ISP are configured (200.204.0.10 primary,
200.204.0.138 secondary).
When we use nslookup to resolve the domains mentioned, the same happens:
it's rare the correct name resolution for them.
I use the very same ISP DNS servers at home, also on an ADSL link, and the
problematic domains are always resolved perfectly - so I believe they're not
the issue.
Could you please try to give us hints on where to look for configuration
issues on our server? We're about to hire an external consultant to fix it,
but it might be something we can do ourselves.
Thank you very much,
Daniel Mendes |
|
| Back to top |
|
 |
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Sun Jan 02, 2005 7:39 am Post subject:
Re: DNS Server eventually doesn't resolve |
|
|
In news:OjPUuOG8EHA.824@TK2MSFTNGP11.phx.gbl,
Daniel Mendes <danielcasa@globo.com> commented
Then Kevin replied below:
| Quote: | Hi folks,
I'm in sort of trouble trying to figure this one out (not
a DNS expert!).
We're running a single server with SBS 2003, and all the
configuration was done through its wizards, including
Internet access.
The server has two NICs as follows:
Internal network (LAN):
IP address 192.168.16.2,
Mask 255.255.255.0,
No default gateway,
192.168.16.2 as unique DNS server
External network (ADSL modem):
IP address 200.204.179.15 (fixed, given by ISP)
Mask 255.255.255.0,
Gateway 200.204.179.1,
192.168.16.2 as unique DNS server.
The DNS Client service isn't running on the server.
Most all of the domains accessed by the network clients
are browsed OK, but there are some - google.com,
trendmicro.com, to name popular ones - that are rarely
resolved; even on the server itself, it just shows the
popular (unpopular, that is!) "page not found" error
page.
|
Do you have a PIX or similar firewall?
If you do, fix the PIX firewall to allow UDP packets over 512 bytes, or
disable EDNS on the server.
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&sd=RMVP
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Sun Jan 02, 2005 10:00 am Post subject:
Re: DNS Server eventually doesn't resolve |
|
|
In news:OWLDXrH8EHA.2700@TK2MSFTNGP14.phx.gbl,
Daniel Mendes <danielcasa@globo.com> commented
Then Kevin replied below:
| Quote: | Kevin,
We run the firewall included in SBS 2003 - so I manually
turned off EDNS0 and, at least for the time being, it
seems to work fine; I was able to update our TrendMicro
signature automatically (which was not working for days).
THANK YOU!
Now I just wonder why we never changed this configuration
from day 1 and it ceased to work, and if disabling
support for it doesn't mean we'll get slower traffic for
not being able to transmit bigger packets.
|
Did you install the version of TrendMicro that has the Firewall?
It is possible that it is limiting UDP packet size to 512 bytes. I will say
I don't know if the TrendMicro firewall does this, it is something you
should look into. If it does, increase the maximum UDP packet size to the
MTU of your link.
To check your MTU use this:
ping -f <gateway-at-ISP> -l <packetsize>
Example
W:\>ping -f 65.65.91.214 -l 1468
Pinging 65.65.91.214 with 1468 bytes of data:
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=110ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 100ms, Maximum = 110ms, Average = 102ms
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Daniel Mendes
Guest
|
| Posted:
Sun Jan 02, 2005 10:25 am Post subject:
Re: DNS Server eventually doesn't resolve |
|
|
Kevin,
We run the firewall included in SBS 2003 - so I manually turned off EDNS0
and, at least for the time being, it seems to work fine; I was able to
update our TrendMicro signature automatically (which was not working for
days). THANK YOU!
Now I just wonder why we never changed this configuration from day 1 and it
ceased to work, and if disabling support for it doesn't mean we'll get
slower traffic for not being able to transmit bigger packets.
(MTU size comes to mind, at least in my old days of Windows 98 and how to
improve traffic on an ADSL connection).
If you could ellaborate on this I'd appreciate, but again, thank you ***very
much*** for helping us solve our problem!
Regards,
Daniel Mendes
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:ukGjPjG8EHA.3076@TK2MSFTNGP15.phx.gbl...
| Quote: | In news:OjPUuOG8EHA.824@TK2MSFTNGP11.phx.gbl,
Daniel Mendes <danielcasa@globo.com> commented
Then Kevin replied below:
Hi folks,
I'm in sort of trouble trying to figure this one out (not
a DNS expert!).
We're running a single server with SBS 2003, and all the
configuration was done through its wizards, including
Internet access.
The server has two NICs as follows:
Internal network (LAN):
IP address 192.168.16.2,
Mask 255.255.255.0,
No default gateway,
192.168.16.2 as unique DNS server
External network (ADSL modem):
IP address 200.204.179.15 (fixed, given by ISP)
Mask 255.255.255.0,
Gateway 200.204.179.1,
192.168.16.2 as unique DNS server.
The DNS Client service isn't running on the server.
Most all of the domains accessed by the network clients
are browsed OK, but there are some - google.com,
trendmicro.com, to name popular ones - that are rarely
resolved; even on the server itself, it just shows the
popular (unpopular, that is!) "page not found" error
page.
Do you have a PIX or similar firewall?
If you do, fix the PIX firewall to allow UDP packets over 512 bytes, or
disable EDNS on the server.
828731 - An External DNS Query May Cause an Error Message in Windows
Server
2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;828731&sd=RMVP
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Daniel Mendes
Guest
|
| Posted:
Sun Jan 02, 2005 12:52 pm Post subject:
Re: DNS Server eventually doesn't resolve |
|
|
Kevin,
No, we're not using TrendMicro's firewall, just antivirus solutions for both
Windows 2003 Server and Exchange 2003 Server.
I did ping the gateway with the "-l 1468" switch and it did respond OK for
the four packets.
Thank you again,
Daniel
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:uo0QU%23H8EHA.3376@TK2MSFTNGP12.phx.gbl...
| Quote: | In news:OWLDXrH8EHA.2700@TK2MSFTNGP14.phx.gbl,
Daniel Mendes <danielcasa@globo.com> commented
Then Kevin replied below:
Kevin,
We run the firewall included in SBS 2003 - so I manually
turned off EDNS0 and, at least for the time being, it
seems to work fine; I was able to update our TrendMicro
signature automatically (which was not working for days).
THANK YOU!
Now I just wonder why we never changed this configuration
from day 1 and it ceased to work, and if disabling
support for it doesn't mean we'll get slower traffic for
not being able to transmit bigger packets.
Did you install the version of TrendMicro that has the Firewall?
It is possible that it is limiting UDP packet size to 512 bytes. I will
say
I don't know if the TrendMicro firewall does this, it is something you
should look into. If it does, increase the maximum UDP packet size to the
MTU of your link.
To check your MTU use this:
ping -f <gateway-at-ISP> -l <packetsize
Example
W:\>ping -f 65.65.91.214 -l 1468
Pinging 65.65.91.214 with 1468 bytes of data:
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=110ms TTL=63
Reply from 65.65.91.214: bytes=1468 time=100ms TTL=63
Ping statistics for 65.65.91.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 100ms, Maximum = 110ms, Average = 102ms
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in