W2K domain using W2K DNS forwarder. 99.9% of the time, DNS life is perfect. But every once in awhile, the early morning users report Internet access problems, which always turns out to be DNS. Successful ping to our ISP's DNS servers, but NSLOOKUP fails to contact them. By dumb luck, found that changing DNS settings on our DNS server will suddenly clear the problem. Example: Initially set up with:
DNS Servers . . . . . . . . . . . : 192.168.100.24 (self
192.168.1.72 (DC
If I just add another DNS server at the end, or remove a DNS server, or just about any change at all on the DNS tab, then suddenly DNS clients of this DNS server can get names resolved. Seems to only go wrong during the night (no users). NSLOOKUP and DNSLint both show failure to get anything from our ISP's DNS servers. DNSLint shows that neither UDP 53 nor TCP 53 are responding. Until I tweak the DNS settings. Then all is well. Any suggestions? TIA

In news:641BEF01-7B32-447D-B548-(E-Mail Removed),
MS <(E-Mail Removed)> posted their thoughts, then I
offered mine
> W2K domain using W2K DNS forwarder. 99.9% of the time, DNS life is
> perfect. But every once in awhile, the early morning users report
> Internet access problems, which always turns out to be DNS.
> Successful ping to our ISP's DNS servers, but NSLOOKUP fails to
> contact them. By dumb luck, found that changing DNS settings on our
> DNS server will suddenly clear the problem. Example: Initially set
> up with:
> DNS Servers . . . . . . . . . . . : 192.168.100.24 (self)
> 192.168.1.72 (DC)
> If I just add another DNS server at the end, or remove a DNS server,
> or just about any change at all on the DNS tab, then suddenly DNS
> clients of this DNS server can get names resolved. Seems to only go
> wrong during the night (no users). NSLOOKUP and DNSLint both show
> failure to get anything from our ISP's DNS servers. DNSLint shows
> that neither UDP 53 nor TCP 53 are responding. Until I tweak the DNS
> settings. Then all is well. Any suggestions? TIA.

May want to change it this way:

> DNS Servers . . . . . . . . . . . : 192.168.1.72 (DC)
> 192.168.100.24 (self)

For a forwarder, make sure each DNS server is INDIVIDUALLY forwarding to the
ISP and not to each other, or a forwarding loop will occur.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Thanks for the suggestion. I have tried that (DNS search order: DC first, then self), and still had the problem. And my DNS servers are forwarding separately to the ISP

Latest attempt: I set up a separate DNS server as a forwarder that had no association with any other DNS server on our network - just forwarding to the ISP's DNS servers. (In fact, it did nothing else: just DNS forwarding.) Then I set up a couple of clients to use just this one DNS server. The next time DNS stopped working, it stopped working on both DNS forwarders. (The ISP assured me their servers were fine, and I had no trouble pinging them.) As before, DNSLint showed no response for TCP 53 nor UDP 53 - from either forwarders nor from our ISP's name servers. But after a quick tweak to the settings on our main (original) DNS (removed a bogus extraneous DNS server I had added at the end of the list for this very purpose), suddenly both DNS forwarders were able to resolve names. Very strange.

Maybe the bogus forwarder was causing the problem. The way the forwarders
work is similar to the DNS client resolver service when there are multiples
in the list, if the first one won't answer, then it removes it from
consideration from the eligible resolvers list, then goes to the next in the
list. If that doesn't answer, it goes on down the list till the bottom one.
It will not start over again unless you restart the DNS service.

Keep in mind some DNS servers have the RA (recursion available) bit turned
off which means it will not answer forwarded queries. Some ISPs do that.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

"MS" <(E-Mail Removed)> wrote in message
news:7D011587-109B-43DF-BDC1-(E-Mail Removed)...
> Thanks for the suggestion. I have tried that (DNS search order: DC first,
then self), and still had the problem. And my DNS servers are forwarding
separately to the ISP.
>
> Latest attempt: I set up a separate DNS server as a forwarder that had no
association with any other DNS server on our network - just forwarding to
the ISP's DNS servers. (In fact, it did nothing else: just DNS forwarding.)
Then I set up a couple of clients to use just this one DNS server. The next
time DNS stopped working, it stopped working on both DNS forwarders. (The
ISP assured me their servers were fine, and I had no trouble pinging them.)
As before, DNSLint showed no response for TCP 53 nor UDP 53 - from either
forwarders nor from our ISP's name servers. But after a quick tweak to the
settings on our main (original) DNS (removed a bogus extraneous DNS server I
had added at the end of the list for this very purpose), suddenly both DNS
forwarders were able to resolve names. Very strange.