DNS Forwarding problem

[Ed]

Hi all,

Having a problem that I have not been able to resolve -
we are intermittantly losing name resolution to the
Internet. Web browsing will work fine for a period of
time and then just stop for anywhere from 30 seconds to 5
minutes. This has been going on for several weeks but has
become worse over the past week. Here's my setup:

Single W2K SP4 server
- DC
- DNS
- AV server
- 2 NICs (one GB adapter w/ static IP, one 100MB w/
APIPA address assigned (not in use).

DNS is setup as AD-integrated and configured to forward
external queries to external (our ISP) DNS servers.

35 Windows XP SP2 workstations

During these stoppages I can ping IP addresses on the
Internet but cannot ping www.xxxx.xxx. Our firewall
appears to be operating normally and I can't find any
viruses or spyware on the server or workstations. It
appears to be a Windows DNS problem; during these
outages, I can connect a non-domain connected laptop to
the network and access the Internet without any problems
provided I use the external DNS addresses.

Any suggestions? It's starting to really impact day-to-
day operations.

Thanks

 

[William Stacey [MVP]]

I would start NetMon'ing the DNS server to catch one of these issues where
the server does not reply with answer. After using NetMon for awhile, you
should be able to filter for just the dns packets or start and stop captures
at the right time to see what is going on. My quess would be some router
issue and/or related interface issue (where reply arrives on wrong
interface, etc.)

 

[Ed]

Ok, I ran netmon and and got lucky enough to catch one of
these "incidents" - it appears that the ISP's DNS server
is responding to my local DNS server with a "Server
Failure" notification (RCode = Server Failure). When it
happens, both of their DNS servers return this code.

Any thoughts?

Thanks

 

[William Stacey [MVP]]

Could be the format of the request is bad and they return SrvFail instead of
FormErr or they indeed have some internal error (i.e. internal exception,
their forwarder or NS not replying, etc.) Use dig or NetDig to make
directed queries using this name to their server to see if it happens every
time. If so, and you believe it should not, then email the dig output to
the ISP, see what version of bind or ms dns they run, etc.

 

[Ed]

Thanks for the info - is there any additional
documentation for this app - I think I'm doing something
wrong as I can never resolve the ISP's DNS.

Thanks

 

[William Stacey [MVP]]

All doco in with the Build in html files. look at one for dig.html I think.
You could also use my NetDig 2.5 at www.mvptools.com. for easy GUI version
of dig. Makes it easy to copy the output window to email too. Does require
Framework 1.1 be installed before use however, but is one exe ( one for GUI,
one for console) so easy to move around, copy, etc.

 

[Ed]

Well, looks like the problem has resolved itself - I
removed all of the Forwarder information and simply let
Windows DNS perform recursive queries to whatever DNS
server it can contact - looks like it is the ISP's
problem. While surfing is not consistently as crisp as it
was using the Forwarders (when they resolved correctly),
it is much more reliable and fast most of the time.

Any idea what could be going on with the ISP's DNS
servers? I'm a little weak on the finer points of DNS (at
least for Internet resolution) so I don't know that I
would be able to recognize the cause, only the symptoms

Thanks for your help....

 

[William Stacey [MVP]]

Well, looks like the problem has resolved itself - I

removed all of the Forwarder information and simply let
Windows DNS perform recursive queries to whatever DNS
server it can contact - looks like it is the ISP's
problem.

I know this is just a typo thing, but when you remove all forwarders, the
DNS server does not send recursive queries any longer - only non-recursive
or iterative queries. Just a note...

While surfing is not consistently as crisp as it
was using the Forwarders (when they resolved correctly),
it is much more reliable and fast most of the time.

Sounds good. Total side note...I just got 18th hole tickets to the Rider
Cup tommorow!!! Cheers!