NSLookup

[Mike]

HI all,

I have here on my network 3 DNS servers in a split-brain setup. 2 DNS are used for the internal and Active Directory integrated zones. The othe one is a public DNS used for outside request (on ISA server).

When a client from the internal does a NSLookup, like nslookup yahoo.com, it takes 3 times before it actually brings up the results correctly. It says " DNS request timed out". I have checked many installation guides and nothing seems to be wrong with my config. But I know that this issue is not normal.

Hope you guys can help,

Micahel

 

[Kevin D. Goodknecht [MVP]]

In

HI all,

I have here on my network 3 DNS servers in a split-brain setup. 2
DNS are used for the internal and Active Directory integrated zones.
The othe one is a public DNS used for outside request (on ISA
server).

When a client from the internal does a NSLookup, like nslookup
yahoo.com, it takes 3 times before it actually brings up the results
correctly. It says " DNS request timed out". I have checked many
installation guides and nothing seems to be wrong with my config. But
I know that this issue is not normal.

Hope you guys can help,

Micahel

Are the internal clients using the internal DNS servers?
Do the internal DNS servers have Forwarders defined?
Does the external DNS have a forwarder defined?

You may have a problem with your forwarders, let us know how you have
forwarding set up on all DNS servers.

 

[Mike]

The internal clients are using the internal DNS's
The internal DNS servers are using the external DNS as a Forwarder
The external DNS is using 3 different ISP DNS servers as Forawarders.

 

[Kevin D. Goodknecht [MVP]]

In

The internal clients are using the internal DNS's
The internal DNS servers are using the external DNS as a Forwarder
The external DNS is using 3 different ISP DNS servers as Forawarders.

This is about the normal configuration, what type of connection do you have
to the ISP?
You might want to try a different forwarder, if nslookup is timing out but
the query eventually resolves you are apparently having either forwarder
issues or link speed issues.
you can try these as forwarders to see if it resolves your issue. 4.2.2.1
and 4.2.2.2

 

[Mike]

I tried it and it still doesn't work.
For my internal DNS servers, do I need to do anything with the root hints? I
left by default. SHould I change anything?

Thanks

 

[Kevin D. Goodknecht [MVP]]

In

I tried it and it still doesn't work.
For my internal DNS servers, do I need to do anything with the root
hints? I left by default. SHould I change anything?

You may have to play around with this a little, I'm not sure the root hints
can be used on the internal DNS. On the Forwarders tab the is a check box
for "Do not use recursion" what this does is force the DNS server to use
only the defined forwarder and wait for a response, ignoring the root hints.
This is an easier option than trying to remove the root hints or changing
them. Do not confuse this box with "Disable recursion" on the Advanced tab,
that box will cause DNS to resolve only from it own zones.

But if you only use your external DNS for the forwarder it will give you a
single point of failure. (Which may be your problem) It makes your external
be responsible for all external resolution. If ISA will allow it or if you
can set up a rule try adding your ISP's DNS as a forwarder on the internal
DNS.
You can speed up the external DNS by installing a delegated secondary Root
Zone, a delegated Root Zone allows you DNS server to query directly to the
gTLD servers bypassing your ISP and the Root Hint servers.

To setup such a zone just specify the following "master
servers" for the "." secondary zone:

If you want to use ICANN (standard) roots

192.5.5.241
128.9.0.107
192.33.4.12

If you want to use ORSC (alternate) roots

199.166.29.2
195.206.104.13
199.5.157.128
199.166.24.1
199.166.24.12
204.57.55.100
199.166.28.10