Cant resolve root hints

[Jasper Recto]

I have a DNS server behind an ISA firewall. It's setup to use forwarders.
Under the root hints, I have a bunch of root hints that have an Unknown IP
address. When I try to resolve it, I get this error:
"An IP address associated with the given NS (name server) record cannot be
found." There are 3 root hints that have an IP address associated with it.
When I try to resolve the root hint server name, I get the same message even
though it already has the associated IP address.

Any ideas on why this is happening?

Thanks,
Jasper

 

[Kevin D. Goodknecht]

In

I have a DNS server behind an ISA firewall. It's setup to use
forwarders. Under the root hints, I have a bunch of root hints that
have an Unknown IP address. When I try to resolve it, I get this
error: "An IP address associated with the given NS (name server)
record cannot be found." There are 3 root hints that have an IP
address associated with it. When I try to resolve the root hint
server name, I get the same message even though it already has the
associated IP address.

Any ideas on why this is happening?

Thanks,
Jasper

Check your firewall rules, it sounds that your DNS is unable to reach an
external recursive DNS. Or your root hints are corrupted.
316341 - HOW TO: Troubleshoot DNS Name Resolution on the Internet in Windows
2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;316341&Product=win2000

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
http://www.lonestaramerica.com/
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
--
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Ace Fekay [MVP]]

I agree it's with the ISA rules. I would also suggest to post this question
in the ISA newsgroup to better help out.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Michael Johnston [MSFT]]

It sounds to me like you cache.dns file may be corrupt or have incorrect entries. Do you have any other difficulties with name resolution through ISA? ISA
doesn't discriminate DNS queries. It's either all or nothing. The only thing that may have an effect is that if any of your site and contenct rules limit by destation
name. For instance, if you have a deny rule for certain sites, ISA will then attempt reverse lookups against any IP address you are trying to connect to before it
will allow the packet through. This could cause problems with all connectivity through ISA not just DNS so unless you are having other connectivity problems
through ISA, my hunch is that ISA isn't the cuprit here. How exactly are you attempting to resolve the reverse lookups? You may try clearing the DNS cache on
your DNS server and removing the forwarders.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Jasper Recto]

I have no problems with ISA or name resolutions. I can do nslookups or
pings without any problem. I extracted the cache.dns file from the i386
file. That did not resolve it. I went ahead and removed the forwarders and
cleared the cache but that didn't work either. The way I try to resolve it
is in the DNS properties. When you edit a root hint, it gives you the
option to manually enter the IP address or have it automatically resolve it.
I have no deny rules in ISA.

Any ideas?

Thanks,
Jasper

It sounds to me like you cache.dns file may be corrupt or have incorrect

entries. Do you have any other difficulties with name resolution through
ISA? ISA

doesn't discriminate DNS queries. It's either all or nothing. The only

thing that may have an effect is that if any of your site and contenct rules
limit by destation

name. For instance, if you have a deny rule for certain sites, ISA will

then attempt reverse lookups against any IP address you are trying to
connect to before it

will allow the packet through. This could cause problems with all

connectivity through ISA not just DNS so unless you are having other
connectivity problems

through ISA, my hunch is that ISA isn't the cuprit here. How exactly are

you attempting to resolve the reverse lookups? You may try clearing the DNS
cache on

your DNS server and removing the forwarders.

Thank you,
Mike Johnston
Microsoft Network Support

rights. Use of included script samples are subject to the terms specified at

http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this

message are best directed to the newsgroup/thread from which they
originated.