DNS doesn't work, no one knows why!

[SPH]

I have two machines, one production, one development that sits at a
NOC. A few weeks ago, I lost DNS (wouldn't resolve) on development.
No biggy, just development. A few days ago, when I added ports 1433
and 1434 and rebooted production, DNS went out on that too. So I've
tried everything I can think of:

1) This is Windows 2000 Standalone Server – No Active Directory
or Domain Controller
2) DNS is configured as DNS client within TCP/IP properties
(entered the IPs of the DNS server)
3) Stopped and restarted the DNS client Service. No issues
there
4) Checked the Event log, nothing related to DNS in there
5) Checked the etc/hosts file and only saw localhost 127.0.0.1
defined
6) WINS isn't defined in TCP/IP, but I wouldn't think this
should matter
7) I checked the DNS servers on other machines and they work
fine other computers.
8) I tried defining other DNS servers and they don't work
either.
9) I can PING the DNS servers fine
10) I can PING other IPs fine (details below)
11) Nslookup fails to resolve (details below)
12) Details of IPConfig /all below
13) I tried disabling the disconnected NIC (detailed as connected
below)
14) I tried adding a Primary DNS Suffix (detailed as missing below)
15) I tried installing DNS within Windows, and enabling forwarders,
but this didn't work either.
16) I tried setting up WINS, but no luck there.


One option is to install the DNS service in Admin tools (setup Zones)
and configure that to see if it works. Since this is happening on
both servers, it seems quite odd. Thanks for any advice

Josh


PING RESULTS
C:\...>ping ###.##.##.##

Pinging ###.##.##.## with 32 bytes of data:

Reply from ###.##.##.##: bytes=32 time=31ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64

Ping statistics for ###.##.##.##:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 31ms, Average = 7ms

NSLOOKUP RESULTS

C:\....>nslookup yahoo.com
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address ###.##.##.##: Timed out
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address ###.##.##.##: Timed out
*** Default servers are not available
Server: UnKnown
Address: ###.##.##.##

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

IPCONFIG /ALL RESULTS
ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : hostserver
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Cable Disconnected
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server
Adapter (PI
LA8470B)
Physical Address. . . . . . . . . : 00-E0-81-23-##-##

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100+ Server
Adapter (PI
LA8470B) #2
Physical Address. . . . . . . . . : 00-E0-81-23-##-##
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : ###.##.##.##
Subnet Mask . . . . . . . . . . . : 255.255.255.192
IP Address. . . . . . . . . . . . : ###.##.##.##
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : ###.##.##.##
DNS Servers . . . . . . . . . . . : ###.##.##.##
###.##.##.##
Primary WINS Server . . . . . . . : ###.##.##.##
NetBIOS over Tcpip. . . . . . . . : Disabled


Thanks,

Josh

 

[Steve Davis]

I think you and I are suffering from the same
bug/virus/spyware/intrusion?

After installing SP4 I began having the same problems.
But today I checked and my Windows 2000 Server DNS is
resolving addresses, but incorrectly. I had to switch to
a UNIX DNS server to fetch the correct IP addresses for
this site, Microsoft.com. Here is what I get when I use
this, what seems to be infected Windows 2000 DNS Server
for www.microsoft.com

www.microsoft.com

Server: ns.zio.com
Address: xxx.xxx.xxx.xxx ;; my server

Non-authorative answer:
Name: www.microsoft.com
Address: 64.62.159.128 ;; wrong answer

If I check ARIN, they tell me that address is owned by
Vicajo Consultants dba Onefusion.com HURRICANE-CE0848-341
(NET-64-62-159-0-1)
64.62.159.0 - 64.62.159.255

And if I check any large companies, ebay.com, apple.com,
msn.com They all come back with similar answers.

When I change to what appears to be a non-infected DNS,
the answers are all correct and I get to the site I
intended.

Does anyone out there know what is going on? Or is this a
new hack?

 

[Herb Martin]

Very confusing wording below....try to clarify.

I have two machines, one production, one development that sits at a
NOC. A few weeks ago, I lost DNS (wouldn't resolve) on development.

Wouldn't resolve? What tools did you use and what
happened?

NSLookup?

No biggy, just development. A few days ago, when I added ports 1433
and 1434 and rebooted production, DNS went out on that too. So I've
tried everything I can think of:

"Added Ports" -- are you filtering with a Firewall?

1) This is Windows 2000 Standalone Server - No Active Directory
or Domain Controller

Is this a DNS server problem (or reading below) a DNS client
problem?

2) DNS is configured as DNS client within TCP/IP properties
(entered the IPs of the DNS server)

Irrelevant to the DNS server itself (as a DNS server) but that is
the way all clients need to be set.

Does that DNS server respond to an EXPLICIT NSLookup?

nslookup somegood.name.com IP.Addr.DNS.Srv

3) Stopped and restarted the DNS client Service. No issues
there

This only control client side caching so you can leave it
stopped if the DNS server is close by on the same
subnet -- it is important for WAN clients which don't
"live near" their DNS server.

4) Checked the Event log, nothing related to DNS in there

That would probably only apply to a DNS server. It is still
unclear whether you claim a DNS "Client" or DNS "Server"
problem.....

5) Checked the etc/hosts file and only saw localhost 127.0.0.1
defined

That's normal. Wouldn't interfer with any other name and the
hosts file is irrelevant to DNS servers.

6) WINS isn't defined in TCP/IP, but I wouldn't think this
should matter

Only by helping to resolve names even if DNS failed. It can
make troubleshooting more difficult because a broken DNS
server (or client configuration) will not necessarily show reliably.

7) I checked the DNS servers on other machines and they work
fine other computers.
8) I tried defining other DNS servers and they don't work
either.

What do you mean "didn't work" -- how do you test?

9) I can PING the DNS servers fine
10) I can PING other IPs fine (details below)
11) Nslookup fails to resolve (details below)

You aren't doing NSlookup EXPLICITLY in the samples
below. Add the IP of the "problem" DNS server and test
with another command to the "good" DNS server(s).

Your nslookups also look like you have several nameservers
configured (none of which answer) and that sounds like a
routing problem (but you can ping, right?)

We can't troubleshoot a routing problem without addresses,
masks, and gateway numbers.

Also, your test is against Yahoo.Com -- a public address,
are these DNS servers "hooked" to the public namespace
with either "root hints" or "forwarders" AND able to route
there?

Also, do the DNS servers have any zones of their own?
Test explicitly a FQDN for which the DNS server is
authoritative (and include the server address in the
NSLookup command too.)

12) Details of IPConfig /all below

Actually by taking out all the IPs we lose the chance to
see if you had sensible numbers in there.

13) I tried disabling the disconnected NIC (detailed as connected
below)

If you can ping the DNS server and you cannot resolve an
EXPLICIT NSlookup request that pretty must does indicate
a lookup failure so the goal is to isolate the problem to:

a) Server
b) client
c) path between (routing and filtering too)

14) I tried adding a Primary DNS Suffix (detailed as missing below)

Irrelevant except to "default lookups" when you don't supply
a full name.

15) I tried installing DNS within Windows, and enabling forwarders,
but this didn't work either.
16) I tried setting up WINS, but no luck there.


One option is to install the DNS service in Admin tools (setup Zones)
and configure that to see if it works. Since this is happening on
both servers, it seems quite odd. Thanks for any advice

Josh


PING RESULTS
C:\...>ping ###.##.##.##

Pinging ###.##.##.## with 32 bytes of data:

Reply from ###.##.##.##: bytes=32 time=31ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64
Reply from ###.##.##.##: bytes=32 time<10ms TTL=64

Ping statistics for ###.##.##.##:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 31ms, Average = 7ms

NSLookup with the same IPAddress you just used for ping.

Ping machine.domain.com ###.##.##.##

 

[Ace Fekay [MVP]]

In

I think you and I are suffering from the same
bug/virus/spyware/intrusion?

After installing SP4 I began having the same problems.
But today I checked and my Windows 2000 Server DNS is
resolving addresses, but incorrectly. I had to switch to
a UNIX DNS server to fetch the correct IP addresses for
this site, Microsoft.com. Here is what I get when I use
this, what seems to be infected Windows 2000 DNS Server
for www.microsoft.com

Server: ns.zio.com
Address: xxx.xxx.xxx.xxx ;; my server

Non-authorative answer:
Name: www.microsoft.com
Address: 64.62.159.128 ;; wrong answer

If I check ARIN, they tell me that address is owned by
Vicajo Consultants dba Onefusion.com HURRICANE-CE0848-341
(NET-64-62-159-0-1)
64.62.159.0 - 64.62.159.255

And if I check any large companies, ebay.com, apple.com,
msn.com They all come back with similar answers.

When I change to what appears to be a non-infected DNS,
the answers are all correct and I get to the site I
intended.

Does anyone out there know what is going on? Or is this a
new hack?

Check your HOSTS file. If it is filled with stuff other than what needs to
be there, which is just:
127.0.0.1 localhost
Then you got some sort of spyware/hijacker. INstall and Run Adaware 6.0 to
remove all spyware, then run an AV scan.
Then remove the extra entries in your HOSTS file, then if you have an NTFS
drive, set security as such:
Administrators Full Control
System Read Only

I've found that the spyware uses the System account to modify the HOSTS
file, since not always is an account logged in that has the ability to
change that file.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

I have two machines, one production, one development that sits at a
NOC. A few weeks ago, I lost DNS (wouldn't resolve) on development.
No biggy, just development. A few days ago, when I added ports 1433
and 1434 and rebooted production, DNS went out on that too. So I've
tried everything I can think of:

<snip>

Follow what Herb suggests.

Curious, why did you add 1433 and 1434? To what, your firewall to allow
outside requests inbound on those ports? They are the SQL ports and if your
machine does not have the SQLSlammer update, then you will get slammed. I've
noticed from one of my customer machines on my network that if slammed, it
floods the network with a UDP Flood on those ports. It causes many problems
besides just the fact that DNS won;t resolve, since it can get thru all the
traffic that thing produces. I would definitely shut down 1433 and 1434
inbound on your firewall.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Steve Davis]

Ace, see below your post.
Steve

Check your HOSTS file. If it is filled with stuff other than what needs to
be there, which is just:
127.0.0.1 localhost
Then you got some sort of spyware/hijacker. INstall and Run Adaware 6.0 to
remove all spyware, then run an AV scan.
Then remove the extra entries in your HOSTS file, then if you have an NTFS
drive, set security as such:
Administrators Full Control
System Read Only

I've found that the spyware uses the System account to modify the HOSTS
file, since not always is an account logged in that has the ability to
change that file.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

Ace,

Thanks for the reply, but perhaps I need to clarify a bit
more.

This is a Windows 2000 Server with SP4 and MBSA run
frequently, so it is all patched up. I do not use active
directory on it, since there is only one admin account
for ftping the file to it and SQL Enterprise manager lets
me do what I need to as either 'sa' or DNS1\Administrator.

It is used as a Primary DNS, Sql Server, and Web server
_only_. There are no shares. It has two 3COM NIC's in it.
1 is used for web addresses and the other for the three
DNS IP's.

I have attempted to disable Microsoft Networking on both
interface's, but if you are successful in doing this, DNS
Server will not start. So I have it enabled on both NIC's.

The lmhosts.sam file is the default, as is the HOSTS
file. No spyware was found on the drive. IE is restricted
from browsing on this machine, except for
windowsupdate.microsoft.com

There are some other quirky effects, but i still think
there is a fundamental problem with the DNS Server or the
registry where the dns files are saved, or the DNS Server
cache where some of the replies come from.
Perhaps I have corrupted the dns database by adding two
nic's or trying to remove MS Networking, or not having AD
installed.

Thanks for any advice you can give.

Steve Davis

ns.zio.com 63.108.129.93

 

[Ace Fekay [MVP]]

In

Ace, see below your post.
Steve




Ace,

Thanks for the reply, but perhaps I need to clarify a bit
more.

This is a Windows 2000 Server with SP4 and MBSA run
frequently, so it is all patched up. I do not use active
directory on it, since there is only one admin account
for ftping the file to it and SQL Enterprise manager lets
me do what I need to as either 'sa' or DNS1\Administrator.

It is used as a Primary DNS, Sql Server, and Web server
_only_. There are no shares. It has two 3COM NIC's in it.
1 is used for web addresses and the other for the three
DNS IP's.

I have attempted to disable Microsoft Networking on both
interface's, but if you are successful in doing this, DNS
Server will not start. So I have it enabled on both NIC's.

The lmhosts.sam file is the default, as is the HOSTS
file. No spyware was found on the drive. IE is restricted
from browsing on this machine, except for
windowsupdate.microsoft.com

There are some other quirky effects, but i still think
there is a fundamental problem with the DNS Server or the
registry where the dns files are saved, or the DNS Server
cache where some of the replies come from.
Perhaps I have corrupted the dns database by adding two
nic's or trying to remove MS Networking, or not having AD
installed.

Thanks for any advice you can give.

Steve Davis

ns.zio.com 63.108.129.93

I understand there is no AD on it from your original post. I was just
stabbing at a possible cause with the HOSTS file. As for the nslookup issue,
that's actually benign since all nslookup is doing upon invokation is trying
to tell you the name of your DNS server IP address by looking in your
reverse zone for a PTR entry. If no reverse zone or no PTR entry, you'll get
that message (not an error). So create a reverse zone or a PTR entry and it
will go away or just ignore it and nslookup will still function. I belive
Herb gave you pretty much the same suggestions.

By chance, did you turn off any services that you thought were not
necessary, such as the DHCP Client service?


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

Thanks for everyone's responses:

I opened 1433 and 1434 because I am trying to setup a SQL transfer
between SQL Servers. I have the SQL Slammer update so I think I'm
okay. I can close those ports again if needed.

I am filtering with a Firewall and with TCP/IP filtering. I tried
turning off all firewalls to see if DNS resolves. It still does not.
Here are my responses to the questions below:

1) This is a DNS client problem, but thought making it a DNS server
(installing DNS Services and configuring forward lookup zones) as well
would solve the issue. This is a client problem.

Make sure the DHCP Client service is running. Important since the APIs are
tied together with the DNS Client service.
You can also try netdiag /fix (part of the support tools on your cdrom).

2) I tried nslookup support.microsoft.com. Still does not resolve.
Someone mentioned using a UNIX DNS server? Should I try that? How
can I find one?

Not necessary for a BIND server. Do you have forwarding enabled?
Try this too when invoking nslookup to use a different server other than
your own to test it:
nslookup

server 4.2.2.2

Now it will use 4.2.2.2. with your subsequent commands

8) I was given other DNS Servers and put them in on my laptop. I was
able to resolve DNS. Then, when I put them in on my servers, I had
the same issue. So I tested the DNS servers to see that they worked,
but they failed to resolve on my servers.

I didn't post the IPs only because I been spammed quite well by
posting to newsgroups, so I wanted to keep them hidden. However, I
have received great support here. Is it possible I can e-mail you
them directly?

Sure can. Just put my actual firstlastname in the email.

I tried nslookup support.microsoft.com and couldn't resolve. How do I
"Test explicitly a FQDN for which the DNS server is authoritative?"

Do you have a forwarder configured? Did you disable Recursion under the
advanced tab?.

Since it's a mutli homed machine, you can tell it under theinterface tab to
only listen to the internal NIC, unless of course, this server is for
external Internet clients as well.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Don Lavu]

Steve,

The issue you've experienced is the same one that I just went through this
morning. I imagine that there is an exploit/worm of some sort that corrupts
your dns cache. Clearing the DNS cache on all of our servers has resolved
the problem, so I don't know if this the residual effect of some other
worm/exploit or the actual payload of a worm/exploit.

Our company suffered the effects of the Lovsan/Blaster worm last week, so I
don't know if if some vulnerability was exposed as a result. I will be
watching this thread and updating it as I get any more information. I
suspect that a lot more people have been affected by this and a more
suitable explanation will surface.

Regards,

Don

 

[Jonathan de Boyne Pollard]

DL> I imagine that there is an exploit/worm of some sort that
DL> corrupts your dns cache.

It's not an exploit. It's not a Microsoft Worm. It's simply that prior to
Windows NT 2003 Server, and Windows NT 2000 with service pack 3 applied,
Microsoft's DNS server by default believes and caches data that it has no
cause for believing. As of those versions, the default is now for the "secure
cache against pollution" option to be enabled by default rather than disabled,
and the server by default does not believe such data.

DL> Clearing the DNS cache on all of our servers has resolved
DL> the problem, [...]

No it has not. It has merely deferred the onset of the symptoms of the
problem until the next time that your cache is polluted.

Enable the "secure cache against pollution" option. Get into the habit of
making sure that it is enabled on all Microsoft DNS server installations that
you deal with. There is no good reason for it ever to be disabled.

DL> Our company suffered the effects of the Lovsan/Blaster worm
DL> last week, [...]

.... so now _everything_ is suspected to be a Microsoft Worm. (-:

 

[E. Cottrell]

Hello,

I was having the same problem with my DNS where the cache was full of
64.62.159.128 entries. I found an article in the Microsoft Knowledgebase
with some regard to a registry key, which I added but, there was no mention
on how to clear the cache. BTW, I am running WinNT 4 SP6a. I would have
posted this to the windowsnt.dns group, but I found this message first.

Any help would be thankful.

E. Cottrell

 

[Ace Fekay [MVP]]

In

Hello,

I was having the same problem with my DNS where the cache was
full of
64.62.159.128 entries. I found an article in the Microsoft
Knowledgebase with some regard to a registry key, which I added but,
there was no mention on how to clear the cache. BTW, I am running
WinNT 4 SP6a. I would have posted this to the windowsnt.dns group,
but I found this message first.

Any help would be thankful.

E. Cottrell

If I remember correctly, I think the only way to clear the cache was to
restart NT4. I don't have an NT4 box in front of me. Under the newer
systems, ipconfig /flushdns will clear the cache, but that';s not available
under NT4. You can *try* (if you want) to copy the ipconfig.exe tool from
W2k to this box and try it.

Check your HOSTS files to make sure it was not hijacked and all those
entries are not coming from it.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[SW]

-----Original Message-----
In SPH <[email protected]> posted their thoughts, then I offered mine

Make sure the DHCP Client service is running. Important since the APIs are
tied together with the DNS Client service.
You can also try netdiag /fix (part of the support tools on your cdrom).



Not necessary for a BIND server. Do you have forwarding enabled?
Try this too when invoking nslookup to use a different server other than
your own to test it:
nslookup

Now it will use 4.2.2.2. with your subsequent commands



Sure can. Just put my actual firstlastname in the email.


Do you have a forwarder configured? Did you disable Recursion under the
advanced tab?.

Since it's a mutli homed machine, you can tell it under theinterface tab to
only listen to the internal NIC, unless of course, this server is for
external Internet clients as well.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

I've experienced exactly the same problem. As soon as
TCP/IP Filtering was enabled and only TCP/UDP on ports 25
and 80 allowed all name resolution to external DNS servers
at the ISP packed up (and local Lan for that matter too).

Used actual IP addresses as workaround... just hope they
don't change at all before sorting this out. Tried
enabling port 53 for TCP and UDP but made no difference.

DHCP Client service wasn't running before with no ports
filtered and all name resolution working fine, and it
isn't running now... is it actually really needed..?

 

[Ace Fekay [MVP]]

In

I've experienced exactly the same problem. As soon as
TCP/IP Filtering was enabled and only TCP/UDP on ports 25
and 80 allowed all name resolution to external DNS servers
at the ISP packed up (and local Lan for that matter too).

Used actual IP addresses as workaround... just hope they
don't change at all before sorting this out. Tried
enabling port 53 for TCP and UDP but made no difference.

Put your ports back to default. Because the problem is below.

DHCP Client service wasn't running before with no ports
filtered and all name resolution working fine, and it
isn't running now... is it actually really needed..?

ABSOLUTELY..
Whether the machines is set for DHCP or has a static entry, the DHCP Client
service MUST always be running.

No DNS Name Resolution If DHCP Client Service Is Not Running (268674):
http://support.microsoft.com/support/kb/articles/268/6/74.ASP


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jonathan de Boyne Pollard]

AF> If I remember correctly, I think the only way to clear the
AF> cache was to restart NT4.

That's a tad drastic. Stopping and restarting the DNS Server service should
clear the cache as well.

AF> ipconfig /flushdns will clear the cache

It will clear the DNS Client cache (and that option to IPCONFIG is only
available on Windows NT 2000 and later in any case). What is needed here is
to clear the DNS _Server_ cache, which is done with DNSCMD /CLEARCACHE.
DNSCMD is available in the Windows NT 4 Resource Kit, of course.

 

[SPH]

I also tried enabling port 53 and 42 and 137. Thought that might
help, but it didn't. you all have been very helpful. I think I may
contact Microsoft directly because this is now reached critical
status. I cannot get e-mail. I did find these port numbers:

http://www.iana.org/assignments/port-numbers

 

[Ace Fekay [MVP]]

In

Thanks for that, however, I started DHCP Client manually
(without restarting machine), but still no name resolution.

It's has to be a blocked incoming port in the filtering
that prevents return packets from the DNS, doesn't it...?

Got a suspicion it might need port 135, which I'm
reluctant to open even though the worm patch is in place.

Cheers

DNS resolution requires 53 UDP and TCP to the DNS server. Now I'm not
exactly sure where you're blocking ports. You mentioned your Firewall and
TCP/IP filtering. Don't block with TCP/IP filtering. Disable that and use
your firewall to control access to internal resources. Port 135 is a must
for internal communications, but not for the outside world. Port 135 is what
NT (W2k, NT4, XP and W2k3) uses to communicate service requests between
servers and clients. If you're blocking that at the outside firewall, fine.
If you are killing it on the client side with TCP/IP filtering, you may be
stepping on your own toes.

If you started the DHCP Client service, and it still doesn't resolve, but
you didn't restart the machine, I would restart it. But I would look at the
above first. You have too much going on it seems with this. The KISS method
works wonders and allows easier administration.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

I also tried enabling port 53 and 42 and 137. Thought that might
help, but it didn't. you all have been very helpful. I think I may
contact Microsoft directly because this is now reached critical
status. I cannot get e-mail. I did find these port numbers:

http://www.iana.org/assignments/port-numbers











"Ace Fekay [MVP]"

See my above latest post.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

That's a tad drastic. Stopping and restarting the DNS Server service
should clear the cache as well.

Yes, forgot to mention that!

It will clear the DNS Client cache (and that option to IPCONFIG is
only available on Windows NT 2000 and later in any case). What is
needed here is to clear the DNS _Server_ cache, which is done with
DNSCMD /CLEARCACHE. DNSCMD is available in the Windows NT 4 Resource
Kit, of course.

Well, of course I was referring to copying the ipconfig tool from W2k to NT4
and trying it. DNSCMD will work fine too!

Cheers!




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Toni Lassila]

It's has to be a blocked incoming port in the filtering
that prevents return packets from the DNS, doesn't it...?

DNS queries go out using the UDP port 53, and the responses come in
to a port in the dynamic range (1024+). Since W2K IP filtering is
not a stateful firewall (one that keeps track of outbound packets
and allows for response packets), you either have to enable all
incoming UDP ports on the dynamic range or give up using W2K TCP/IP
filtering.

I'd recommend the latter.

Got a suspicion it might need port 135

No, it doesn't.