DNS Forwarding / Recursive Query Fails

[Glen Roberts - MCSE MCP+I]

I have 3 DC's all running DNS. 2 out of the 3 work just
fine. Forwading is working fine as well as Recursive
Queries under the monitoring tab in DNS MGMT.

The 3rd server does a normal lookup just fine but the
Recursive Query fails after the timeout period (15
seconds or so). Since that isnot working whenever I do a
nslookup for a MX record or anything else is fails right
away with a timout error (2 seconds.....)

Any ideas, I have tried everything I can think of. I
imported the root hints from one of the other DNS
servers, I verified that all the settings are all the
same. The forwarders address are the same. Any ideas
would be great.

 

[Ace Fekay [MVP]]

In

I have 3 DC's all running DNS. 2 out of the 3 work just
fine. Forwading is working fine as well as Recursive
Queries under the monitoring tab in DNS MGMT.

The 3rd server does a normal lookup just fine but the
Recursive Query fails after the timeout period (15
seconds or so). Since that isnot working whenever I do a
nslookup for a MX record or anything else is fails right
away with a timout error (2 seconds.....)

Any ideas, I have tried everything I can think of. I
imported the root hints from one of the other DNS
servers, I verified that all the settings are all the
same. The forwarders address are the same. Any ideas
would be great.

Is there any firewall rules blocking access to the forwarder from the 3rd
machine?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Glen Roberts - MCSE MCP+I CCNA]

No, everything in the fire wall is correct.
One server that is working in on 2000 SP3 and the other
is running server 2003. The only one not working is
running 2000 SP4. This was installed a while back but
now believe there has been a problem for a while now.
How much havoc could rolling back to SP3 cause?
The server is also running half of the DHCP scopes. I
increased the timeout value to 10 seconds and then I got
server failed. instead of timeout. Not sure what is going
on..... but it's driving me CRAZY !!

 

[Ace Fekay [MVP]]

In

No, everything in the fire wall is correct.
One server that is working in on 2000 SP3 and the other
is running server 2003. The only one not working is
running 2000 SP4. This was installed a while back but
now believe there has been a problem for a while now.
How much havoc could rolling back to SP3 cause?
The server is also running half of the DHCP scopes. I
increased the timeout value to 10 seconds and then I got
server failed. instead of timeout. Not sure what is going
on..... but it's driving me CRAZY !!

SP4? Is your domain a single label name?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Glen Roberts - MCSE MCP+I CCNA]

Yes it is a single label name.

 

[Ace Fekay [MVP]]

In

Yes it is a single label name.

That's where the problem lies. DNS does not know how to handle single label
names since DNS is based on a hierarchal tree structure. A single label name
does not follow the rules. Matter of fact, you'll notice excessive traffic
to the ISC root servers due to single label names, hence why registration
was stopped in SP4 if you have a single label name.

http://support.microsoft.com/?id=300684 will give you more info on how to
"bandaid" this issue until you come up with a plan to reinstall your domain
wit the required format of "yourdomain.com" instead of just "yourdomain" as
your AD domain name (the recommended resolution).

Sorry for the bad news...


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[randy benson]

Am I right in my understanding that it can be 'yourdomain.anything', e.g.
'mydomain.local', not limited to '.com'?

"Ace Fekay [MVP]"

In Glen Roberts - MCSE MCP+I CCNA <[email protected]> posted
their thoughts, then I offered mine

That's where the problem lies. DNS does not know how to handle single label
names since DNS is based on a hierarchal tree structure. A single label

name

 

[Ace Fekay [MVP]]

In

Am I right in my understanding that it can be 'yourdomain.anything',
e.g. 'mydomain.local', not limited to '.com'?

That's correct. Could even be "yourdomain.randy" !




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Shane Brasher]

Hello All,

Good call Ace. You are 100% correct, single label is the issue. In
addition to the article you suggested, here are some more references for
whoever is interested.

285983 Considerations for Designing Namespaces in Windows 2000-Based Domain
http://support.microsoft.com/?id=285983

254680 DNS Namespace Planning
http://support.microsoft.com/?id=254680


Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Ace Fekay [MVP]]

In

Hello All,

Good call Ace. You are 100% correct, single label is the issue. In
addition to the article you suggested, here are some more references
for whoever is interested.

285983 Considerations for Designing Namespaces in Windows 2000-Based
Domain http://support.microsoft.com/?id=285983

254680 DNS Namespace Planning
http://support.microsoft.com/?id=254680


Shane Brasher
MCSE (2003,2000,NT),MCSA Security, N+, A+
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no
rights.

Thanks!


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory