BradRLewis
asked on
Windows 2003 DNS server forwarding issues
I am running a W2K3 DNS server that is AD intergrated. I have two internal DNS servers, and they are setup to forward to my ISPs two DNS servers. I am able to nslookup yahoo.com, but not www.yahoo.com. The same goes for pinging, I can ping yahoo.com, but not www.yahoo.com. So my clients on my network are unable to get to www.yahoo.com. If I switch my IP settings on a laptop to use my ISPs DNS, www.yahoo.com works just fine. I have cleared the cache, reloaded the zone, and restarted DNS.
Help, this is driving me crazy.
Help, this is driving me crazy.
Ummm, try checking for the "." Also, set one machine to recurse to the PDC holder (Just for tidiness )Go for the one "Closest" to your companies web connection and Point of presence. As long as your main site is up and accessible, your DNS should work. If your machines refer to themselves as primary, and the ISP as secondary, they are acting independantly. Make this should work, it can have problems if it is misconfigured, and I quite frankly haven't tried that way. I have my primary site set to refer queries to the web, and the other servers set to query my main site. All my stuff works, so if it ain't broke, don't fix it. We have remote sites, and one soon to be DSL, but with the VPN, I prefer to have web requests routed through us. While I don't currently run ISA, I might get tasked with it in the future. If I'm already prepared for it, it's a simple install away. Oh the life of the lazy network admin. 8-)
Good Luck!
Good Luck!
BradRLewis
From the DNS server on your LAN:
Restart the DNS Service
Clear any remaining cache
run these commands from the command prompt:
NSLOOKUP
SET DEBUG
www.yahoo.com
yahoo.com
post the results here
CASCA1 - it would not be possible to set up forwarders with the . zone still present. Setting DNS to forward to the PDCEmulator is not tidy unless your corporate internet setup means only one machine has outbound access to the internet for DNS lookup - which is not liely to be the case here.
Cheers
JamesDS
From the DNS server on your LAN:
Restart the DNS Service
Clear any remaining cache
run these commands from the command prompt:
NSLOOKUP
SET DEBUG
www.yahoo.com
yahoo.com
post the results here
CASCA1 - it would not be possible to set up forwarders with the . zone still present. Setting DNS to forward to the PDCEmulator is not tidy unless your corporate internet setup means only one machine has outbound access to the internet for DNS lookup - which is not liely to be the case here.
Cheers
JamesDS
ASKER
No, I am not able to go to www.yahoo.com on my DNS server or any workstations using my internal DNS. This is only happening with Yahoo and a couple of others, and is NOT widespread across all sites.
No, there is no "." On my DNS servers, they only point to themselves, they each have one entry in the adapter settings and it is their own IP address.
No, there is no "." On my DNS servers, they only point to themselves, they each have one entry in the adapter settings and it is their own IP address.
BradRLewis
It sounds like your HOSTS file may be hijacked.
Open up your hosts file (system32\drivers\etc) and look for any entries referring to the sites that are failing.
Cheers
JamesDS
It sounds like your HOSTS file may be hijacked.
Open up your hosts file (system32\drivers\etc) and look for any entries referring to the sites that are failing.
Cheers
JamesDS
BradRLewis
Also, on your DNS servers in the IP properties uncheck the box marked "Append parent suffixes of the primary DNS Suffix"
NOTE: this will slightly alter the way your DNS domain resolves other things within your DNS hierarchy so test it first!
Cheers
JamesDS
Also, on your DNS servers in the IP properties uncheck the box marked "Append parent suffixes of the primary DNS Suffix"
NOTE: this will slightly alter the way your DNS domain resolves other things within your DNS hierarchy so test it first!
Cheers
JamesDS
ASKER
James,
I do not have any entries in any host files. Also, I have unchecked the box marked "Append parent suffixes of the primary DNS Suffix". This has not helped.
I have run a netmon trace and I am seeing requests go out to the external DNS servers, but I do not get a reply for www.yahoo.com. I can query other sites and see responses from the external DNS servers, but again not for www.yahoo.com.
Help!
Brad
I do not have any entries in any host files. Also, I have unchecked the box marked "Append parent suffixes of the primary DNS Suffix". This has not helped.
I have run a netmon trace and I am seeing requests go out to the external DNS servers, but I do not get a reply for www.yahoo.com. I can query other sites and see responses from the external DNS servers, but again not for www.yahoo.com.
Help!
Brad
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
PS: this issue tends to affect "big" or "popular" websites which have complicated load-balancing mechanisms and therefore return a lot of information for each DNS query. If it's the same issue I've seen, you'd likely have trouble with www.hp.com, www.google.com, www.aol.com, www.microsoft.com, etc.
Eli
Eli
ASKER
Disabling the EDNS probes worked like a charm!
Thanks Eli!
Brad
Thanks Eli!
Brad
Great, glad to hear it!
That is GREAT! I had the same issue and it fixed it right up. Thank YOU!
Todd
Todd
Glad to help! ;)
I've been stumped by a similar problem for the past 2 days. Tried everything I could think of and it still remained a problem with our 03 DNS servers. The JSI link fixed us right up.
Thanks!
Thanks!
helped me too - i was scrambling w/ the pix config and finally found this solution - this should be posted everywhere on the internet - this is a huge issue.
Does this happen with all sites?? or just with the yahoo site...