Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

2003 DNS resloves only 25% of internet name resolution

I am preping for a migration to 2003 AD. I configure the first DC runing DNS. I am successful in creating a trust to my production NT domain and can join users to the new domain. Interent name resoultion just stops working after initial install. My root servers are listed, simple and recursive queries test OK. If I add my local ISP as a forwarder it also starts to work then fails after several hours. I am running a 2000 DNS server on my NT domain with no problems. The only difference is my NT domain is not a registered FQDN and my new 2003 doamin is. When I run an NSlookup everything points to itself (the local box) even if I perform a NSlookup on yahoo.com. I'm getting tired of rebuilding the O/S.
0
rptsysadmin
Asked:
rptsysadmin
  • 4
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:

I take it no error messages appear for this problem in the Event Log?

At the time of failure, what happens when you try and query an address using nslookup?

Are both Forward and Reverse Lookup zones still answering queries when external resolution fails?

Can the DNS still ping it's gateway?

Are there any restrictions for outbound traffic on Port 53 on your gateway?
0
 
rptsysadminAuthor Commented:
No errors appear
nslookup all point to the DC itself, even one that are the DC are not authorative for. suach as yahoo.com
internal name resoultion works fine
yes DNS can ping it gateway. If I put my ISP DNS's in my NIC card properties the server itself can browse the public internet.
All outbound traffic is being permitted
0
 
Chris DentPowerShell DeveloperCommented:

You already tested it using Root Hints rather than Forwarders?

At the time of failure can it still ping an address like 198.41.0.4 and resolve an address for a.root-servers.net?

I take it there is no abnormal load on the server such as heavy CPU or memory usage?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Chris DentPowerShell DeveloperCommented:

You don't use a PIX firewall do you?
0
 
rptsysadminAuthor Commented:
I first tried it with root hints only, same problem.
then with forwards,same problem
there is no load at all, it is the first box on the new domain. The hardware id Dell power edger 1650, dual processor and gig of ram
It truly confusing because I have performedt his before for other client with 2000 AD and 2003 AD.
I'm beginning to think it just a bad install
0
 
rptsysadminAuthor Commented:
yes we do. But again all traffic from the internal network is allowed out.
0
 
Chris DentPowerShell DeveloperCommented:

There was a problem with PIX firewalls discussed in another thread.The problem was very very much like yours.

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_21190763.html

And to quote:

The problem is not with udp packets being bigger than 512, but with edns0 packet which is sent from microsoft dns server.

The command:

dnscmd /Config /EnableEDnsProbes 0

Deactivates the feature.
0
 
rptsysadminAuthor Commented:
After going over this with my WAN administrator all of the other networks are running PIX IOS 6.3 [4] (were this is not an issue)
This network's PIX is running 6.3[1]
were upgradeing tonight.
Thaks for everyone input.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now