[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

DNS recursive test query failed

Posted on 2004-12-01
10
Medium Priority
?
16,104 Views
Last Modified: 2007-12-19
I was asked to look at a network for a small business.  There are 20 clients running either Win98SE or XP Pro, and two machines running Windows 2K Server.  Internet connection is through a DSL line.  The DSL line goes to Server 1 and then to a hub, which the clients and the other server are connected to.  

Server 1
NISP 2004
602LanSuite 2004 internet proxy software

NIC 1(internal network)
IP: 10.0.0.1
DNS:10.10.0.1

NIC 2 (external)
IP:169.xx.xxx.xxx
DNS: automatic

P.P.P.o.E. adapter
IP: 68.xxx.xxx.xxx
DNS: automatic from ISP
         65.xx.xx.xx
         206.xxx.xxx.xxx  

Server 2
Domain Controller
DNS, AD, DHCP server
NIC
IP: 10.10.0.1
DNS: 10.10.0.1
(forwarders point to ISP DNS servers)

When testing Server 2, I can PING internal clients, but it cannot resolve external hostnames to IP address (i.e. www.google.com) using PING.  Also, the server will fail a recursive query to other DNS servers.  In addition, under the properties for the DNS server, it is unable to resolve to root hints server names to their IP address (m.root-servers.net to 202.12.27.33)

I am looking for suggestions on what could be wrong.  I appreciate any help on this.
0
Comment
Question by:Latrobe33
  • 5
  • 5
10 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12721081

Do you have any forwarders configured? If the forwarders don't support Recursive Queries then external resolution will fail.

Can you also check the Root Hints tab under the properties for your DNS Server in DNS Manager and confirm that 13 addresses are listed there. This doesn't rely on Recursive Queries, but if any are missing then you should use the method in this MS Article to fix it:

http://support.microsoft.com/kb/249868/EN-US/

For Server 1 (multi-homed server), does it have a Default Gateway set on both adapters? If so the Default Gateway on the Internal Interface should be removed.

Finally, is your server allowed outbound access through your Firewall (if you have one) on Port 53?
0
 
LVL 2

Author Comment

by:Latrobe33
ID: 12722023
Thanks for the response Chris-Dent.  
<Do you have any forwarders configured? If the forwarders don't support Recursive Queries then external resolution will fail.>
  - Yes, forwarders are configured.  I have the two DNS servers for the ISP configured.  I assume that they support recursive queries,  
    even though it has not been tested.  And ideas on how to do this?

<confirm that 13 addresses are listed there>
  - Yes, and they are current
<For Server 1 (multi-homed server), does it have a Default Gateway set on both adapters?>
  - No, both adapters are set to obtain IP and DNS addresses automatically.  Since this server acts as a proxy server, there is a
    reservation for it within the DHCP scope on Server 2

<Is your server allowed outbound access through your Firewall (if you have one) on Port 53?>
  - Yes, there is an active rule to allow connections from Server 2 on port 53

I appreciate the input C-D.  I keep thinking that this is something glaringly obvious that I keep overlooking.  I almost hope that it is.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12723793

There's a test tab which will allow you to test recursion.

Otherwise, remove the forwarders completely (which will drop back to root hints) and test name resolution.

If you're running DNS on both servers you should really let both have outbound access so they can both resolve requests.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Author Comment

by:Latrobe33
ID: 12728259
DNS is only running on Server 1; the recursive query on Server 2 fails with forwarders configured and without.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12734408

You shouldn't need recursive query support when Forwarders are not configured. Does it resolve name requests correctly with that? Or is it still timing out?
0
 
LVL 2

Author Comment

by:Latrobe33
ID: 12739958
it still times out.
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12740150

Hmmm, if it's not going through at all I'd be tempted to have a second look at the Firewall...
0
 
LVL 2

Author Comment

by:Latrobe33
ID: 12741152
Even If I disable Norton I get the same response.  I have to say that solving this is for my own gratifiaction.  All computers are able to access the internet through the proxy server, and collect their email through the same program.  I just don't like it wokring the wrong way.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 375 total points
ID: 12741219

You could try setting server 1 in the Forwarders tab of your DNS config. That way anything unresolved (that it isn't authoritative for) will be passed onto that server.

Bit of a messy fix though.

Otherwise it has to be Server 1 blocking the traffic or not being happy with what is going through.
0
 
LVL 2

Author Comment

by:Latrobe33
ID: 12756584
I think you are right about Server 1 not liking the traffic.  All client machines have network and internet connectivity.  I will have to let this be for the time being.  Thank you for the suggections Chris-Dent.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Resolve DNS query failed errors for Exchange
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question