?
Solved

DNS Issues

Posted on 2005-03-30
12
Medium Priority
?
219 Views
Last Modified: 2013-11-16
I am having a wierd problem. This is happening site wide. While we are browsing the internet we will click on a link or try to go to a web page and we will get an error that says page can not be displayed. If we refresh or just type in the address again, eventually it will display. Nothing major has changed in our network. We have two internal DNS servers that have forwarders of our ISP's DNS servers. I have changed these once before to see if it helps but to no avail. Could my setting on my DNs server be messed up. Everything was working great a month ago. We do have a webshield from mcafee and a watchguard firewall. We dont have the webshield doing anything except scanning http, smtp ftp and pop3 traffic. nothing has changed on that side for a while. Are there any tests i can try to see if its our DNS servers?
0
Comment
Question by:msidnam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 17

Accepted Solution

by:
ccomley earned 500 total points
ID: 13661863
DNS lookups are UDP and if the server takes too long to respond, the browser just assumes it means there's no such website.

The most common cause of this sort of behaviour is you're using a DNS server whcih is too far away and the responses take so long to get back that sometimes the browser gives up waiting.

You need to check teh DNS servers you are "forwarding" to are nice and fast and nearby - could your ISP have changed settings and you didn't notice.

OR you could turn off forwarding and get your own DNS servers to do teh query normally.

As a test, you could set up a workstation to use the ISP's DNS directly. But only as a test of this problem because of cousre other things to do with your internal network won't work properly if you do this.

0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13661962
In Administrative Tools --> dnsmgmt
Right click your DNS server --> properties --> Debug Logging Tab
Check what you want to examine.
In Log file, enter a path and logfile name.  (I have a specific directory for logging dns; the file name can be anything.log)
Adjust the maximum size in bytes.

Create the error, check the log.

If it's not intuitive enough, then under other options in the Debug Logging tab, select Details.

Enjoy, you'll have a lot of lines to read. You can usually find errors quickly by scrolling and noticing a break in the typical line pattern--not an end all, just quick.
0
 
LVL 2

Author Comment

by:msidnam
ID: 13664296
ccomley,
How would i get my Internal DNS servers to do it normally? Without having to rely on my ISP's DNS?
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 500 total points
ID: 13666280
The recommended setup from Microsoft is to have the DNS server point to itself only.  The other DNS server point to the first one and all workstations point to that primary internal DNS server.  Forwarders are not recommended unless there is a requirement from your ISP or if you want to eak the last iota of performance out of the DNS server. However, you put in a single point of failure.

A Resolution request hits your internal DNS server.  If it does not know the answer, it then queries the Internet Root Servers for the answer, gets it and adds it to it's cache, then passes the information on to the requester.  If your ISP's DNS servers are having a problem, it will pass that on to your network.  Most people will never have use for forwarders.  The most common times I've seen it is if the server was setup without Internet access, thus creating a zone starting with a . (period).  Forwarders were the only way to get resolution then.  To resolve that, remove the forwarders, delete the zone starting with the . and restart.
0
 
LVL 2

Author Comment

by:msidnam
ID: 13666339
I can see that root hints on both my dns servers. i dont know if they are up to date or ever change though. So what i should do is just take out the forwarders al together and just relay on the root hints? If i do this do i need to pass any special ports through the firewall?
0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13668843
Just remove the forwarders and stop and restart the DNS service.  Nothing needs to be changed as far as ports in your firewall.
0
 
LVL 2

Author Comment

by:msidnam
ID: 13671267
First, thank you all for your suggestions. A couple more questions though? How can i tell which one is the primary? We had on of our DC's crash earlier this year and when i rebuilt it i added DNS to it. It was thier before the crash and i beleive it was our primary but since the crash i am not sure if the other DNS took over the role. Also, when I disable the forwarders and restart the DNS services on both machines  should i do a flushdns or anything on them? right now we are using DHCP and i have both DNs servers listed. I should only have it list the primary correct? Again, thanks for the help. this is one issue that has me baffled as everything has been working great up until a few weeks ago. and it seems to get worse.
0
 
LVL 13

Expert Comment

by:gpriceee
ID: 13671342
I assume you're running DNS in Active Directory.  So. . . .

"How can i tell which one is the primary"
There is no "primary" in Active Directory DNS because it's integrated with Active Directory.

"Also, when I disable the forwarders and restart the DNS services on both machines  should i do a flushdns or anything on them"
Right click the DNS server in the dnsmgmt console --> Clear Cache

"right now we are using DHCP and i have both DNs servers listed. I should only have it list the primary correct"
Only have DHCP point to one DNS server; have it point to the one you think will have the best performance.

If you have some problematic workstations, at the cmd prompt, enter the following commands:
ipconfig /renew
ipconfig /flushdns
0
 
LVL 2

Author Comment

by:msidnam
ID: 13673803
Guys, i hope you dont mind that i split the points since i used both your suggestions. They were very helpful, thank you.
0
 
LVL 17

Expert Comment

by:ccomley
ID: 13674795
FYI the root hints file *does* need to be checked from time to time, we noticed the "B" root server changed sometime in the last few months. However, the chances of *all* or even of a significant percentage of them changing over even quite a long period are slim so it's unlikely to cause a total failure.

The good news is, even with Microsoft's GUI controlled DNS, updating the root hints list is just a case of downloading an up to date copy and replacing the existing file, the format is compatible.

You get the current file from ftp.rs.internic.net, in /domain, called "named.root". (This should be a FAQ! :-)

I suggest everyone makes this a two- or three-times a year checklist entry. :-)
0
 
LVL 16

Expert Comment

by:samccarthy
ID: 13680049
Thanks and good luck!   When I went round and round with MS earlier this year, they recommended pointing all the machines to one DNS server that would be the best performer.  In your DHCP, put both of your servers in, but list this "Best performing" server first.  This way you get no looping going on and if the primary goes down, you can still resolve with the other one.
0
 
LVL 2

Author Comment

by:msidnam
ID: 13736774
ccomley,
where do i put in the named.root file once i download it?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This program is used to assist in finding and resolving common problems with wireless connections.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question