Unable to resolve target system name

Posted on 2006-06-23
Last Modified: 2013-01-10
Hi, got a curious DNS (I assume) problem which started a few days ago...

I have a network which has 4 DNS Servers, 2 at Head Office and 1 each at 2 remote sites.
They are active directory integrated zones and appear to be replicating correctly.

My laptop is pointed at the DNS servers at Head Office and I was unable access and also seemed to be getting a higher than normal number of pages which will not display until the refresh button is pressed, if I pointed my laptop at the DNS forwarder address listed in my DNS, at an external DNS address (e.g.: my ISP) OR to one of my INTERNAL DNS servers at one of the REMOTE sites I had no problems.

It only seemed to be the site mentioned (i.e.: I could get to for example)

When I ping/tracert I get 'unable to resolve name' (while MS seems to disable ping response I should at lest get the first few hops of the tracert cmd)

My Head Office DNS servers don't seem to be doing the recursive query for this site correctly but why oh why only this site, surely even if all else fails the root hints should do the job?

The following day, came in the morning and could get the microsoft site, also got tracert responses through [] until MS kills the ping.

Today I can get but not with a tracert response of 'Unable to resolve target system name', however when set my secondary DNS to be one of my remote sites (remember, Integrated AD DNS) it all works fine, get a ping response and can tracert...

Can someone point me in the right direction for more investigation...?
Question by:SNRequip
  • 6
  • 2
  • 2
  • +3
LVL 43

Expert Comment

by:Steve Knight
ID: 16967403
Weird.  Is there any issue with firewall rules allowing that server out to the internet -- maybe rules only allow that server to one of it's forwarders but the other servers are allowed out to any?  Unlikely I know...
LVL 30

Expert Comment

ID: 16967481
LVL 79

Expert Comment

ID: 16968166
What do you have listed as forwarders in each of your 4 DNS servers?
What do you have listed as the primary dns server in the individual TCP/IP settings on each DNS server?
This FAQ might help:

More links that might help:

How to troubleshoot DNS name resolution on the Internet in Windows Server 2003;en-us;816567

Windows 2000 DNS - Diagnosing Name Resolution Problems;en-us;316341

Windows 2000 DNS - Solving other common DNS problems
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 16968651
Hi Lrmoore,

Only one of my DNS servers had a forwarder, the rest relied on Root Hits file, I changed the forwarder on the on that had it to my ISP's DNS but no joy.

I am running AD integrated DNS so the DNS Servers are located on Domain Controllers, so they are pointing at themselves (either or their own IP Address)

If it is a cache corruption then it has to have occurred on both Head Office Servers as neither will resolve the names.

My ISP which also looks after the configuration on our Firewalls & Routers swear blind that everything is ok, they have done some work on the their core network however our remote sites also run through that location to reach the Internet...

For the hell of it I may reload the cache files as suggessted in one of the articles...

LVL 30

Expert Comment

ID: 16968694
did you check my links

Author Comment

ID: 16969259

Link 1) as mentioned in my first post tried tracert/ping which seems to point to a DNS issue
Link 2) we have internet access but with a higher than normal number of refresh and some fairly random unable to access errors, also re-reading my post I should have been more specific, this doesn't just affect my PC, all PCs pointing to these servers have the problem, no one is complaining because so far they seem to be sites that the average using doesn't require (i.e. or or they are passing it of as odd behviour but not bothering to report it.
Link 3) unfortunately not a lot of use, I have already added the destination to the hosts file and it found the site but this doesn't help me to correct the problem with my DNS Servers

I will change my DHCP Servers to give a 'good' internal DNS as the secondary which should stop peoples stress levels rising to high (except for those on static IP addresses) while I try to figure out what is going wrong...
LVL 13

Expert Comment

ID: 16969345
Few things while setting DNS servers.

You said you have 4 DNS servers.

2 in one location and 1 each at other 2 remote sites.

Now each 3 locations will have their individual internet connections with different ISP(Or can be same ISP).

Now, why don't you put forwarders on atleast one DNS server at head office and on both remote site DNS servers.

These forwarders will be DNS server provided by ISP at each location.

Also, make sure, In Network Settings, each server should point itself as primary DNS server and any of the other internal DNS server as secondary.

With these settings, you must ensure that local firewall at each site should allow UDP/53 to forwarded DNS server IP addresses.

Author Comment

ID: 16969849
Physically our sites are linked individually to the Internet by the same ISP, logically they are part of a VPN that accesses the Internet via a core location (which is hosted by our ISP and physically seperate from all our sites).

Tried putting our ISP DNS Server as a forwarder on the DNS Server at Head Office, no change in results, the two remote sites are quite happily resolving queries correctly and efficiently without forwarders.

The DNS Servers at Head Office where pointing at themselves as the primary and the other as the secondary, I have to admit I had not tried pointing them at one of our DNS servers at a remote location, did this and the DNS server can resolve some of the problem URLs e.g. and gets a tracert response in 7 hops however my laptop which points at the Head Office DNS still cannot resolve the name and gets through 14 hops and then starts getting a timed out message, which is well outside my netwrk...!

After the initial hops which are my internal network both traces diverge through different paths...

I did flush the dns cache on both the DNS Server and my local PC.

I would assume that as our site has been opperating for several years ok that UDP/53 is configured correctly however will double check with our ISP.

Also, I thought that the secondary DNS was only used if the primary was unavailable, the primary is available, just giving some weird results so why does it make a difference when I make the secondary DNS the one at my remote site...

Curiouser & curiouser...

Anyway, beers are on the balcony so I will be leaving this for the day...

Author Comment

ID: 17080050
Hi All,

It looks like I have resolved the problem (touch wood), having checked the DNS logs I found I was getting an occassional [8281   DR SERVFAIL] entry, it appears that DNS 2003 by default advertises that it can recieve MTU's greater than 512kb which causes some PIX firewalls to choke, I used dnscmd /Config /EnableEDnsProbes 0 to turn off this feature and can access now...

Thanks for your assistance, hope this info is of use.

LVL 79

Expert Comment

ID: 17080649
There is another solution for the PIX to allow greater than 512k with the fixup
  fixup protocol dns maximum-length 768  (512 is default)

Author Comment

ID: 17080677
Did consider that, it would seem that it is only Head Office that has the problem, waiting for my ISP (who manage our PIX) whether there is a different setting for our Head Office, however it seems from reading that some had tried configuring their PIX but still had flakey (even if less so than before) results.

Author Comment

ID: 17088398
The solution is as stated in my post on 07/11, I have set our DNS Servers to not advertise that they can accept an MTU of greater than 512kb.

Accepted Solution

Netminder earned 0 total points
ID: 17118354
Closed, 500 points refunded.
Site Admin

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMware ESXi vswitch - performance question 2 76
DNS propagation 5 41
PC trouble to connect to file server 6 36
Reverse DND setup 6 38
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question