Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Unable to resolve target system name

Posted on 2006-06-23
Medium Priority
Last Modified: 2013-01-10
Hi, got a curious DNS (I assume) problem which started a few days ago...

I have a network which has 4 DNS Servers, 2 at Head Office and 1 each at 2 remote sites.
They are active directory integrated zones and appear to be replicating correctly.

My laptop is pointed at the DNS servers at Head Office and I was unable access and also seemed to be getting a higher than normal number of pages which will not display until the refresh button is pressed, if I pointed my laptop at the DNS forwarder address listed in my DNS, at an external DNS address (e.g.: my ISP) OR to one of my INTERNAL DNS servers at one of the REMOTE sites I had no problems.

It only seemed to be the site mentioned (i.e.: I could get to for example)

When I ping/tracert I get 'unable to resolve name' (while MS seems to disable ping response I should at lest get the first few hops of the tracert cmd)

My Head Office DNS servers don't seem to be doing the recursive query for this site correctly but why oh why only this site, surely even if all else fails the root hints should do the job?

The following day, came in the morning and could get the microsoft site, also got tracert responses through [] until MS kills the ping.

Today I can get but not with a tracert response of 'Unable to resolve target system name', however when set my secondary DNS to be one of my remote sites (remember, Integrated AD DNS) it all works fine, get a ping response and can tracert...

Can someone point me in the right direction for more investigation...?
Question by:SNRequip
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
  • 2
  • +3
LVL 43

Expert Comment

by:Steve Knight
ID: 16967403
Weird.  Is there any issue with firewall rules allowing that server out to the internet -- maybe rules only allow that server to one of it's forwarders but the other servers are allowed out to any?  Unlikely I know...
LVL 79

Expert Comment

ID: 16968166
What do you have listed as forwarders in each of your 4 DNS servers?
What do you have listed as the primary dns server in the individual TCP/IP settings on each DNS server?
This FAQ might help:

More links that might help:

How to troubleshoot DNS name resolution on the Internet in Windows Server 2003;en-us;816567

Windows 2000 DNS - Diagnosing Name Resolution Problems;en-us;316341

Windows 2000 DNS - Solving other common DNS problems
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.


Author Comment

ID: 16968651
Hi Lrmoore,

Only one of my DNS servers had a forwarder, the rest relied on Root Hits file, I changed the forwarder on the on that had it to my ISP's DNS but no joy.

I am running AD integrated DNS so the DNS Servers are located on Domain Controllers, so they are pointing at themselves (either or their own IP Address)

If it is a cache corruption then it has to have occurred on both Head Office Servers as neither will resolve the names.

My ISP which also looks after the configuration on our Firewalls & Routers swear blind that everything is ok, they have done some work on the their core network however our remote sites also run through that location to reach the Internet...

For the hell of it I may reload the cache files as suggessted in one of the articles...

LVL 30

Expert Comment

ID: 16968694
did you check my links

Author Comment

ID: 16969259

Link 1) as mentioned in my first post tried tracert/ping which seems to point to a DNS issue
Link 2) we have internet access but with a higher than normal number of refresh and some fairly random unable to access errors, also re-reading my post I should have been more specific, this doesn't just affect my PC, all PCs pointing to these servers have the problem, no one is complaining because so far they seem to be sites that the average using doesn't require (i.e. or or they are passing it of as odd behviour but not bothering to report it.
Link 3) unfortunately not a lot of use, I have already added the destination to the hosts file and it found the site but this doesn't help me to correct the problem with my DNS Servers

I will change my DHCP Servers to give a 'good' internal DNS as the secondary which should stop peoples stress levels rising to high (except for those on static IP addresses) while I try to figure out what is going wrong...
LVL 13

Expert Comment

ID: 16969345
Few things while setting DNS servers.

You said you have 4 DNS servers.

2 in one location and 1 each at other 2 remote sites.

Now each 3 locations will have their individual internet connections with different ISP(Or can be same ISP).

Now, why don't you put forwarders on atleast one DNS server at head office and on both remote site DNS servers.

These forwarders will be DNS server provided by ISP at each location.

Also, make sure, In Network Settings, each server should point itself as primary DNS server and any of the other internal DNS server as secondary.

With these settings, you must ensure that local firewall at each site should allow UDP/53 to forwarded DNS server IP addresses.

Author Comment

ID: 16969849
Physically our sites are linked individually to the Internet by the same ISP, logically they are part of a VPN that accesses the Internet via a core location (which is hosted by our ISP and physically seperate from all our sites).

Tried putting our ISP DNS Server as a forwarder on the DNS Server at Head Office, no change in results, the two remote sites are quite happily resolving queries correctly and efficiently without forwarders.

The DNS Servers at Head Office where pointing at themselves as the primary and the other as the secondary, I have to admit I had not tried pointing them at one of our DNS servers at a remote location, did this and the DNS server can resolve some of the problem URLs e.g. and gets a tracert response in 7 hops however my laptop which points at the Head Office DNS still cannot resolve the name and gets through 14 hops and then starts getting a timed out message, which is well outside my netwrk...!

After the initial hops which are my internal network both traces diverge through different paths...

I did flush the dns cache on both the DNS Server and my local PC.

I would assume that as our site has been opperating for several years ok that UDP/53 is configured correctly however will double check with our ISP.

Also, I thought that the secondary DNS was only used if the primary was unavailable, the primary is available, just giving some weird results so why does it make a difference when I make the secondary DNS the one at my remote site...

Curiouser & curiouser...

Anyway, beers are on the balcony so I will be leaving this for the day...

Author Comment

ID: 17080050
Hi All,

It looks like I have resolved the problem (touch wood), having checked the DNS logs I found I was getting an occassional [8281   DR SERVFAIL] entry, it appears that DNS 2003 by default advertises that it can recieve MTU's greater than 512kb which causes some PIX firewalls to choke, I used dnscmd /Config /EnableEDnsProbes 0 to turn off this feature and can access now...

Thanks for your assistance, hope this info is of use.

LVL 79

Expert Comment

ID: 17080649
There is another solution for the PIX to allow greater than 512k with the fixup
  fixup protocol dns maximum-length 768  (512 is default)

Author Comment

ID: 17080677
Did consider that, it would seem that it is only Head Office that has the problem, waiting for my ISP (who manage our PIX) whether there is a different setting for our Head Office, however it seems from reading that some had tried configuring their PIX but still had flakey (even if less so than before) results.

Author Comment

ID: 17088398
The solution is as stated in my post on 07/11, I have set our DNS Servers to not advertise that they can accept an MTU of greater than 512kb.

Accepted Solution

Netminder earned 0 total points
ID: 17118354
Closed, 500 points refunded.
Site Admin

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Make the most of your online learning experience.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question