Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I have problem with forwarder in DNS

Posted on 2007-11-27
25
Medium Priority
?
609 Views
Last Modified: 2012-05-05
Dear all;
I'm facing a problem with my DNS Server. I have:
1 Server for DC, DNS, DHCP.
1 Server for Exchange

I nslookup DNS Server in local, it's ok. but when i nslookup the name of outsite, it's not work and i can not access internet with DNS local. When i reboot DC, it's work well but after 8 days, it's happens again.
I check event view but don't have any error about DNS.
Default Server:  svctag-8j3tg1s.icic.local
Address:  172.16.1.2

> mail.icic.vn
Server:  svctag-8j3tg1s.icic.local
Address:  172.16.1.2

Name:    mail.icic.vn
Address:  172.16.1.7

> mail.yahoo.com
Server:  svctag-8j3tg1s.icic.local
Address:  172.16.1.2

DNS request timed out.
    timeout was 2 seconds.
*** Request to svctag-8j3tg1s.icic.local timed-out
> exit

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : svctag-8j3tg1s
   Primary Dns Suffix  . . . . . . . : icic.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : icic.local

Ethernet adapter Lan:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-19-AB-B0
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 172.16.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 172.16.1.254
   DNS Servers . . . . . . . . . . . : 172.16.1.2

Can anyone help me?
 
0
Comment
Question by:icic-dcic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 7
  • 3
  • +1
25 Comments
 
LVL 9

Expert Comment

by:tl121000
ID: 20363207
Are your ISPs forwarders listed in the forwarded tab in your DNS seetings on the DNS server...
0
 

Author Comment

by:icic-dcic
ID: 20363217
Yes,My ISPs forwarders listed in the forwarded tab.
0
 

Author Comment

by:icic-dcic
ID: 20363226
And I can ping outsite by IP address, but i can not ping outsite by name
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 7

Expert Comment

by:nttranbao
ID: 20363270
1. DNS can resolve host name using ROOT HINTS without any forwarders. Try to remove all Forwarder in DNS server, then see if you can resolve or not. It should works in most case
2. If you want to use forwarder, try to query it first via commandline:
       c:\>nslookup
       - server ip-address-of-your-forwarder-DNS
       - yahoo.com

If you can NOT resovle via cmd, the forwarder DNS service is down. Try another DNS server ( mine in Vietnam is 210.245.31.130
0
 

Author Comment

by:icic-dcic
ID: 20363316
I remove all forwarder but it still can not resolve
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20363474
can you resovle via command line, witt your forwarder or mine (210.245.31.130 or 210.245.31.10)? If you can not, then your firewall/gateway might block TCP 53 ( for outgoing DNS query)

Note:

-  If you create root zone ( .) in DNS, the DNS dont use root hints or forwarders any more. If so, delete root zone.
- Do not disable DNS recursion.
- Try to perform DNS self test on DNS server ( rProperties your DNS, -> tab Monitoring -> check 2 options -> Test Now. The result should be okay for both.
0
 

Author Comment

by:icic-dcic
ID: 20363650
I can not resolve via command line with my forowarder (210.245.31.130 or 210.245.31.10 or 210.245.24.20). I don't create root zone. DNS recursion is disabled and some of user can not open mail exchange on Microsoft Outlook and can not access internet. Then, I create a new secondary DNS, and I change preferred DNS Server is secondary DNS. Everything work well. I don't know why, Event view don't have any error about Primary DNS.
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20363666
So it looks like the Primary DNS services is not working properly. Try to remove/ reinstall DNS services on that server, then let's see if the problem is gone or not.
If you are using Exchange, DNS is very important. I think something related to DNS should exist in Event Log.
0
 

Author Comment

by:icic-dcic
ID: 20363758
Maybe Primary DNS Server have some problem. Now i have a secondary DNS, how to make a primary DNS again
0
 

Author Comment

by:icic-dcic
ID: 20363790
and now I just get one error on Secondary DNS Server. On Primary DNS don't have any error about DNS

Source: DNS
Category: None
Event ID: 3000
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate. 
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20363833
on Exchange, remove and reinstall DNS services ( in Control Panel -> Add.Remove Program-> Windows Component). FIrst deselect DNS, then go on until finish. Then repeat the step, but check the DNS Services.

After that, to rebuild DNS for Domain, do the followings on Exchange server:
 - Create Primary Active Directory integrated Forward lookup zone and/or Reverse lookup Zone.
- Point Primary DNS server in TCP/IP  settings to itself ( 127.0.0.1 or its own IP)
- Reboot Exchange, or issue this command in command prompt: ipconfig/registerdns
- After a while, you will see the DNS with all the informatins registered ( _msdsc, _sites, _tcp, _udp, DomainDnsZones, ForestDnsZones)

0
 

Author Comment

by:icic-dcic
ID: 20363980
I don't want to install DNS Server on Mail Exchange. I install primary DNS  on DC Server and secondary DNS on another server. My primary DNS Server does not work well, so I use secondary DNS. Now I want to reinstall PRIMARY DNS on DC Server again. I think, can i install primary DNS like secondary DNS. and then  secondary DNS will be replicate database  to DNS I have  just installed?
If I install new primary DNS Server while I'm runing Secondary DNS , Is there any problem with my Active Directory and Exchange?
Can u help me in detail?
 
0
 

Author Comment

by:icic-dcic
ID: 20364004
And now my secondary don't resolve host name outsite and my exchange can not delive email to outsite. But I can resolve host name local
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20364187
Since secondary DNS can not replicate to primary DNS, you should have at least 2 AD integrated DNS zone in your domain. What you need to do now is reinstalll DNS on Domain Controllers, and let DCs automatically registered themselve in DNS. After that, create customed records ( A, CNAME, MX...) if any.

Since your DNS can resolve local, but not external. I suspect your forwarders do not work well, or there are viruses/settings on your network that cause this.

 You should manually test DNS query via command lind ( as instructed above) against outside DNS servers. This MUST work in order for your DNS to work.

Regards,
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20366433
This could be a number of issues:

Is your DNS server in the list of DNS servers on the LAN side of the router?

Also, the DNS forwarder configuration will need the gateway's address. I am not at my domain, so I couldn't navigate you to help configure the router's IP for DNS.

Then the IP stack of the DNS server needs the default gateway manually entered in.

It sounds like you know that a forwarder should be an outside DNS server. Maybe the ISP gave you an IP of a computer that is not a DNS server to do DNS relay.

Furthermore, port blocking from firewalls to the outside world may prevent you from making a DNS resolve to the outside world.  
0
 

Author Comment

by:icic-dcic
ID: 20380383
I'm sure that don't have port blocking from firewalls to outsite or DNS of ISP wrong. Because when it's not resolve host name outsite, I restart DNS Server, It works well again. Specially after 7 days, the problem happans again, I restart DNS Server, it works well again. I can not restart DNS Server every week. Could u help me to fix it?
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20380466
So obviously your DNS server has problem, that's why DNS services stops working every 7 days.

Maybe something wrong with the DNS services, so please check the Event Log for any error/warning/information related to DNS services, especially on the day DNS stops working.

Please also make sure you dont have any virus/malwares/Trojan.....on your network.

If you confirm that there's nothing wrong in Event Logs related to DNS, and just want DNS to be automatically restarted,  you can schedule a weekly task which restart DNS services with these 2 commands:
- net stop dns
- net start dns

I think you should run Self Test against your DNS ( esp. when it can not resolve hostname), and assure that DNS Event Logging is set to "All Events" ( Properties of your DNS)
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 20383504
"Specially after 7 days, the problem happans again"

It is very curious that every seven days this happens. It sounds like some sort of configuration that is set to dynamically delete a DNS entry once a week. The dynamic DNS changes I am thinking about have nothing to do with forwarders. Instead, they have to do with scavaging the DNS host A records.

If your Host A records for that server are scavaged once a week, then you could be running into a problem with the clients not being able to contact the server for it's forwarders. In fact, you will see no DNS relay through the server internally or externally. Once rebooted, it may reregister its own DNS record and you are back on track.

It sounds to me like you are booting up and getting a Dynamic DNS registered for your server through DHCP. Then it is scavaged a week later. What that means is, you have not made an exception for your fixed IP of the server in the scope and address pool for that fixed IP. Making the exception will tell DHCP, "THIS IS NOT YOUR IP ADDRESS TO PLAY WITH".

The way scavaging works is DHCP will provide a TIME stamp for doned out IP addresses. Then, it will remove all records with the time stamp that are within the scope and have outlasted the stale record period. If your server's DNS Host A record is within the scope, it could be deleted.

Does this sound like it could be your problem?
0
 

Author Comment

by:icic-dcic
ID: 20386850
It doesn't enable automatic scavenging of stale record. I also exclude the problem from DHCP.Because when the problem happens, event Server has  DNS server also can not resolve host name outsite. The problem have happened since backup DC server had problem and I removed backup DC, additional DNS (I removed backup DC by ADSIDit). And I  installed new additional DNS 2 days ago. But sometime I receive a DNS warning
Source: DNS
Category: None
Event ID: 3000
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate. 
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Open in new window

0
 
LVL 7

Expert Comment

by:nttranbao
ID: 20386861
Please provide us the preceeded events of this event.
0
 

Author Comment

by:icic-dcic
ID: 20386871
Automatic scavenging of stale record is not enable. The problem from DHCP  is also excluded. Since when the problem happens, even DNS server also can not resolve host name outsite. The issue has occured as backup DC server had problem, thus I removed backup DC and additional DNS (by ADSIDit tool). As a matter of fact, new additional DNS has been installed 2 days ago. But sometime I still receive DNS warning on "new additional DNS"..

thank you very much for your consideration and time,

Best regards,

 
Source: DNS
Category: None
Event ID: 3000
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate. 
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 
Open in New Window 
 
    

Open in new window

0
 

Author Comment

by:icic-dcic
ID: 20386985
I removed all events and install new windows when the backup AD had problem.
0
 
LVL 39

Accepted Solution

by:
ChiefIT earned 2000 total points
ID: 20387411
Go into the command prompt and try

DCdiag /fix:DNS

If that doesn't work try this link to see what steps you may have overlooked:
http://support.microsoft.com/default.aspx?scid=kb;en-us;816518&Product=winxp

0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
Learn about cloud computing and its benefits for small business owners.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question