Got a call from a customer today who reports exceptionally slow Internet and the inability to get to MOST sites. When they connect to the neighbors open wireless they have no problems. The DNS server (10.0.2.10) is assigned by the DHCP server (also 10.0.2.10), and the default gateway is 10.0.2.1 (a Cisco ASA connected to the Internet with a PPPoE DSL connection). The server is Windows 2003 Std R2. Its IP address is 10.0.2.10 /255.255.255.0 with a DGW of 10.0.2.1.
When I connect to the server I can see the DNS server listed as 127.0.0.1. I tried adding the opendns.com as forwarders, and that APPEARED to help intermittently, but there are still definite issues. I removed the forwarders at this time. When I do an nslookup it USUALLY times out, but sometimes returns correct information. Even just putting opendns numbers in for the DNS server doesnt seem to resolve the issue.
I can connect to the server without issues, but cannot do tracert or ping diagnostic tests because the Cisco is programmed to block them, inbound and outbound. i do not yet have access to change this.
This server is a DC that is clearly not set up right (its on the 10.0.2.0 network, but AD Sites shows all 3 DCs in the domain as being in the same site, despite having different networks.) Strangely, there arent tons of errors in the event log like I would expect to see. While clearly wrong, I dont THINK thats the issue, as its been working for quite a while (it stopped working Monday)
The users also report other DNS related weirdness, including some users being able to access some sites but not others, and some users being able to access sites others cant access. There is no filtering solution in place, they are all on the same subnet, and there are no special rules in the firewall that could account for this.
When I run an nslookup on a site like microsoft.com, and set the debug mode on I get the output shown in the code section. SERVERDOMAIN is the customer's domain.
If I use microsoft.com. (with the period at the end) it seems to work perfectly. However, if I do a different domain (such as google.com) it fails, whether I append the . at the end or not.
Now, after using the . at the end it resolves correctly whether I put the . at the end or not.
Setting the timeout to 5 seconds didnt seem to resolve the issue. The network connection is business DSL, and shows plenty of available bandwidth.
opcode = QUERY, id = 9, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
microsoft.com.SERVERDOMAIN.local, type = A, class = IN
ttl = 3600 (1 hour)
primary name server
responsible mail addr
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
*** Request to localhost timed out