Solved

Root dns problem

Posted on 2009-05-05
6
735 Views
Last Modified: 2012-05-06
We're having a strange problem with DNS.  On the user side, it appears as a temporary inability to get anywhere on the web.  Even to an internal website.  IE/Firefox just hang up; a page refresh doesn't work; reloading the app often does, as does waiting 5-10 minutes and trying again.  

On the server side, I'm seeing event 4521 every 3 minutes, with the detail:
"The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition."

This is a Windows 2003 Small Business Server, SP2.  Running our own DNS server internally, with the server pointed at itself (via it's own IP address, as recommended for 2003) and no secondary DNS server listed.  The DNS server is configured with forwarders (we use OpenDNS to limit non-work activities).  

I've already been to eventid.net and tried the various suggestions there.  I'm unable to create a '.' zone, an attempt to do that creates an error about zone creation.  There is no '.' zone already in evidence.  I've tried the sequence in KB articles M298148, M323380 regarding removing the '.' zone, with no results.  I've even gone through the suggestion in KB M294328 on how to reinstall a dynamic DNS Active Directory Zone to rebuild our DNS server entirely, with no change.

I know there was another server in this domain at some point; it had Exchange on it and when I took over I had to (carefully) remove evidence of it from the Active Directory, because the prior sysadmin just ripped it physically out without a graceful demotion and removal.  I'm guessing something similar happened to the dns, since the problem was recreated as soon as I got the DNS service rebuilt.

Oh, and just for kicks, I tried configuring the DNS server without forwarders, just to check; no luck, same errors and sporadic failures on the user side.  I have one user who is pointed at another, external, DNS server; he has none of the sporadic failures.

Any suggestions gratefully received; I'm really tearing my hair out on this one.
0
Comment
Question by:qcsboise
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
Member_2_4708244 earned 500 total points
ID: 24312437
Have you tried running dcdiag. Its part of the suppor tools for server 2003, so you will need to download and install that from microsoft (its free).

Then run dcdiag from the command line "dcdiag /fix /v >>c:\dcdiag.txt"

Then review the txt file for any errors and fix them as needed.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24314120
The inability to contact the intranet and/or internet is the client's inability to contact the server. It may be trying to find the old server that no longer exists. My first guess would be, what preferred DNS servers are being passed down to the clients. This is done through DHCP......

DHCP passes down the preferred DNS servers to the clients. So, one of two things could be happening. You may have a rogue DHCP server, (like a router or mass storage device), that is spitting out a bad internal DNS server address to the clients. If a rogue DHCP server is sending out the preferred servers as an outside server, you may not get domain services internally, but you should get external DNS to the internet. The second option is your Server as a DHCP server. Under the DHCP snaping>>scope options>> you may have listed as a preferred DNS server an old server that no longer exists. So, your client is trying to periodically contact that server that no longer exists and can't find it. The client may time out on its DNS query, you may find that the client can't contact any domain server or other client, and you will periodically loose the interent.

Other than that, you could check your DNS root. Under the DNS snapin, do you see any folders greyed out?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24314148
By the way, if you have a rogue DHCP server, you will want to prevent it from providing DHCP and let your server handle that task. Otherwise, your router or mass storage device that is providing DHCP will also provide DNS. The problem with that is, the rogue device will not hold the DNS SeRVice (SRV) records of the domain controller. So, that knocks down domain services.
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:qcsboise
ID: 24333063
Dinga, that was great advice.  The dcdiag highlighted another error of which I'd been unaware, an 1801 error from the Knowledge Consistency Checker.  Armed with the 4521 AND the 1801 errors, along with proposed solutions courtesy of EventID.net, I was able to resolve the issue and stop the events.  Not completely sure it's done yet; we'll test further with the office tomorrow, but things look great right now.
0
 
LVL 5

Expert Comment

by:Member_2_4708244
ID: 24334023
Both those tools are invaluable resources for troubleshooting.

Let me know if its solved the browsing issue.
0
 

Author Comment

by:qcsboise
ID: 24424954
It didn't solve the browsing issue, but that appears related to server activity levels in addition to the dns issues.  It did completely solve the dns errors and for that I Thank You!.

-Matthew
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question