Solved

Root dns problem

Posted on 2009-05-05
6
731 Views
Last Modified: 2012-05-06
We're having a strange problem with DNS.  On the user side, it appears as a temporary inability to get anywhere on the web.  Even to an internal website.  IE/Firefox just hang up; a page refresh doesn't work; reloading the app often does, as does waiting 5-10 minutes and trying again.  

On the server side, I'm seeing event 4521 every 3 minutes, with the detail:
"The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition."

This is a Windows 2003 Small Business Server, SP2.  Running our own DNS server internally, with the server pointed at itself (via it's own IP address, as recommended for 2003) and no secondary DNS server listed.  The DNS server is configured with forwarders (we use OpenDNS to limit non-work activities).  

I've already been to eventid.net and tried the various suggestions there.  I'm unable to create a '.' zone, an attempt to do that creates an error about zone creation.  There is no '.' zone already in evidence.  I've tried the sequence in KB articles M298148, M323380 regarding removing the '.' zone, with no results.  I've even gone through the suggestion in KB M294328 on how to reinstall a dynamic DNS Active Directory Zone to rebuild our DNS server entirely, with no change.

I know there was another server in this domain at some point; it had Exchange on it and when I took over I had to (carefully) remove evidence of it from the Active Directory, because the prior sysadmin just ripped it physically out without a graceful demotion and removal.  I'm guessing something similar happened to the dns, since the problem was recreated as soon as I got the DNS service rebuilt.

Oh, and just for kicks, I tried configuring the DNS server without forwarders, just to check; no luck, same errors and sporadic failures on the user side.  I have one user who is pointed at another, external, DNS server; he has none of the sporadic failures.

Any suggestions gratefully received; I'm really tearing my hair out on this one.
0
Comment
Question by:qcsboise
  • 2
  • 2
  • 2
6 Comments
 
LVL 5

Accepted Solution

by:
Member_2_4708244 earned 500 total points
ID: 24312437
Have you tried running dcdiag. Its part of the suppor tools for server 2003, so you will need to download and install that from microsoft (its free).

Then run dcdiag from the command line "dcdiag /fix /v >>c:\dcdiag.txt"

Then review the txt file for any errors and fix them as needed.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24314120
The inability to contact the intranet and/or internet is the client's inability to contact the server. It may be trying to find the old server that no longer exists. My first guess would be, what preferred DNS servers are being passed down to the clients. This is done through DHCP......

DHCP passes down the preferred DNS servers to the clients. So, one of two things could be happening. You may have a rogue DHCP server, (like a router or mass storage device), that is spitting out a bad internal DNS server address to the clients. If a rogue DHCP server is sending out the preferred servers as an outside server, you may not get domain services internally, but you should get external DNS to the internet. The second option is your Server as a DHCP server. Under the DHCP snaping>>scope options>> you may have listed as a preferred DNS server an old server that no longer exists. So, your client is trying to periodically contact that server that no longer exists and can't find it. The client may time out on its DNS query, you may find that the client can't contact any domain server or other client, and you will periodically loose the interent.

Other than that, you could check your DNS root. Under the DNS snapin, do you see any folders greyed out?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 24314148
By the way, if you have a rogue DHCP server, you will want to prevent it from providing DHCP and let your server handle that task. Otherwise, your router or mass storage device that is providing DHCP will also provide DNS. The problem with that is, the rogue device will not hold the DNS SeRVice (SRV) records of the domain controller. So, that knocks down domain services.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:qcsboise
ID: 24333063
Dinga, that was great advice.  The dcdiag highlighted another error of which I'd been unaware, an 1801 error from the Knowledge Consistency Checker.  Armed with the 4521 AND the 1801 errors, along with proposed solutions courtesy of EventID.net, I was able to resolve the issue and stop the events.  Not completely sure it's done yet; we'll test further with the office tomorrow, but things look great right now.
0
 
LVL 5

Expert Comment

by:Member_2_4708244
ID: 24334023
Both those tools are invaluable resources for troubleshooting.

Let me know if its solved the browsing issue.
0
 

Author Comment

by:qcsboise
ID: 24424954
It didn't solve the browsing issue, but that appears related to server activity levels in addition to the dns issues.  It did completely solve the dns errors and for that I Thank You!.

-Matthew
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Learn about cloud computing and its benefits for small business owners.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now