Windows DNS Issues

Hi.

There is going to be a simple fix to this problem, I know it. I've discovered an issue with DNS on our network. It only affects me, however I'm running via a WAN link from our head office.

Effectively when resolving some domain names I cannot get a resolution. IF I jump on our servers or a computer on the head offlice LAN the resolution is fine. If I set my computer to utilise an ISP DNS server rather than our internal Windows 2008 DNS servers, again it resolves fine.

I only have the issue when resolving utilsing our Windows 2008 DNS servers. And as I said, only across the WAN.

The majority of sites on the Internet work without issue, e.g. Google, Facebook, Apple, Microsoft. However other sites such as Experts-Exchange (I am writing this from our Terminal Server at the moment), TVNZ, Netgear wont resolve. I have used NSLOOKUP and extended the timeout to 15 seconds and the response I still get is a timeout responding to the query.

I've spoke to some people that have suggested a DNS record with a low TTL can cause funny issues but I have been unable to find anything online in this regards

All help is greatly appreciated.

Cheers

P.S. Oh I'm running Windows 7, but have the same issue on my Windows XP virtual machine.
LVL 1
Gooms-79Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnLoCommented:
When you say WAN do you mean VPN?
Can you ping the DNS server?
Is that Terminal server the DNS Server?
Does your DNS server go to the ROOT server or forward to another DNS server?
If it does forward is it slow to respond, i had a ISP whos DNS server were crap.
0
Gooms-79Author Commented:
HI.

Yes we are running an IPSEC VPN between several sites. THe site I am located at is the only site not to have it's own DC & DNS Server.

I can ping the DNS server fine, and resolve most domain names. The DNS is also our DC and File Server. I can browse files and everything else. It is just a few domains that won't resolve. I can be in NSLOOKUP and type www.google.co.nz and get a reponse, however if I type www.netgear.com I get a timeout. Yet If I run the same test from computers on the Head Offlce LAN it is fine.

No, the Terminal Server is not our DNS Server.

The DNS server forwards to our ISP, though I have configured it to use root hints and go to a different ISP. Still have the same issue.
0
hutnorCommented:
Hi

Can other PCs at that office get the same problem or just that PC you are on?
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

JohnLoCommented:
I get that you can get to google.co.nz could be cached on you machine. get me?

can you run an ipconfig /all and post it here?

0
Gooms-79Author Commented:
I have run several ipconfig /flushdns commands to ensure there is no cache.

Also as an example I have just run a nslookup query against these domains

www.space.com
www.facebook.com
www.bebo.com
www.microsoft.com
www.foxnews.com

All resolved successfully, and I can assure you I have not visited foxnews, bebo, facebook, or space for months if not years.

Again however, www.neargear.com, and www.tvnz.co.nz will not resolve.

My laptop is the only computer on this LAN, except as mentioned my Windows XP virtual computer, though given technically it is on the same box I don't see it as a perfect test.

Changing my laptop onto my home wireless link resolves sites fine.


And just to be nice. Here is the ipconfig /all.


H:\>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : PNNB-CNU70903HP
   Primary Dns Suffix  . . . . . . . : computercare.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : computercare.local

Ethernet adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter
   Physical Address. . . . . . . . . : 00-FF-80-63-1B-87
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : computercare.local
   Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Con
nection
   Physical Address. . . . . . . . . : 00-18-DE-CE-88-57
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : computercare.local
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-1A-4B-61-A5-9D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6547:9459:4de6:2a71%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.30.50(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 8 April 2010 12:45:00 p.m.
   Lease Expires . . . . . . . . . . : Friday, 9 April 2010 12:44:59 p.m.
   Default Gateway . . . . . . . . . : 172.16.30.1
   DHCP Server . . . . . . . . . . . : 172.16.30.1
   DHCPv6 IAID . . . . . . . . . . . : 234887076
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-0E-D8-08-00-17-A4-E0-4D-A9

   DNS Servers . . . . . . . . . . . : 172.16.1.221
   Primary WINS Server . . . . . . . : 172.16.1.221
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8DE8DE7D-EB9B-48AC-A100-74E4A1053179}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.computercare.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : computercare.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

H:\>
0
JohnLoCommented:
i dont see your ipconfig for the VPN is it up?  Is your DNS server 172.16.1.221 or is that your local one?
0
Gooms-79Author Commented:
The VPN is an IPSEC site to site VPN using a Juniper SRX Firewall / Router at each end as the termination points. The network has multiple VPN links to multiple sites. All using Juniper and Netscreen links, all terminating at the head office.

172.16.1.x is head office, my local LAN is 172.16.30.x

172.16.1.221 is our DNS server at head office.
0
proadminCommented:
Try reconfiguring the order of DNS servers in your network connection settings. If you have the correct DNS setup this should NOT happen.

Hope this helps.
0
JohnLoCommented:
He only has one DNS server in his ipconfig, this is a weird one. And some resolve just fine. Any DNS events on the DNS server in the logs?
0
hutnorCommented:
Is your wireless contacting the DNS at your main office or the ISP one?

0
Gooms-79Author Commented:
The wireless is a seperate (home) subnet, it does not have access back to head office via the VPN links. So it uses the ISP DNS, though if I set my wired NIC to use the ISP DNS it also works fine (lose my internal company DNS resolution however).

My logic at this point is something to do with DNS TTL, and the additional delay in getting the response over the slower WAN link.

No DNS errors, I would need to turn on debugging on the server to look for more. Guess it is probably the next step.
0
Red-KingIT ManagerCommented:
I recently had a similar where random sites resolved and others did not.
It turned out to be caused and fixed as described in this article;

http://weblogs.asp.net/owscott/archive/2009/09/15/windows-server-2008-r2-dns-issues.aspx

Basically (without reading the article again) server 2008 is sending an EDNS query and when it fails to resolve it does not send a standard DNS query (which is it should if server 2008 implemented EDNS properly as described in the RFC for EDNS http://www.faqs.org/rfcs/rfc2671.html ).

Rory
0
Gooms-79Author Commented:
Have not been able to find solution. The most recent option did not work. I will be installing a server onsite here in the coming week which can act as a local DNS. That will resolve the issue.

Thanks for the help.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.