Active Directory DNS Not Forwarding

We seem to have an increasing number of sites that are not being forwarded by our DNS server.  I am seeing DNS requests leaving the workstation,  but we don't see traffic getting to the firewall,  which is the next hop.  

NSLOOKUP fails to resolve the sites as well.
japplewhaiteAsked:
Who is Participating?
 
Mike KlineCommented:
Do you see the requests even getting to the  DNS server?   So you have a firewall between your workstation and DNS server?  Is your DNS server a DC?

Is port 53 open?

Thanks

Mike
0
 
japplewhaiteAuthor Commented:
Yes I see the requests getting to the DNS server
0
 
japplewhaiteAuthor Commented:
No there is no firewall between the client and the DNS server and the DC is also the DNS server.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Chris DentPowerShell DeveloperCommented:

What error message / status code is nslookup returning?

You presumably have Forwarders defined on your DNS server?

Chris
0
 
japplewhaiteAuthor Commented:
This s the return form the NSLOOKUP

C:\WINDOWS>nslookup www.ruchworksmedia.com
Server:  srvvmdc1.georgetown.local
Address:  192.168.26.171

*** srvvmdc1.georgetown.local can't find www.ruchworksmedia.com: Non-existent do
main

C:\WINDOWS>















0
 
Chris DentPowerShell DeveloperCommented:

How have you configured Forwarders on the server?

NXDOMAIN isn't an error response so we need to establish how it got to that answer.

Chris
0
 
FemSteenkampCommented:
issues to investigate.

Microsoft DNS has negative caching enabled by default, so if there are intermitant connectivity problems to internet DNS, it will timeout (and DNS will think that name does nto exist) for next 10 min ( i think that is teh default) there will be no internet request for tha same address, windows DNS will find it in its negative cache and return "does not exist" to query without going to internet.

windows DNS has the option to use TCP ( instead of UDP) so just make sure that port 53 TCP to internet is also open

0
 
japplewhaiteAuthor Commented:
Forwarding is enabled and the only DNS servers that are on all of our clients use the primary and secondary Domain controllers with DNS on both of them.  
0
 
Chris DentPowerShell DeveloperCommented:

Forwarding to what?

Can you run:

nslookup www.google.com SomeIPAddress

Where SomeIPAddress should be replaced by each of the Forwarders you have configured in turn.

That tests whether or not you can get answers from the Forwarders, if you cannot that's the problem and you need to either check or remove the Forwarders. Without Forwarders your system will use Root Hints, and that will work provided you have sufficient network access.

Chris
0
 
japplewhaiteAuthor Commented:
What happens when only a few addresses have problems?  I have about four addresses that I know if that are not resolving.
0
 
Chris DentPowerShell DeveloperCommented:

What response do you get when you try nslookup in debug mode?

e.g.

nslookup -d2 somethingthatdoesntwork.com

You should get a message at the bottom, and an RCode. The RCode might be NXDOMAIN, or SERVFAIL.

However, given that you're using Forwarders you may skip that  entirely and simply try different Forwarders. For example, try 4.2.2.4 and 4.2.2.2 as Forwarders (two DNS servers which belong to Verizon).

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.