Active Directory DNS Not Forwarding

We seem to have an increasing number of sites that are not being forwarded by our DNS server.  I am seeing DNS requests leaving the workstation,  but we don't see traffic getting to the firewall,  which is the next hop.  

NSLOOKUP fails to resolve the sites as well.
japplewhaiteAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
Do you see the requests even getting to the  DNS server?   So you have a firewall between your workstation and DNS server?  Is your DNS server a DC?

Is port 53 open?

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
japplewhaiteAuthor Commented:
Yes I see the requests getting to the DNS server
0
japplewhaiteAuthor Commented:
No there is no firewall between the client and the DNS server and the DC is also the DNS server.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Chris DentPowerShell DeveloperCommented:

What error message / status code is nslookup returning?

You presumably have Forwarders defined on your DNS server?

Chris
0
japplewhaiteAuthor Commented:
This s the return form the NSLOOKUP

C:\WINDOWS>nslookup www.ruchworksmedia.com
Server:  srvvmdc1.georgetown.local
Address:  192.168.26.171

*** srvvmdc1.georgetown.local can't find www.ruchworksmedia.com: Non-existent do
main

C:\WINDOWS>















0
Chris DentPowerShell DeveloperCommented:

How have you configured Forwarders on the server?

NXDOMAIN isn't an error response so we need to establish how it got to that answer.

Chris
0
FemSteenkampIT managerCommented:
issues to investigate.

Microsoft DNS has negative caching enabled by default, so if there are intermitant connectivity problems to internet DNS, it will timeout (and DNS will think that name does nto exist) for next 10 min ( i think that is teh default) there will be no internet request for tha same address, windows DNS will find it in its negative cache and return "does not exist" to query without going to internet.

windows DNS has the option to use TCP ( instead of UDP) so just make sure that port 53 TCP to internet is also open

0
japplewhaiteAuthor Commented:
Forwarding is enabled and the only DNS servers that are on all of our clients use the primary and secondary Domain controllers with DNS on both of them.  
0
Chris DentPowerShell DeveloperCommented:

Forwarding to what?

Can you run:

nslookup www.google.com SomeIPAddress

Where SomeIPAddress should be replaced by each of the Forwarders you have configured in turn.

That tests whether or not you can get answers from the Forwarders, if you cannot that's the problem and you need to either check or remove the Forwarders. Without Forwarders your system will use Root Hints, and that will work provided you have sufficient network access.

Chris
0
japplewhaiteAuthor Commented:
What happens when only a few addresses have problems?  I have about four addresses that I know if that are not resolving.
0
Chris DentPowerShell DeveloperCommented:

What response do you get when you try nslookup in debug mode?

e.g.

nslookup -d2 somethingthatdoesntwork.com

You should get a message at the bottom, and an RCode. The RCode might be NXDOMAIN, or SERVFAIL.

However, given that you're using Forwarders you may skip that  entirely and simply try different Forwarders. For example, try 4.2.2.4 and 4.2.2.2 as Forwarders (two DNS servers which belong to Verizon).

Chris
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.