Solved

SBS 2003 DNS request times out

Posted on 2010-08-27
24
914 Views
Last Modified: 2012-06-27
Hello,

I'm managing a small enterprise network that has a an SBS 2003 server.
There are multiple unsolved issues of which the DNS problem is the most impacting one.

Problem is that if ISP or gateway's IPes are not added on the worksations as secondary DNS server (and even on the server itself), Internet browsing is a nightmare (pages need to be refreshed 2/3 times to fullly load, when they load ...). I know there should only be the SBS server as primary DNS server, but this is not sustainable.

There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).

Primary DNS server of the SBS server is himself
Forwarders are also configured.
On PCs, I needed to add the ISP's gateway IP address (192.168.1.1) as second DNS entry to allow normal Internet browsing.
Behaviour is the same on the server itself: as soon as the ISP gateway's IP address is added as second DNS entry (which I didn't do), normal Internet browsing is possible, otherwise not !
Forward and reverse lookup zone are there
I have already rebuilt DNS but it didn't change anything
I dond't find particular DNS error messages in the DNS log
IPCONFIG is OK
What is interesting to know:

nslookup is NOT working fine with one primary DNS server only (tilming out 3 times out of 4)
Once a day in average, I have error 2013 in the system log: "SMTP could not connect to any DNS server. Either none are configured, or all are down. "
I have no _msdc.domain.local forward lookup zone, Could this be the problem?


Regards,

David
0
Comment
Question by:Urbantrax
  • 11
  • 7
  • 2
  • +2
24 Comments
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 33540940
1) Check from DNS (forward) whether any A record is there for your server, also create a ptr record
2) If you are using DHCP - you can configure your ISP's DNS as secondary, so all the users will get the same IP and DNS from DHCP
0
 

Author Comment

by:Urbantrax
ID: 33540972
There is a A record for the server
DHCP is done by the ISP Gateway/Router device and DNS IPs are not pushed
0
 
LVL 20

Expert Comment

by:Radhakrishnan Rajayyan
ID: 33541004
Then you have  to add those IP's from DNS
How you are  configuring your client IP's now - Manually? If manually, ask your ISP to configure the router as DHCP.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33541325
What do you mean "not sustainable"

Forget about adding secondary DNS servers and telling your ISP to switch DHCP on the router.  If you don't fix this DNS problem now it will cause bigger problems in the future.  this is realllly bad practice.

You can reinstall DNS on SBS 2003, and this can be achieved by looking at the following link ;

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22837483.html

Follow it through and let us know your results.

All clients need to look at the DC and the DC needs to look at itself with no secondary DNS records (this causes issues).

Rebuild DNS, set up forwarders to some good DNS servers out in the real world (any good ones you can find), and then set your client machines to only look at this one DC.

This is your solution, not playing about getting the second DNS record working.

Sorry to be blunt.
0
 

Author Comment

by:Urbantrax
ID: 33541344
I think that you misunderstood me:

Workstations are manually configured with the IP of the SBS server (DC/DNS) as primary DNS.
This is how it should be configured.

The ISP router IS the DHCP. It distributes IPs. The only think is that I didn't configure it to push DNS information. This shouldn't change anything as the manually introduced primary DNS IPs would only be replaced by a DHCP-given IP address with the same value
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33541416
Agreed, so you have a problem with DNS on your server.  Your router shouldn't be issuing DHCP addresses, your server should.

standard small company single server configuration :

Router : static IP and NAT - one external IP and one internal IP (lets say 192.168.1.254) - No DHCP functions
Server :
IP : 192.168.1.1
SN : 255.255.255.0
GW: 192.168.1.254
DNS1: 192.168.1.1

DHCP ON, serving clients with a suitable scope, a gateway of 192.168.1.254 and a single DNS setting of 192.168.1.1


the router is only the gateway and deals with anything outside of the LAN
---------

As this is SBS, try the Connect to the Internet Wizard, this rejigs some settings.

If you have set the above configuration and it is not working, then you have a problem.  90% of problems are DNS based, so look towards that first.

0
 

Author Comment

by:Urbantrax
ID: 33541552
Draytec router is the DHCP server because it is able to issue addresses in the two VLANs we have (one for IP telephony and the other for Internet, mails, etc). The SBS DHCP cannot do this.

Tried already the wizard. Beside that it frequently fails in the firewall step, it didn't change anything.

Please note that this configuration used to work for years !
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33547214
In your initial post you mention "forwarders are already configured" ...can you be more explicit? What have you changed?
-Cliff
 
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33547805
Lets completely ignore the Router, DHCP, and workstations for now. If we concentrate on only working on the server, and we fix that then we can build out from there to fix everything else:

> There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).
- this is good, and as it should be

> as soon as the ISP gateway's IP address is added as second DNS entry (which I didn't do), normal Internet browsing is possible, otherwise not
- this indicates that your DNS Serevr is not forwarding DNS requests properly

> forwarders are already configured
Please confirm the only forward DNS server is the " ISP gateway's IP address" (screenshot would be nice)

> nslookup is NOT working
- what address are you trying to lookup?
 - if it is an external address then yes it may not be working if forwarder is not configured properly.
 - if you do "nslookup sbsservername" does that resolve OK

I agree with cliff - this looks like a DNS forwarder issue

Andy



0
 

Author Comment

by:Urbantrax
ID: 33548415
Hello aoakeley, Cliff. Yes, we should forget about the router, DHCP and workstations as these shouldn't be the cause of the problem. I also agree that the issue looks like a DNS forwarder issue.

Primary forwarder is the ISP's gateway IP address.
I have now added OpenDNS servers as second and third forwarder but it didn't change anything

nslookup on the SBS server works fine
only nslookups to the external world don't work

Here the screenshot:



nslookup.jpg
0
 

Author Comment

by:Urbantrax
ID: 33548425
Second set of screenshots
nslookup2.jpg
forwarders.jpg
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33548434
Based on the IP scheme, the first DNS server is actually the local subnet router (which I suppose could be the ISP's gateway, a significant security concern, but the topic for different conversation).
Try removing the 192.168.1.1 and let the other forwarders get used directly. It is possible that the DNS server that the gateway employs is having issues. Not uncommon on low-end consumer devices.
-Cliff
 
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Urbantrax
ID: 33548442
Tried already. Didn't change anything !
First nslookup screenshot is with the OpenDNS servers only and second nslookup screenshot is with the local subnet router (the ISP's gateway) added as primary forwarder.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33548444
You say:
>Primary forwarder is the ISP's gateway IP address

I take it what you meant to say is "Primary forwarder is the router"

I would take out all three DNS servers that you have there and put in the actual DNS Server being provided by the ISP. Give that a try and report back.

0
 

Author Comment

by:Urbantrax
ID: 33548445
Could it be linked to the network card ?
0
 

Author Comment

by:Urbantrax
ID: 33548454
aoakeley. tried already the ISP DNSes as well. It doesn't change anything.

Please note that, as I said in my problem description, when I add the ISP's DNS as secondary DNS on the workstations, Internet browsing is fine. This is the proof that the problem is on the SBS box and not with the ISP's DNSes
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33548473
if you do
#> nslookup   - start nslookup

#> server x.x.x.x    - where x.x.x.x is either the ISP serevr or some other DNS Server

#> www.google.com    - lookup this address

Does this work. smaple image attached
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33548484
with image
Capture.JPG
0
 

Author Comment

by:Urbantrax
ID: 33602655
Yes, it does work.

First try with OpenDNS's DNS
Second try with ISP's DNS


nslookup3.jpg
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33615412
Sorry for the delay, went on a bucks day that took a while to come back from....

Sorry if you feel we have gone around in circles, but i need to be sure that the problem was isolated to the server DNS Service not using the forwarders properly

Please check the following:
Properties of dns server, advanced tab,
 - Disable Recursion = unticked

Try updating your root server list and using only the Root servers (take out all forwarders)
 - make sure you have an up-to-date list of root servers
    - delete servers that are in there, press "copy from server", enter ip 192.228.79.201, press OK

Check there is not "Root zone" (i.e. zone with only a . in the zone name) in forward lookup zones

Clear the Cached lookups (right click "clear cache") and check that it starts re-populating after successful lookups

Andy



0
 

Author Comment

by:Urbantrax
ID: 33649523
Hello aoakeley

No problem. I have been away myself for a couple of days.
Thanlks for your help.

As you'll see, we (you) are close to the solution

Disable recursion was unticked
Forwarders deleted
Root hints updated (already tried before)
No "root zone" found

As soon as forwarders are added again, I get requests that time out (whatever the forwarders: ISP or OpenDNS)

The issue is thus clearly related to a problem with the forwarders that don't handle requests appropriately

It seems thus that these forwarders are not really needed because of the root hints.

Can we investigate further ?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33651703
So just to confirm I am interpreting your response correctly.. If you take all the forwarders out and use only root hints only then DNS works ok?
0
 

Author Comment

by:Urbantrax
ID: 33653114
Yes
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 250 total points
ID: 33656086
I have done a bit of research for you, and cannot come up with any (quantifiable) case where the DNS service has been faulty to the point that forwarders do not work.

- we have proved that DNS ports are open on the firewall through the use of NSLookup
- we have proved that the ISP DNS server you are using works through the use of NSLookup
- we have proved that recursion works through the use of Root Hints

My recommendation at this stage is to leave the forwarders out and use "Root Hints" only. Your server will perform just fine with this configuration. Set all workstations to point to the sever only for DNS.

Please also run the SBS BPA http://www.microsoft.com/downloads/en/details.aspx?familyid=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en and see if that comes up with any errors
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now