SBS 2003 DNS request times out
Hello,
I'm managing a small enterprise network that has a an SBS 2003 server.
There are multiple unsolved issues of which the DNS problem is the most impacting one.
Problem is that if ISP or gateway's IPes are not added on the worksations as secondary DNS server (and even on the server itself), Internet browsing is a nightmare (pages need to be refreshed 2/3 times to fullly load, when they load ...). I know there should only be the SBS server as primary DNS server, but this is not sustainable.
There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).
Regards,
David
I'm managing a small enterprise network that has a an SBS 2003 server.
There are multiple unsolved issues of which the DNS problem is the most impacting one.
Problem is that if ISP or gateway's IPes are not added on the worksations as secondary DNS server (and even on the server itself), Internet browsing is a nightmare (pages need to be refreshed 2/3 times to fullly load, when they load ...). I know there should only be the SBS server as primary DNS server, but this is not sustainable.
There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).
Primary DNS server of the SBS server is himself
Forwarders are also configured.
On PCs, I needed to add the ISP's gateway IP address (192.168.1.1) as second DNS entry to allow normal Internet browsing.
Behaviour is the same on the server itself: as soon as the ISP gateway's IP address is added as second DNS entry (which I didn't do), normal Internet browsing is possible, otherwise not !
Forward and reverse lookup zone are there
I have already rebuilt DNS but it didn't change anything
I dond't find particular DNS error messages in the DNS log
IPCONFIG is OK
What is interesting to know:
nslookup is NOT working fine with one primary DNS server only (tilming out 3 times out of 4)
Once a day in average, I have error 2013 in the system log: "SMTP could not connect to any DNS server. Either none are configured, or all are down. "
I have no _msdc.domain.local forward lookup zone, Could this be the problem?
Regards,
David
ASKER
There is a A record for the server
DHCP is done by the ISP Gateway/Router device and DNS IPs are not pushed
DHCP is done by the ISP Gateway/Router device and DNS IPs are not pushed
Then you have to add those IP's from DNS
How you are configuring your client IP's now - Manually? If manually, ask your ISP to configure the router as DHCP.
How you are configuring your client IP's now - Manually? If manually, ask your ISP to configure the router as DHCP.
What do you mean "not sustainable"
Forget about adding secondary DNS servers and telling your ISP to switch DHCP on the router. If you don't fix this DNS problem now it will cause bigger problems in the future. this is realllly bad practice.
You can reinstall DNS on SBS 2003, and this can be achieved by looking at the following link ;
https://www.experts-exchange.com/questions/22837483/Repair-rebuild-DNS-on-SBS-2003-pre-sp1.html
Follow it through and let us know your results.
All clients need to look at the DC and the DC needs to look at itself with no secondary DNS records (this causes issues).
Rebuild DNS, set up forwarders to some good DNS servers out in the real world (any good ones you can find), and then set your client machines to only look at this one DC.
This is your solution, not playing about getting the second DNS record working.
Sorry to be blunt.
Forget about adding secondary DNS servers and telling your ISP to switch DHCP on the router. If you don't fix this DNS problem now it will cause bigger problems in the future. this is realllly bad practice.
You can reinstall DNS on SBS 2003, and this can be achieved by looking at the following link ;
https://www.experts-exchange.com/questions/22837483/Repair-rebuild-DNS-on-SBS-2003-pre-sp1.html
Follow it through and let us know your results.
All clients need to look at the DC and the DC needs to look at itself with no secondary DNS records (this causes issues).
Rebuild DNS, set up forwarders to some good DNS servers out in the real world (any good ones you can find), and then set your client machines to only look at this one DC.
This is your solution, not playing about getting the second DNS record working.
Sorry to be blunt.
ASKER
I think that you misunderstood me:
Workstations are manually configured with the IP of the SBS server (DC/DNS) as primary DNS.
This is how it should be configured.
The ISP router IS the DHCP. It distributes IPs. The only think is that I didn't configure it to push DNS information. This shouldn't change anything as the manually introduced primary DNS IPs would only be replaced by a DHCP-given IP address with the same value
Workstations are manually configured with the IP of the SBS server (DC/DNS) as primary DNS.
This is how it should be configured.
The ISP router IS the DHCP. It distributes IPs. The only think is that I didn't configure it to push DNS information. This shouldn't change anything as the manually introduced primary DNS IPs would only be replaced by a DHCP-given IP address with the same value
Agreed, so you have a problem with DNS on your server. Your router shouldn't be issuing DHCP addresses, your server should.
standard small company single server configuration :
Router : static IP and NAT - one external IP and one internal IP (lets say 192.168.1.254) - No DHCP functions
Server :
IP : 192.168.1.1
SN : 255.255.255.0
GW: 192.168.1.254
DNS1: 192.168.1.1
DHCP ON, serving clients with a suitable scope, a gateway of 192.168.1.254 and a single DNS setting of 192.168.1.1
the router is only the gateway and deals with anything outside of the LAN
---------
As this is SBS, try the Connect to the Internet Wizard, this rejigs some settings.
If you have set the above configuration and it is not working, then you have a problem. 90% of problems are DNS based, so look towards that first.
standard small company single server configuration :
Router : static IP and NAT - one external IP and one internal IP (lets say 192.168.1.254) - No DHCP functions
Server :
IP : 192.168.1.1
SN : 255.255.255.0
GW: 192.168.1.254
DNS1: 192.168.1.1
DHCP ON, serving clients with a suitable scope, a gateway of 192.168.1.254 and a single DNS setting of 192.168.1.1
the router is only the gateway and deals with anything outside of the LAN
---------
As this is SBS, try the Connect to the Internet Wizard, this rejigs some settings.
If you have set the above configuration and it is not working, then you have a problem. 90% of problems are DNS based, so look towards that first.
ASKER
Draytec router is the DHCP server because it is able to issue addresses in the two VLANs we have (one for IP telephony and the other for Internet, mails, etc). The SBS DHCP cannot do this.
Tried already the wizard. Beside that it frequently fails in the firewall step, it didn't change anything.
Please note that this configuration used to work for years !
Tried already the wizard. Beside that it frequently fails in the firewall step, it didn't change anything.
Please note that this configuration used to work for years !
In your initial post you mention "forwarders are already configured" ...can you be more explicit? What have you changed?
-Cliff
-Cliff
Lets completely ignore the Router, DHCP, and workstations for now. If we concentrate on only working on the server, and we fix that then we can build out from there to fix everything else:
> There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).
- this is good, and as it should be
> as soon as the ISP gateway's IP address is added as second DNS entry (which I didn't do), normal Internet browsing is possible, otherwise not
- this indicates that your DNS Serevr is not forwarding DNS requests properly
> forwarders are already configured
Please confirm the only forward DNS server is the " ISP gateway's IP address" (screenshot would be nice)
> nslookup is NOT working
- what address are you trying to lookup?
- if it is an external address then yes it may not be working if forwarder is not configured properly.
- if you do "nslookup sbsservername" does that resolve OK
I agree with cliff - this looks like a DNS forwarder issue
Andy
> There is only one SBS 2003 server acting as DC, DNS and Echange server. Server is configured with its own IP address as DNS and nothing else (192.168.1.200).
- this is good, and as it should be
> as soon as the ISP gateway's IP address is added as second DNS entry (which I didn't do), normal Internet browsing is possible, otherwise not
- this indicates that your DNS Serevr is not forwarding DNS requests properly
> forwarders are already configured
Please confirm the only forward DNS server is the " ISP gateway's IP address" (screenshot would be nice)
> nslookup is NOT working
- what address are you trying to lookup?
- if it is an external address then yes it may not be working if forwarder is not configured properly.
- if you do "nslookup sbsservername" does that resolve OK
I agree with cliff - this looks like a DNS forwarder issue
Andy
ASKER
Hello aoakeley, Cliff. Yes, we should forget about the router, DHCP and workstations as these shouldn't be the cause of the problem. I also agree that the issue looks like a DNS forwarder issue.
Primary forwarder is the ISP's gateway IP address.
I have now added OpenDNS servers as second and third forwarder but it didn't change anything
nslookup on the SBS server works fine
only nslookups to the external world don't work
Here the screenshot:
nslookup.jpg
Primary forwarder is the ISP's gateway IP address.
I have now added OpenDNS servers as second and third forwarder but it didn't change anything
nslookup on the SBS server works fine
only nslookups to the external world don't work
Here the screenshot:
nslookup.jpg
ASKER
Based on the IP scheme, the first DNS server is actually the local subnet router (which I suppose could be the ISP's gateway, a significant security concern, but the topic for different conversation).
Try removing the 192.168.1.1 and let the other forwarders get used directly. It is possible that the DNS server that the gateway employs is having issues. Not uncommon on low-end consumer devices.
-Cliff
Try removing the 192.168.1.1 and let the other forwarders get used directly. It is possible that the DNS server that the gateway employs is having issues. Not uncommon on low-end consumer devices.
-Cliff
ASKER
Tried already. Didn't change anything !
First nslookup screenshot is with the OpenDNS servers only and second nslookup screenshot is with the local subnet router (the ISP's gateway) added as primary forwarder.
First nslookup screenshot is with the OpenDNS servers only and second nslookup screenshot is with the local subnet router (the ISP's gateway) added as primary forwarder.
You say:
>Primary forwarder is the ISP's gateway IP address
I take it what you meant to say is "Primary forwarder is the router"
I would take out all three DNS servers that you have there and put in the actual DNS Server being provided by the ISP. Give that a try and report back.
>Primary forwarder is the ISP's gateway IP address
I take it what you meant to say is "Primary forwarder is the router"
I would take out all three DNS servers that you have there and put in the actual DNS Server being provided by the ISP. Give that a try and report back.
ASKER
Could it be linked to the network card ?
ASKER
aoakeley. tried already the ISP DNSes as well. It doesn't change anything.
Please note that, as I said in my problem description, when I add the ISP's DNS as secondary DNS on the workstations, Internet browsing is fine. This is the proof that the problem is on the SBS box and not with the ISP's DNSes
Please note that, as I said in my problem description, when I add the ISP's DNS as secondary DNS on the workstations, Internet browsing is fine. This is the proof that the problem is on the SBS box and not with the ISP's DNSes
if you do
#> nslookup - start nslookup
#> server x.x.x.x - where x.x.x.x is either the ISP serevr or some other DNS Server
#> www.google.com - lookup this address
Does this work. smaple image attached
#> nslookup - start nslookup
#> server x.x.x.x - where x.x.x.x is either the ISP serevr or some other DNS Server
#> www.google.com - lookup this address
Does this work. smaple image attached
with image
Capture.JPG
Capture.JPG
ASKER
Sorry for the delay, went on a bucks day that took a while to come back from....
Sorry if you feel we have gone around in circles, but i need to be sure that the problem was isolated to the server DNS Service not using the forwarders properly
Please check the following:
Properties of dns server, advanced tab,
- Disable Recursion = unticked
Try updating your root server list and using only the Root servers (take out all forwarders)
- make sure you have an up-to-date list of root servers
- delete servers that are in there, press "copy from server", enter ip 192.228.79.201, press OK
Check there is not "Root zone" (i.e. zone with only a . in the zone name) in forward lookup zones
Clear the Cached lookups (right click "clear cache") and check that it starts re-populating after successful lookups
Andy
Sorry if you feel we have gone around in circles, but i need to be sure that the problem was isolated to the server DNS Service not using the forwarders properly
Please check the following:
Properties of dns server, advanced tab,
- Disable Recursion = unticked
Try updating your root server list and using only the Root servers (take out all forwarders)
- make sure you have an up-to-date list of root servers
- delete servers that are in there, press "copy from server", enter ip 192.228.79.201, press OK
Check there is not "Root zone" (i.e. zone with only a . in the zone name) in forward lookup zones
Clear the Cached lookups (right click "clear cache") and check that it starts re-populating after successful lookups
Andy
ASKER
Hello aoakeley
No problem. I have been away myself for a couple of days.
Thanlks for your help.
As you'll see, we (you) are close to the solution
Disable recursion was unticked
Forwarders deleted
Root hints updated (already tried before)
No "root zone" found
As soon as forwarders are added again, I get requests that time out (whatever the forwarders: ISP or OpenDNS)
The issue is thus clearly related to a problem with the forwarders that don't handle requests appropriately
It seems thus that these forwarders are not really needed because of the root hints.
Can we investigate further ?
No problem. I have been away myself for a couple of days.
Thanlks for your help.
As you'll see, we (you) are close to the solution
Disable recursion was unticked
Forwarders deleted
Root hints updated (already tried before)
No "root zone" found
As soon as forwarders are added again, I get requests that time out (whatever the forwarders: ISP or OpenDNS)
The issue is thus clearly related to a problem with the forwarders that don't handle requests appropriately
It seems thus that these forwarders are not really needed because of the root hints.
Can we investigate further ?
So just to confirm I am interpreting your response correctly.. If you take all the forwarders out and use only root hints only then DNS works ok?
ASKER
Yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2) If you are using DHCP - you can configure your ISP's DNS as secondary, so all the users will get the same IP and DNS from DHCP