DNS Problems for WAN Hosts

cdhead
cdhead used Ask the Experts™
on
Hello Everyone,
I'm having a problem with one of my DNS servers running server 2008 R2.  I have 5 DNS servers on my network and all of them seem to be running fine except for one, which also happens to be my secondary DNS server for all the hosts on my network.  On my LAN, DNS works fine on the server in question, but for all WAN hosts(e.g. websites), it does not.  To isolate the server in question i statically assigned the servers IP address to the network adapter on my test machine.  

I setup the DNS service on this server no different than on the other 4 servers, so I'm not sure what could be wrong.  I checked the event log, which didn't identify any obvious problems.  Any help from here would be appreciated.  Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Are the forwarders correct and in the same order as the other DNS servers, of hosts outside the local domain?

Author

Commented:
Cheever000:

Right click server name - properties - forwarders tab
I have no servers listed on any of my domain controller DNS servers.  Yet, they all seem to work fine, although i expected there to be entries here.  Just an FYI, i inherited this network so the primary DNS server is the only one i haven't configured myself but i did configure all the others.  I feel there is something i am missing in the way my DNS servers are setup.  The one thing i don't understand is where the DNS queries are being serviced for external hosts if there are no servers listed under forwarders.
When you say "but for all WAN hosts", does that mean external hosts are contacting your DNS server(s) for resolution or did you mean your internal hosts are trying to resolve external addresses, i.e. www.google.com? 

If this is the case, and you've made sure the forwarders are set up the same way as the others, I would check to see if the server with the issue is being blocked by a firewall for outbound DNS (port 53).
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Author

Commented:
vanbarsoun:

I'm talking about the DNS resolution for my local computers to websites, like google.com.  The windows firewall is disabled on the server in question and my network firewall shouldn't be the issue since all the other servers work fine.
If your forwarders list is empty it will use the root hints servers. See if that server can resolve external names by pinging an external host/website from a command line on that server.

Author

Commented:
vanbarsoun:

I can't ping any WAN hosts from the server in question when that server is the only server defined in the DNS config for the local network adapter.
Actually, yes you should be able to if that server is running DNS. If that server cannot resolve external DNS names then that explains why your internal hosts are not able to resolve when pointing to this server.

Did this server ever resolve properly, or is this a first-time setup? Try restarting the DNS service on that server. If it still fails to resolve, try connecting directly to DNS server via telnet to rule out firewall issues:

telnet 4.2.2.2 53

You should at least get a blank window, anything besides an error/timeout message.

Author

Commented:
vanbarsoun:

If its using the root hits only, and the root hints are the same on all servers, then i guess my new question is, why doesn't the root hints work on the problem server?

I just added a ISP provided DNS server to the forwarder list and the server in question seems to be resolving DNS records for external hosts now.  Telneting also worked without an error.

Should i be concerned about this or just configure all my DNS servers forwarders with the ISP's DNS servers and be done with this?
Perhaps your root hints was corrupt. Did you actually take a look at the root hints to see if they exist, because they can be deleted, modified etc. You can also try copying from another working DNS server's root hints by clicking the "copy from server" button on the Root hints tab on DNS server properties.

At any rate I wouldn't be too concerned and would just use the forwarding option.
Top Expert 2012
Commented:
I would use the forwarding option there are some known issues with Windows 2008 Servers and root hints.

http://technet.microsoft.com/en-us/library/cc782142(WS.10).aspx
The forwarders option, I have experienced this also it is the easiest way, and I don't think there are any downsides to this, and you are having your ISP do the heavy lifting for DNS queries.
In this sceniro please check below task
1. Please check proper Installation of DNS as well check command NSlookup.
2. Check local resolution working fine or not.
3. If locally resolved then check replication between primary and secondary zone is happening properly or not.
4. Check and  added a ISP provided DNS server to the forwarder list and the server in question seems to be resolving DNS records for external hosts now.  Telneting also worked without an error telnet 4.2.2.2 53.
5. Check port no. 53 is blocked by firewall.
6. The forwarding option there are some known issues with Windows 2008 Servers and root hints.
http://technet.microsoft.com/en-us/library/cc782142(WS.10).aspx

Author

Commented:
Was able to work around the issue by using the ISP's DNS servers.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial