Solved

Why do I have DNS Server Discrepancies?

Posted on 2011-03-08
4
855 Views
Last Modified: 2012-05-11
So i have compared all of the settings between my older 2003 DNS server and my new 2008 R2 DNS server and when I do an NS Lookup with the 2003 server I get:

> nslookup
Default Server:   2003server.mydomain.com
Address:  192.168.1.4

> google.com
Server:  2003server.mydomain.com
Address:  192.168.1.4

Non-authoritative answer:
Name:    google.com
Addresses:  74.125.224.80
          74.125.224.84
          74.125.224.83
          74.125.224.82
          74.125.224.81

Open in new window


Now when I do this with my newer 2008 R2 server I get the following:
> google.com
Server:  server2008.mydomain.com
Address:  192.168.1.5

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
Name:    google.com
Addresses:  74.125.224.48
          74.125.224.52
          74.125.224.51
          74.125.224.50
          74.125.224.49

Open in new window


I guess my question is why can i get to noaa.gov on one DNS server and not the other? What setting am i missing?
0
Comment
Question by:speeDemon
  • 2
  • 2
4 Comments
 
LVL 1

Author Comment

by:speeDemon
ID: 35072127
here is the results for noaa.gov on the 2003 server:

Non-authoritative answer:
Name:    noaa.gov
Addresses:  140.90.200.21
          140.172.17.21
          129.15.96.21

and the results for noaa.gov on the 2008 server:

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    noaa.gov
Addresses:  140.90.200.21
          140.172.17.21
          129.15.96.21
0
 
LVL 3

Accepted Solution

by:
VespaMaru earned 500 total points
ID: 35072189
It could be EDNS.  Windows 2008 R2 uses EDNS extensions which require TCP port 53 outgoing on the firewall and needs to allow for packet sizes exceeding 512 bytes.  You could turn off EDNS :

dnscmd /config /EnableEDNSProbes 0

Or configure the firewall to allow them.

See :  http://technet.microsoft.com/en-us/library/upgrade-domain-controllers-to-windows-server-2008-r2%28WS.10%29.aspx#BKMK_KnownIssues
0
 
LVL 1

Author Closing Comment

by:speeDemon
ID: 35072321
Aweomse everyhitng works great, i dont have any idea what EDNS is, care to explain??
0
 
LVL 3

Expert Comment

by:VespaMaru
ID: 35072409
Sure, EDNS are extensions to the original DNS standard.  The original standard uses UDP port 53 by default and does not accept packets larger than 512bytes.  Additionally the existing EDNS standard contains additional flags that will allow for DNSSEC implementations.  We use a Cisco ASA firewall, and like other firewalls it is set up to reject DNS packets larger than 512 bytes.  We had to change that to allow larger packets and allow outgoing TCP port 53.  You can most likely get away with not using it for now. We allowed it to be prevent additional "gotcha's" in the future.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now