• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Same ISP New IP addresses and DNS, now workstations have DNS issues.

I recently added a block of IP's from the same ISP (Comcast). We had a single IP before through them, when we added they gave me new DNS addresses which I am using at another location without issue. The problem that I have is that within the network, users that are hardcoded, using the firewall which works as a DNS proxy and the server running DNS cannot get to websites, ping IP's all day and can get to one or two sites. If I change them over to DHCP, let them auto obtain, it works fine and then I can hardcode right back to the original settings and they can get on fine after that. I've tried ipconfig /flushdns and repair the connections with no luck. Any ideas??
0
aspenlife
Asked:
aspenlife
  • 7
  • 5
  • 5
2 Solutions
 
Neil RussellTechnical Development LeadCommented:
Workstations should ONLY have the SBS server as the DNS server and NOT the ISP
0
 
aspenlifeAuthor Commented:
What about the firewall which acts as a DNS Proxy? I've tried every config on the hardcoded machines and changing them to DHCP, letting the get their IP, IPConfig shows both the SBSvr and the firewall in DNS, then hardcode back exactly as it was before doing anything makes them work. Like something is being flushed by doing that that reboots, etc. don't do.
0
 
Neil RussellTechnical Development LeadCommented:
For your SBS to work correctly your SBS box should have DNS setup and running on it. It should forward to your ISP from DNS. The SBS box itself should have ONLY the SBS box itself set as its DNS servers in network config.
Your workstations should ONLY have the DNS of the SBS box set as a DNS server, no others.

Can you give a copy paste of the ipconfig /all output of a workstation that has the FIXED settings and then the same workstation when you config it for DHCP please?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
aspenlifeAuthor Commented:
If I get on a PC that isn't working and run ipconfig /all and write everything down, I then change from static to DHCP it connects and ipconfig /all is exactly the same except for the IP, then hardcode IP back to the original settings and it works. The only thing that has changed in the configuration is the DNS on the firewall going out. I don't think any of the other things come into play as they haven't changed at all. I did add the new DNS addresses to the SBSvr settings.
0
 
aspenlifeAuthor Commented:
Sorry, not onsite to give you actual screenshots and have moved back to load balancing with a secondary connection. There are 50 users onsite and it's never a good time to break it in order to get it working properly.
0
 
Rob WilliamsCommented:
With SBS 2003 if you make any WAN changes; router (even with the same options), ISP, DNS, etc. you must re-run the Connect to the Internet wizard. This will update many functions such as DNS, forwarders, DHCP scope options and more.
0
 
aspenlifeAuthor Commented:
Thanks RobWill but when I run the wizard it says that my broadband connection should already be configured and ready to use. Do I need to kill the connection completely and start from scratch with the wizard? This sounds like a typical Microsoft deal!
0
 
Rob WilliamsCommented:
Are you actually getting that message? Seems unfamiliar to me.
Regardless, often there are no changes to make but an oddity with SBS is you need to complete the wizard. Likely the only change you would be making is the ISP's DNS which will be add as a forwarder.
0
 
aspenlifeAuthor Commented:
Resetting each system that is affected. Nothing resolved the issue. Thanks for helping.
0
 
Neil RussellTechnical Development LeadCommented:
How are you resetting? What are you doing to the PC's?

You were asked for IPCONFIG details but said you couldnt suply them as your off site.  If you cant give us the info we ask for we cant be expected to help you fully. Now your giving up on trying when you have the data available that I am asking for?

0
 
Rob WilliamsCommented:
Yes ipconfig would be useful, from both a problematic PC and the server.

Just to confirm; Can the server access web sites OK? And, you say clients can ping an external site but not browse. That would be a DNS issue but you say you are using the router for DNS as a proxy? Perhaps you could elaborate. In a Windows domain all servers and PC's must point ONLY to your internal DNS servers for DNS or you will have all sorts of issues. The server can use externals DNS sources as forwarders, which are set up by the CEICW.
0
 
aspenlifeAuthor Commented:
Both of you guys got it. I was able to use the firewall before as a DNS along with the SBSvr IP but not any longer. For some reason it worked before but now I can only have the IP of the server internally. Works fine as long as that's the only IP. Thanks for all the help!
0
 
Rob WilliamsCommented:
Thanks aspenlife.
The issue is DNS doesn't work as you would expect. One would think with the server as the primary and your router as the alternate, if the server is offline it will default to the alternate. However DNS makes requests from both and works with the first one to respond. As a result if the SBS is not first, and it often isn't, the PC will attempt to reolve local names through the ISP, and of course cannot. Eventualy it times out, and should then try the server, but may not.
0
 
aspenlifeAuthor Commented:
Makes sense now! Thank you RobWill!
0
 
Neil RussellTechnical Development LeadCommented:
Sorry RobWill but you are VERY wrong on that! It is a common misunderstanding in how Windows and DNS works.

I'll quote you on Windows XP...

There's a good series of flowcharts on the low-level behaviour of the Windows XP DNS client here: http://technet.microsoft.com/en-us/library/bb457118.aspx
I'm not finding the same level of documentation for the Windows Vista and newer resolvers, though I'd expect that it's in the resource kit (since those get rev'd for each new release of Windows).

(I am simplifying this a little bit... you really should read the article if you want to know how it actually works because the logic is a bit complicated.)

The XP DNS client attempts each name resolution request through the primary DNS server specified on the primary network adapter first. If that times out (in one second) it attempts the same query on each adapter in the machine using the primary DNS server specified on each adapter, all at once, waiting 2 seconds for each response. If there's no response there then it sends out a request to all DNS servers specified on all adapters and waits 4 seconds. It does this again, waiting 8 seconds, and then returns timeout if it still hasn't received a response (and will continue to return timeout for the next 30 seconds w/o issuing any new queries).


So as you can see, DNS ONLY uses the PRIMARY DNA adapter IF that responds. The ONLY time that the secondary is used is if the Primary DNS on ALL NIC's in the machine fail to respond, i.e. timeout.

Once a DNS response is gained form the Primary DNS, regardless of what that response is, the secondary is NEVER quieried.

(Extracts from http://serverfault.com/questions/52923/when-does-a-windows-client-stop-using-a-secondary-dns-server-and-revert-back-to-p)
0
 
Rob WilliamsCommented:
I would be very nice if it actually worked that way, I know that is the concept, but I am afraid in reality it doesn't. There are literally thousands of questions answered here outlining that an external secondary must be removed in a windows domain because the response is frequently received from it first. If you search for "10 things that will break DNS in your network" it is the # 1 item.
0
 
Neil RussellTechnical Development LeadCommented:
It does work that way! It breaks DNS because if the response is not recieved from the primary before the 1s timeout then the secondary is used. DNS can not reply for a 101 reasons, not just because it is down. That is the cause of most DNS  issues.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now