Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS issus

Posted on 2011-03-24
10
Medium Priority
?
803 Views
Last Modified: 2012-05-11
We are experiencing some strange DNS issues with our network. We have 2008 Sever with Exchange 2010 running as a DC, GC, DNS and a Server 2003 running as a DC, GC, DNS. We occasionally get ‘Delivery is delayed to these recipients or groups:’ messages on emails and now we are getting ‘Delivery has failed to these recipients or groups’

To add to this some of the domain PC’s are unable to browse network shares \\winserver8 as they seem to be unable to resolve DNS but also if you enter the IP address of the share \\10.0.254.8 this still does not work. Are these problems related?


How can I resolve this problem?
0
Comment
Question by:Fubschuk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35208202
yeah I'd say that unable to browse & unable to deliver email are realated. Sounds like you are dropping off the network.
0
 
LVL 11

Expert Comment

by:Patmac951
ID: 35208213
From the command prompt on the servers can you possibly run this command: c:>DCDIAG /TEST:DNS

Then post the results?

If you are unable to access network devices via IP address this is not a DNS issue.  DNS is used to resolve computer names back to IP addresses, if you are unable to access the devices via IP address you are having another network issue that is not DNS related.
0
 
LVL 11

Expert Comment

by:Patmac951
ID: 35208255
Secondly for the computers that are not able to communicate via IP addresses can you successfully ping the Domain controllers from these workstations?  For testing purposes have you tried to remove the computer from the domain to a workgroup, reboot the computer then try join the domain again?
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 18

Expert Comment

by:Netflo
ID: 35208564
Fubschuk,

1. Can you please ensure that the local DNS servers configured on both servers are not set to external DNS or ISP DNS server, these need to be configured via forwarders in DNS.

2. If you review the DNS logs in Event Viewer does it point out any issues?

3. You can also enable the "use the external dns lookup settings on the transport" setting on your Exchange 2010 Send Connector which routes emails to the internet.
Please see the following article to enable this http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.connectivity/2009-02/msg00011.html

Hope this helps, let us know how you get on.
0
 

Author Comment

by:Fubschuk
ID: 35213434
Results from DCDIAG /TEST:DNS attached.

 DNS8-1.txt
 DNS13-1.txt
The DNS tests passed

I can ping the IP address of the machines on the network. I have removed one of the machines from the domain, then tried to re-connect but get the message the domain controller could not be found.
I'm guessing that because I can't browse any share from this machine

The DNS event logs on both machines have no errors.
Winserver8 does have a lot of information events with...
The DNS server encountered a bad packet from nn.nn.nn.nn.  Packet processing leads beyond packet length. The event data contains the DNS packet
0
 
LVL 18

Accepted Solution

by:
Netflo earned 1500 total points
ID: 35215739
From your attached logs, it looks like your server is querying the root server, have you got DNS forwarders configured?

Go to DNS -> Right click on your server -> Properties -> Forwarders tab -> If the following list is empty, press Edit and type in either your ISPs DNS servers or Google DNS servers [8.8.8.8 and 8.8.4.4], the latter may be a preferred option if you have multiple ISP providers or just want a more resilient DNS network.

Also have you got a reverse DNS zone created in your DNS for  your local network, bearing in mind that it is not created by default.

Go to DNS -> Expand your server -> Right click on Reverse Lookup Zones -> New Zone -> Next -> Primary Zone -> Next -> To all DNS servers running on domain controllers in this domain -> Next -> IPv4 reverse lookup zone -> Next -> Network ID (e.g. 192.168.1) -> Next -> Allow only secure dynamic updates -> Finish

Let us know how you get on.
0
 

Author Comment

by:Fubschuk
ID: 35216006
I have made the changes as neither DNS had forwarders configured so added Googles DNS, and the reverselookup for my network.

I will see how this works over the weekend.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 35216322
One final point, can you please ensure the following is done, as listed previously:

3. You can also enable the "use the external dns lookup settings on the transport" setting on your Exchange 2010 Send Connector which routes emails to the internet.
Please see the following article to enable this http://www.tech-archive.net/Archive/Exchange/microsoft.public.exchange.connectivity/2009-02/msg00011.html
0
 

Author Closing Comment

by:Fubschuk
ID: 35239409
The problem with the PC’s not being able to connect or see files shares was a red herring. I fixed that myself there was a driver problem caused by a windows update on some of the machines.

The Email retries and fails were the problem solved here.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 35239538
Glad to hear everything is okay.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question