Avatar of somewhereinafrica
somewhereinafricaFlag for Haiti

asked on 

My DNS is failing on one single address, all else works

For some reason the pop mail server address is not resolving today.
It has been working perfectly for over a year, and today it stopped.

I can ping any other address in the world, but of i ping the pop3 server it gets nothing.

I run a domain with a server (server 2008 std) the server acts DNS, and I have a firewall handling the gateway.
If i circumvent firewall and server and plug straight in to the internet connection, it works fine, so it's clearly something on either the server or the firewall.

of course neither has had any changes made to them at all, so this is straight out of the blue.

If i change the pop3 server name in outlook to the IP it connects fine.

So how do i check if the DNS is screwing this up, or the firewall?
What could have happened?
Windows Server 2008DNS

Avatar of undefined
Last Comment
Darius Ghassem
Avatar of Nummmnut
Flag of United States of America image

Normally Firewalls have logs you can look for DNS blockage...

What king of firewall is it... I know Sonicwall have a habit of updating the IPS which can start blocking things unexpectedly.

Also is your pop3 DNS forwarded to a .com DNS like Godaddy or your ISP?

It is rare for someone to house their .com pop3 DNS locally but forward it out.  This would make sense why plugging into the internet directly might fix it as it auto populates with normally a main DNS and a backup DNS.
Avatar of Darius Ghassem
Check your DNS Forwarders make sure you have updated ISP DNS servers listed

Avatar of somewhereinafrica


I have concluded that the firewall is not the issue.
If i log on to the firewall  (NETGEAR ProSafe VPN Firewall FVS336GV2) and ping the domain it resolves the address fine, so it has to be my DNS.

I do not use forwarders, I use root hints.

I plugged in straight to the internet box to see if it was on my side or my ISP's side. My ISP can ping it fione, my internet box (all by itself) can ping it fine, my firewall can ping it fine.

I guess I need a way of asking my DNS what it thinks. If i do a nslookup from my DNS it fails to resolve the a URL, but all other URL's resolve fine.
Avatar of somewhereinafrica


Dariusq: I don't use forwarders, i use root hints
Avatar of Darius Ghassem
Darius Ghassem
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Try DNS Forwarders
Avatar of somewhereinafrica


Is there no way I can tell the DNS that this IP equals a certain IP address? (I tried creating an 'A-Record', but that did not help.

Why would changing from roothints to forwarder make things better if everything but one single domain works?

It kind of feels like something has gone wrong with this one domain in the DNS, and I should go in and delete it out and tell the DNS to try to 'find it again'
You can go clear the cache in the DNS server.

Just because it is one domain you are having trouble does not mean that is the only domain. Please put DNS Forwarders in and test
Avatar of somewhereinafrica


Ok, so I did plug in my ISP as a forwader, and that made the problem go away. But I still don;t understand why it stopped in the first place.

It has been the same IP for years, and it has always worked.
What happened that killed it today, and why only this one address?
Again root hints on Windows 2008 servers have not worked. There have been issues with them since day one.

Anyways DNS Forwarders should be used because of performance gains and security gains


Without having a specific DNS server designated as a forwarder, all DNS servers can send queries outside of a network using their root hints. As a result, a lot of internal, and possibly critical, DNS information can be exposed on the Internet. In addition to this security and privacy issue, this method of resolution can result in a large volume of external traffic that is costly and inefficient for a network with a slow Internet connection or a company with high Internet service costs.

When you designate a DNS server as a forwarder, you make that forwarder responsible for handling external traffic, thereby limiting DNS server exposure to the Internet. A forwarder will build up a large cache of external DNS information because all of the external DNS queries in the network are resolved through it. In a small amount of time, a forwarder will resolve a good portion of external DNS queries using this cached data and thereby decrease the Internet traffic over the network and the response time for DNS clients.
Avatar of somewhereinafrica


Dariusq, you have never failed me yet, so I'll leav ethe forwarders on.

But I went to root hints after some issues last year, and then the suggestion was to do the opposite.

I'll dig in to the article you sent and get the low-down, thanks bro.
No problem just let me know if you need anything else
Windows Server 2008
Windows Server 2008

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo