Solved

sbs 2011  dns issues

Posted on 2011-09-24
17
922 Views
Last Modified: 2012-05-14
I have a newly migrated SBS 2011 server.  I used the swing migration method and am having intermittent DNS issues.

I have a Dell 2970 Dual Quad with 32gig of memory.  The DNS entry for the server NIC is the SBS server itself.  My firewall is open out going.  

I disabled one NIC so I'm using only one Nic as instructed.  I can use the nslookup and resolve internal & external dns.  The problem I have it when I browse to web sites, they come up sometimes, other times the same site doesn't load.  I may get a time out, not found, partial site displayed with no graphics.  If I click reload many times it usually comes up.

Before I decommissioned my swing tempdc, I was having the same issue, but changed the primary DNS server to the temp DC and the internet was fine.  After the decommission, I am not able to reliably browse from the server or workstations.  When using the DNS on the temp browser for the workstations, I still could not surf from the SBS server.  I did change the IE restrictions for administrators, and I'm logged in as the domain administrator.

I've run dcdiag and it looks good.  I've flushed DNS and registered dns.  I've tried putting in valid forwarders in the dns.  Just when I think it is working fine on 5-8 sites, it then seems to lose the ability to resolve and may display page not found or a partial web page.  It could be on a page that was loaded many times like www.msn,com.  The last time I tested, it only loaded a partial page of MSN, and I immediately ran an nslookup on the server and it resolved.

Help.
0
Comment
Question by:JackAitken
  • 9
  • 4
  • 2
17 Comments
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 36594911
Have you tried this solution, which is known to affect Server 2008 and SBS sitting on it?

http://support.microsoft.com/kb/968372
Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains
0
 

Author Comment

by:JackAitken
ID: 36595395
I have not, and will test it shortly, and will let you know.
0
 

Author Comment

by:JackAitken
ID: 36595656
I just followed the article, and it had no effect.  It brings up a few web sites then times out.  Right after a time out, I ran nslookup, and is timed out, and said timeout was 2 seconds.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36596409
I'm guessing you have larger network issues, and this is just a symptom. Try a different network cable. A different swith or port, update your NIC drivers (Broadcom is really bad about buggy drivers) and disable advanced NIC features such as offloading features.

-Cliff
0
 
LVL 10

Expert Comment

by:CSIPComputing
ID: 36598187
Thinking specifically about the partial web pages, I would be looking at overall connectivity too.

Can you do a "ping www.yahoo.com -t" and see if you are getting lost packets over a 5-10 minute period?
0
 

Author Comment

by:JackAitken
ID: 36598982
When I introduced the new SBS 2011 & a tempDC, the DNS wasn't working on the SBS 2011, so I changed it to the tempDC, I made the tempDC as the primary DNS server, and it worked fine for 2 days.  Once i decommissioned the tempDC, the problem came back.  Don't believe it is connectivity due to that.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36599700
That is because the tempDC was handling DNS. connectivity on the SBS server would not cause DNS failures. Now that DNS is back on SBS, they will. Not sure why you'd think otherwise.

-Cliff
0
 

Author Comment

by:JackAitken
ID: 36599766
I assume you were talking about connectivity to the internet, which the tempDC shows was fine.  If I ping www.yahoo.com, doesn't it require DNS to resolve?  I could try pinging the IP for www.yahoo.com to take the DNS out of the request.  I'll give that a shot.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36599784
No, I'm talking about the NIC connectivity itself. Flaky drivers and poor .NC settings, as well as cables or a failing switch (where one port works and another intermittently drops packets) could all cause the symptoms you describe. Pinging will likely be intermittent as well.
0
 

Author Comment

by:JackAitken
ID: 36599788
I'm pinging now, and so far no time outs.
0
 

Author Comment

by:JackAitken
ID: 36601318
I just finished working with Microsoft.  After testing all the things I did previously, they tried adding my firewall (192.168.1.1) as a forwarder, and that worked!  First time I ever added an internal address as a forwarder.  Internet is as fast as ever, and sites are resolving.
0
 

Author Comment

by:JackAitken
ID: 36707741
Just spent 5 more hours with microsoft.  What a beating.  They can't figure out why the dns is working the way it was designed.  We are still using the internal gateway address as a forwarder.  Does this pose any security risk?
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 36707759
No more so than using any other forwarder. The reliability of its replies and susceptibility to DNS poisoning is dependent in the DNS implementation if the gateway. Could be rock solid. Or could have been coded by chimpanzees. So the question is, do you trust your gateway manufacturer/vendor from a security perspective?
0
 

Author Comment

by:JackAitken
ID: 36707779
I need to figure this out, but didn't want to expose ourselves.  Funny thing is I can browse find with my laptop hard codeing ip & DNS, just not the SBS 2011 server.
0
 

Accepted Solution

by:
JackAitken earned 0 total points
ID: 37361594
Turns out to be the firewall.  The Netgear was set to use itself as a proxy.  Strange thing was the setting was not changed and existed when the SBS 2003 server was in place.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to redirect a website just from the DNS records 12 33
Microsoft DNS on Windows Server 2012 R2 10 61
Changing logon server question 5 63
SBS secondary domain installation 9 33
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question