sbs 2011 dns issues
I have a newly migrated SBS 2011 server. I used the swing migration method and am having intermittent DNS issues.
I have a Dell 2970 Dual Quad with 32gig of memory. The DNS entry for the server NIC is the SBS server itself. My firewall is open out going.
I disabled one NIC so I'm using only one Nic as instructed. I can use the nslookup and resolve internal & external dns. The problem I have it when I browse to web sites, they come up sometimes, other times the same site doesn't load. I may get a time out, not found, partial site displayed with no graphics. If I click reload many times it usually comes up.
Before I decommissioned my swing tempdc, I was having the same issue, but changed the primary DNS server to the temp DC and the internet was fine. After the decommission, I am not able to reliably browse from the server or workstations. When using the DNS on the temp browser for the workstations, I still could not surf from the SBS server. I did change the IE restrictions for administrators, and I'm logged in as the domain administrator.
I've run dcdiag and it looks good. I've flushed DNS and registered dns. I've tried putting in valid forwarders in the dns. Just when I think it is working fine on 5-8 sites, it then seems to lose the ability to resolve and may display page not found or a partial web page. It could be on a page that was loaded many times like www.msn,com. The last time I tested, it only loaded a partial page of MSN, and I immediately ran an nslookup on the server and it resolved.
Help.
I have a Dell 2970 Dual Quad with 32gig of memory. The DNS entry for the server NIC is the SBS server itself. My firewall is open out going.
I disabled one NIC so I'm using only one Nic as instructed. I can use the nslookup and resolve internal & external dns. The problem I have it when I browse to web sites, they come up sometimes, other times the same site doesn't load. I may get a time out, not found, partial site displayed with no graphics. If I click reload many times it usually comes up.
Before I decommissioned my swing tempdc, I was having the same issue, but changed the primary DNS server to the temp DC and the internet was fine. After the decommission, I am not able to reliably browse from the server or workstations. When using the DNS on the temp browser for the workstations, I still could not surf from the SBS server. I did change the IE restrictions for administrators, and I'm logged in as the domain administrator.
I've run dcdiag and it looks good. I've flushed DNS and registered dns. I've tried putting in valid forwarders in the dns. Just when I think it is working fine on 5-8 sites, it then seems to lose the ability to resolve and may display page not found or a partial web page. It could be on a page that was loaded many times like www.msn,com. The last time I tested, it only loaded a partial page of MSN, and I immediately ran an nslookup on the server and it resolved.
Help.
ASKER
I have not, and will test it shortly, and will let you know.
ASKER
I just followed the article, and it had no effect. It brings up a few web sites then times out. Right after a time out, I ran nslookup, and is timed out, and said timeout was 2 seconds.
I'm guessing you have larger network issues, and this is just a symptom. Try a different network cable. A different swith or port, update your NIC drivers (Broadcom is really bad about buggy drivers) and disable advanced NIC features such as offloading features.
-Cliff
-Cliff
Thinking specifically about the partial web pages, I would be looking at overall connectivity too.
Can you do a "ping www.yahoo.com -t" and see if you are getting lost packets over a 5-10 minute period?
Can you do a "ping www.yahoo.com -t" and see if you are getting lost packets over a 5-10 minute period?
ASKER
When I introduced the new SBS 2011 & a tempDC, the DNS wasn't working on the SBS 2011, so I changed it to the tempDC, I made the tempDC as the primary DNS server, and it worked fine for 2 days. Once i decommissioned the tempDC, the problem came back. Don't believe it is connectivity due to that.
That is because the tempDC was handling DNS. connectivity on the SBS server would not cause DNS failures. Now that DNS is back on SBS, they will. Not sure why you'd think otherwise.
-Cliff
-Cliff
ASKER
I assume you were talking about connectivity to the internet, which the tempDC shows was fine. If I ping www.yahoo.com, doesn't it require DNS to resolve? I could try pinging the IP for www.yahoo.com to take the DNS out of the request. I'll give that a shot.
No, I'm talking about the NIC connectivity itself. Flaky drivers and poor .NC settings, as well as cables or a failing switch (where one port works and another intermittently drops packets) could all cause the symptoms you describe. Pinging will likely be intermittent as well.
ASKER
I'm pinging now, and so far no time outs.
ASKER
I just finished working with Microsoft. After testing all the things I did previously, they tried adding my firewall (192.168.1.1) as a forwarder, and that worked! First time I ever added an internal address as a forwarder. Internet is as fast as ever, and sites are resolving.
ASKER
Just spent 5 more hours with microsoft. What a beating. They can't figure out why the dns is working the way it was designed. We are still using the internal gateway address as a forwarder. Does this pose any security risk?
No more so than using any other forwarder. The reliability of its replies and susceptibility to DNS poisoning is dependent in the DNS implementation if the gateway. Could be rock solid. Or could have been coded by chimpanzees. So the question is, do you trust your gateway manufacturer/vendor from a security perspective?
ASKER
I need to figure this out, but didn't want to expose ourselves. Funny thing is I can browse find with my laptop hard codeing ip & DNS, just not the SBS 2011 server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://support.microsoft.com/kb/968372
Windows Server 2008 DNS Servers may fail to resolve queries for some top-level domains