Learn how to a build a cloud-first strategyRegister Now


Windows Server 2008 DNS - randomly failing to resolve a non-authoritative domain name

Posted on 2011-10-13
Medium Priority
Last Modified: 2012-05-12
I'm encountering an odd problem and hoping for some direction in troubleshooting.

We have 4 name servers on two different networks (lets say, ns1/ns2 on one network, and ns1/ns2 on a different network.)

These name servers are Active Directory servers, and other than one DNS zone in the DNS, the servers act as a caching-only DNS server.

They can all resolve non-authoritative domains just fine (from within our network of course, external lookups are not permitted)

The issue is that we have a reoccurring problem with one specific .org domain name seems to be a problem.

The last time it occurred, it was only one of our 4 name servers that would fail with the following error:

example: (using a fake domain here)

nslookup thedomain.org ns1.nameserver.com
*** UnKnown can't find thedomain.org: Server failed

We couldn't find any cause for this, so we restarted the DNS service on that particular name server and then it started to work.  The other 3 name servers were providing a result for this query.

Today, the issue has come up again, and this time it's 3 out of 4 name servers that now cannot resolve this domain.

The one does work properly gives us a result of (example):

Non-authoritative answer:
Name:    thedomain.org
Address:  123.456.789.123

I've scanned through the error logs on the primary DNS server but not finding anything to explain this.  However the DNS events in the log are mostly just other types of informational logs.  There are no warnings/errors/critical alerts at all.

As restarting the DNS service worked last time to resolve the issue, it doesn't seem that it is a configuration problem, otherwise it should't work at all.  The other odd issue is that this time 3 of our 4 name servers are failing to provide results for (only) this domain.  Any other non-authoritative domain I query on produces results.

Could it be some issue at the authoritative DNS servers? I did run the domain through DNS Stuff and the report showed no issues with its name servers, other than "NS agreement on SOA Serial #", but there were no other errors.

Any guidance in tracking this down would be appreciated.

Thank you

(Edit -  just a quick update - I cleared the cache just now on one of the name servers that couldn't resolve this domain, and that resolved the issue.  But why is this occurring / what can we do to prevent this from reoccurring? )
Question by:serveradm
  • 2
LVL 15

Accepted Solution

. earned 2000 total points
ID: 36971199

Author Comment

ID: 36979758
Thanks,  haven't tested the solution yet but just an update, the debugging led me to some log entries that contained:


and further research led me to this Microsoft KB article:


This KB perfectly describes the problem we've been having so we're likely going to implement the registry change outlined there.
LVL 15

Expert Comment

ID: 36979914
So based on that you could create a conditional forwarder as a workaround for this one domain that forwards the query to your ISP rather than using root hints.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question