Solved

DNS Issues

Posted on 2012-04-11
9
870 Views
Last Modified: 2012-04-20
Some interesting problems I'm having with DNS on my machine.

The problem:

Often I find I cannot access machines by name. ipconfig /renew fixes the probem. Also, restarting or disabling the DNS Client Service fixes the problem, however, leaving that service off forces the client machine to query the DNS sever every time it needs to get somewhere, and the client also will then not register it's name with the DNS server. I worked with having that service off for a few weeks happily, but it's not the proper fix. This is not happening on just 1 machine, but many.

Some background:

~DHCP set by an apple server (I know...), xxx.123.20.6
~Primary DNS server, xxx.123.20.8, is a 2008 R2 box
~Secondary DNS server, is also the dhcp server
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.
~The machine names I am trying to access are .local names, not .org.
~My machine has 2 dns names, 1 for internal purposes, and 1 how outsiders see it. For example, Server1.domain.local is know externally as domainab20-187.domain.org
~Apple clients don't use the .local domain, thus they are not having these issues, which seems to be limited only to windows clients.
~Out of our 20 locations, only 1 (here) is still on a public ip scheme.
~Unfortunately, until later this year when we finish converting to a full private IP scheme, xxx.123.0.0 is a public ip range.

So, as you can see from the below transcript of my cmd session, ipconfig /renew fixes the issue. My concern lies with the fact that none of the settings changes with the /renew, just the dns client service was reset (i assume). Also, I didn't show it, but at any time, i could have done an nslookup and it would have returned this to me:

Server:  DC.domain.org
Address:  xxx.123.20.8

Name:    Server1.domain.local
Address:  xxx.123.20.158

C:\Users\me>ipconfig /renew

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.org
   IPv4 Address. . . . . . . . . . . : xxx.123.20.89
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : xxx.123.21.254

C:\Users\me>ipconfig /renew

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.org
   IPv4 Address. . . . . . . . . . . : xxx.123.20.89
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : xxx.123.21.254

C:\Users\me>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LocalPC
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local
                                       domain.org

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.org
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : xx-xx-xx-8F-95-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : xxx.123.20.89(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 7:47:58 AM
   Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 10:51:23 AM
   Default Gateway . . . . . . . . . : xxx.123.21.254
   DHCP Server . . . . . . . . . . . : xxx.123.20.6
   DNS Servers . . . . . . . . . . . : xxx.123.20.8
                                       xxx.123.20.6
                                       xxx.123.17.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\me>ping Server1
Ping request could not find host Server1. Please check the name and try a
gain.

C:\Users\me>ping Server2
Ping request could not find host Server2. Please check the name and try again.


C:\Users\me>ipconfig /renew

Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.org
   IPv4 Address. . . . . . . . . . . : xxx.123.20.89
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Default Gateway . . . . . . . . . : xxx.123.21.254

C:\Users\me>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : LocalPC
   Primary Dns Suffix  . . . . . . . : domain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.local
                                       domain.org

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : domain.org
   Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : xx-xx-xx-8F-95-B2
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : xxx.123.20.89(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.254.0
   Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 7:47:58 AM
   Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 11:11:33 AM
   Default Gateway . . . . . . . . . : xxx.123.21.254
   DHCP Server . . . . . . . . . . . : xxx.123.20.6
   DNS Servers . . . . . . . . . . . : xxx.123.20.8
                                       xxx.123.20.6
                                       xxx.123.17.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\me>ping Server1

Pinging Server1.domain.local [xxx.123.20.158] with 32 bytes of data:
Reply from xxx.123.20.158: bytes=32 time<1ms TTL=127
Reply from xxx.123.20.158: bytes=32 time<1ms TTL=127

Ping statistics for xxx.123.20.158:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\me>ping Server2

Pinging Server2.domain.local [xxx.123.20.174] with 32 bytes of data:
Reply from xxx.123.20.174: bytes=32 time<1ms TTL=127
Reply from xxx.123.20.174: bytes=32 time<1ms TTL=127

Ping statistics for xxx.123.20.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

Open in new window


I clearly have a mess with machines getting public dhcp addresses, and with having dns and dhcp not handled by the same boxes. Both these issues will be resolved later this year after school is out. I need to determine if there is something else going on besides this that is causing my issues.

Thanks for any help or input.

-Apothis
0
Comment
Question by:Apothis
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:unsatiated
Comment Utility
When the issue occurs, can you provide this info as well:

1.  When you perform nslookup server1 what do you recieve?
2.  If you ping by FQDN, what do you recieve?  such as server1.domain.local?

After issue resolvoed, perform same top 2 and provide data for that as well.
0
 
LVL 1

Expert Comment

by:backhaul
Comment Utility
Working on unsatiated comment:

There may be a conflict between domain.org and domain.local.  You have DNS domain.org and your AD domain.local which are different.  Machines use both DNS/WINS/AD for finding services (internet, Intranet, AD).
To start with please provide a .txt dump of the following (this would help us):

Just type
nslookup
hit enter.  We are looking to see if we get nslookup to fail on the resolution of the name server.

Next is to take your machine ip address and hostname and get the error to happen:

nslookup mymachinename
<enter>  Please provide screen output
nslookup my.ip.address.please
<enter>  Please provide screen output


I would recommend that you look at consolidating your dhcp/dns/AD to one platform (say microsoft) in this case.  Should you wish to have this diversity, I would use a program like dnsdiff or something similar to besure that forward as well as reverse records and NS servers are correctly formatted.

If the above does not point us in any direction, we will need to download bind for windows or *nix and run some dig/host queries to find the problem.   However, I'm betting that there is a gap between using domain.local and domain.org and also using MS DHCP/DNS, MAC DHCP and MS AD.
0
 
LVL 5

Author Comment

by:Apothis
Comment Utility
Okay, I'm going to skip back to the beginning here. I think the answer to the problem is in the details. The issues lies with DNS failing over to the secondary server.
For starters, nslookup defaults to the primary DNS server:
C:\Users\me>nslookup
Default Server:  DC.domain.org
Address:  xxx.123.20.8

Open in new window

> Server1
Server:  domainabdhcpdns.domain.org
Address:  xxx.123.20.6

*** domainabdhcpdns.domain.org can't find Server1: Non-existent domain
> Server2
Server:  domainabdhcpdns.domain.org
Address:  xxx.123.20.6

*** domainabdhcpdns.domain.org can't find Server2: Non-existent domain
> server xxx.123.20.8
Default Server:  DC.domain.org
Address:  xxx.123.20.8

> Server2
Server:  DC.domain.org
Address:  xxx.123.20.8

Name:    Server2.domain.local
Address:  xxx.123.20.174

> Server1
Server:  DC.domain.org
Address:  xxx.123.20.8

Name:    Server1.domain.local
Address:  xxx.123.20.158

Open in new window

As shown here, the primary DNS server, 20.8 can resolve the nslookup request, however, the secondary server, 20.6 cannot.
So, long story short, the issue lies with having inconsistent DNS server lookup zones. (20.6 knows nothing of the .local domain).

Now... I see I have 1 solution (get rid of 20.6) with 2 ways to get there:
1) Change DHCP to only point to the DNS servers that host the correct lookup zones. In this case it is xxx.123.20.8 and xxx.123.44.12
2) Force through Group Policy the clients to use the DNS servers in option 1.

The real question before I can act on one of those solutions is why would my clients be querying the secondary DNS server at all? Is it asking all 3 DNS servers and taking the one's answer the replies the quickest? The primary DNS server, xxx.123.20.8 is on the same subnet as my machine. The fact that this happens multiple times a day (it failing over to the secondary DNS server) tells me there is something I'm missing. Event logs aren't showing anything eventful except for this, which I'm guessing I'm getting because this server has a public IP address...
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" /> 
  <EventID Qualifiers="16384">5504</EventID> 
  <Version>0</Version> 
  <Level>4</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2012-04-11T16:40:11.000000000Z" /> 
  <EventRecordID>10440</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>DNS Server</Channel> 
  <Computer>DC.domain.local</Computer> 
  <Security /> 
  </System>
- <EventData Name="DNS_EVENT_INVALID_PACKET_DOMAIN_NAME">
  <Data Name="param1">64.59.135.214</Data> 
  <Binary>D26480010000000000000000</Binary> 
  </EventData>
  </Event>

Open in new window

0
 
LVL 3

Assisted Solution

by:unsatiated
unsatiated earned 200 total points
Comment Utility
One reason why your clients would failover their DNS is due to non-response.  If the query is not returned within the timeout, it will automatically begin to utilize the secondary dns server from that point on.

Perhaps you may want to cross replicate your DNS zones which would eliminate your DNS resolution issues as well as provide a fault tolerant configuration.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 5

Author Comment

by:Apothis
Comment Utility
Okay, I've looked at our configuration thoroughly, and decided that we will change our DHCP server (an apple box) to no longer serve DNS and to point them to Windows servers instead, as all zones reside there already. Eventually, we will also have those windows server take over dhcp and trash the mac. Points will be awarded early next week assuming this fixes the issue, otherwise I will update my findings after running with this a few days. Thanks for the advice on replication. I plan to have a total of 5 PC DNS servers when this is complete. Currently we only have 2 pc dns servers, and 20 some mac dns servers that don't know about our pc domain :(
0
 
LVL 5

Author Comment

by:Apothis
Comment Utility
I guess I should mention for this to make since - we have about 20 locations within the same city. 4500 Mac clients, 300 PC clients.
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 300 total points
Comment Utility
Your DHCP scope options should be set to only serve authoritative servers for the active directory domain. Outside servers should be set in your DNS forwarders for those domain controllers. Since the .ORG server is within the Mix, I assume that is your hosted web site and it can have a DNS record on your domain for internal .org queries to that server, but shouldn't be a domain server for the domain.

So, the .org server shouldn't be a server for domain features and should be removed from the DHCP scope options as a DNS server for this domain...

~DHCP set by an apple server (I know...), xxx.123.20.6
~Primary DNS server, xxx.123.20.8, is a 2008 R2 box

-------------------------------------------------------------------------------------
~Secondary DNS server, is also the dhcp server

NOTE: This one may cause you problems if its DNS data doesn't host the SeRVice (SRV) records for your Active Directory domain.
---------------------------------------------------------------------------------------
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.

NOTE: This one will cause you problems because it's not an AD server and doesn't host Domain SeRVice (SRV) records for windows domain features unless the domain zones are replicated from the AD domain controller.

==So, adjust your DHCP scope options to only host DNS servers that also hold your domain SRV records.

My Article: (DNS troubleshooting made easy).
http://www.experts-exchange.com/Networking/Protocols/DNS/A_323-DNS-Troubleshooting-made-easy.html
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
ALSO: DNS is not necessarily your problem.

Ping is a universal tool that can use NetBIOS, or DNS to translate the name to an IP.

Ping Server1   (will use a NetBIOS query to the NetBIOS name server)
Ping Server1.domain.com (will use a DNS query to the DNS server if not within DNS cache)
Ping IPaddress (will use ARP to translate the IP to a MAC address to find the NIC card).

Be careful with ping.. If you question DNS, USE NSLOOKUP.

If you question NetBIOS, download and install NBLOOKUP
0
 
LVL 5

Author Closing Comment

by:Apothis
Comment Utility
This pretty much summed up the problem, though I still want to know why DNS was timing out and failing over to the secondary server:

~Secondary DNS server, is also the dhcp server

NOTE: This one may cause you problems if its DNS data doesn't host the SeRVice (SRV) records for your Active Directory domain.
---------------------------------------------------------------------------------------
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.

NOTE: This one will cause you problems because it's not an AD server and doesn't host Domain SeRVice (SRV) records for windows domain features unless the domain zones are replicated from the AD domain controller.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now