Apothis
asked on
DNS Issues
Some interesting problems I'm having with DNS on my machine.
The problem:
Often I find I cannot access machines by name. ipconfig /renew fixes the probem. Also, restarting or disabling the DNS Client Service fixes the problem, however, leaving that service off forces the client machine to query the DNS sever every time it needs to get somewhere, and the client also will then not register it's name with the DNS server. I worked with having that service off for a few weeks happily, but it's not the proper fix. This is not happening on just 1 machine, but many.
Some background:
~DHCP set by an apple server (I know...), xxx.123.20.6
~Primary DNS server, xxx.123.20.8, is a 2008 R2 box
~Secondary DNS server, is also the dhcp server
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.
~The machine names I am trying to access are .local names, not .org.
~My machine has 2 dns names, 1 for internal purposes, and 1 how outsiders see it. For example, Server1.domain.local is know externally as domainab20-187.domain.org
~Apple clients don't use the .local domain, thus they are not having these issues, which seems to be limited only to windows clients.
~Out of our 20 locations, only 1 (here) is still on a public ip scheme.
~Unfortunately, until later this year when we finish converting to a full private IP scheme, xxx.123.0.0 is a public ip range.
So, as you can see from the below transcript of my cmd session, ipconfig /renew fixes the issue. My concern lies with the fact that none of the settings changes with the /renew, just the dns client service was reset (i assume). Also, I didn't show it, but at any time, i could have done an nslookup and it would have returned this to me:
Server: DC.domain.org
Address: xxx.123.20.8
Name: Server1.domain.local
Address: xxx.123.20.158
I clearly have a mess with machines getting public dhcp addresses, and with having dns and dhcp not handled by the same boxes. Both these issues will be resolved later this year after school is out. I need to determine if there is something else going on besides this that is causing my issues.
Thanks for any help or input.
-Apothis
The problem:
Often I find I cannot access machines by name. ipconfig /renew fixes the probem. Also, restarting or disabling the DNS Client Service fixes the problem, however, leaving that service off forces the client machine to query the DNS sever every time it needs to get somewhere, and the client also will then not register it's name with the DNS server. I worked with having that service off for a few weeks happily, but it's not the proper fix. This is not happening on just 1 machine, but many.
Some background:
~DHCP set by an apple server (I know...), xxx.123.20.6
~Primary DNS server, xxx.123.20.8, is a 2008 R2 box
~Secondary DNS server, is also the dhcp server
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.
~The machine names I am trying to access are .local names, not .org.
~My machine has 2 dns names, 1 for internal purposes, and 1 how outsiders see it. For example, Server1.domain.local is know externally as domainab20-187.domain.org
~Apple clients don't use the .local domain, thus they are not having these issues, which seems to be limited only to windows clients.
~Out of our 20 locations, only 1 (here) is still on a public ip scheme.
~Unfortunately, until later this year when we finish converting to a full private IP scheme, xxx.123.0.0 is a public ip range.
So, as you can see from the below transcript of my cmd session, ipconfig /renew fixes the issue. My concern lies with the fact that none of the settings changes with the /renew, just the dns client service was reset (i assume). Also, I didn't show it, but at any time, i could have done an nslookup and it would have returned this to me:
Server: DC.domain.org
Address: xxx.123.20.8
Name: Server1.domain.local
Address: xxx.123.20.158
C:\Users\me>ipconfig /renew
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.org
IPv4 Address. . . . . . . . . . . : xxx.123.20.89
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : xxx.123.21.254
C:\Users\me>ipconfig /renew
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.org
IPv4 Address. . . . . . . . . . . : xxx.123.20.89
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : xxx.123.21.254
C:\Users\me>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : LocalPC
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
domain.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.org
Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : xx-xx-xx-8F-95-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : xxx.123.20.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 7:47:58 AM
Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 10:51:23 AM
Default Gateway . . . . . . . . . : xxx.123.21.254
DHCP Server . . . . . . . . . . . : xxx.123.20.6
DNS Servers . . . . . . . . . . . : xxx.123.20.8
xxx.123.20.6
xxx.123.17.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\me>ping Server1
Ping request could not find host Server1. Please check the name and try a
gain.
C:\Users\me>ping Server2
Ping request could not find host Server2. Please check the name and try again.
C:\Users\me>ipconfig /renew
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.org
IPv4 Address. . . . . . . . . . . : xxx.123.20.89
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : xxx.123.21.254
C:\Users\me>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : LocalPC
Primary Dns Suffix . . . . . . . : domain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
domain.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.org
Description . . . . . . . . . . . : Intel(R) 82578DM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : xx-xx-xx-8F-95-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : xxx.123.20.89(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 7:47:58 AM
Lease Expires . . . . . . . . . . : Wednesday, April 11, 2012 11:11:33 AM
Default Gateway . . . . . . . . . : xxx.123.21.254
DHCP Server . . . . . . . . . . . : xxx.123.20.6
DNS Servers . . . . . . . . . . . : xxx.123.20.8
xxx.123.20.6
xxx.123.17.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\me>ping Server1
Pinging Server1.domain.local [xxx.123.20.158] with 32 bytes of data:
Reply from xxx.123.20.158: bytes=32 time<1ms TTL=127
Reply from xxx.123.20.158: bytes=32 time<1ms TTL=127
Ping statistics for xxx.123.20.158:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\me>ping Server2
Pinging Server2.domain.local [xxx.123.20.174] with 32 bytes of data:
Reply from xxx.123.20.174: bytes=32 time<1ms TTL=127
Reply from xxx.123.20.174: bytes=32 time<1ms TTL=127
Ping statistics for xxx.123.20.174:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
I clearly have a mess with machines getting public dhcp addresses, and with having dns and dhcp not handled by the same boxes. Both these issues will be resolved later this year after school is out. I need to determine if there is something else going on besides this that is causing my issues.
Thanks for any help or input.
-Apothis
Working on unsatiated comment:
There may be a conflict between domain.org and domain.local. You have DNS domain.org and your AD domain.local which are different. Machines use both DNS/WINS/AD for finding services (internet, Intranet, AD).
To start with please provide a .txt dump of the following (this would help us):
Just type
Next is to take your machine ip address and hostname and get the error to happen:
I would recommend that you look at consolidating your dhcp/dns/AD to one platform (say microsoft) in this case. Should you wish to have this diversity, I would use a program like dnsdiff or something similar to besure that forward as well as reverse records and NS servers are correctly formatted.
If the above does not point us in any direction, we will need to download bind for windows or *nix and run some dig/host queries to find the problem. However, I'm betting that there is a gap between using domain.local and domain.org and also using MS DHCP/DNS, MAC DHCP and MS AD.
There may be a conflict between domain.org and domain.local. You have DNS domain.org and your AD domain.local which are different. Machines use both DNS/WINS/AD for finding services (internet, Intranet, AD).
To start with please provide a .txt dump of the following (this would help us):
Just type
nslookuphit enter. We are looking to see if we get nslookup to fail on the resolution of the name server.
Next is to take your machine ip address and hostname and get the error to happen:
nslookup mymachinename<enter> Please provide screen output
nslookup my.ip.address.please<enter> Please provide screen output
I would recommend that you look at consolidating your dhcp/dns/AD to one platform (say microsoft) in this case. Should you wish to have this diversity, I would use a program like dnsdiff or something similar to besure that forward as well as reverse records and NS servers are correctly formatted.
If the above does not point us in any direction, we will need to download bind for windows or *nix and run some dig/host queries to find the problem. However, I'm betting that there is a gap between using domain.local and domain.org and also using MS DHCP/DNS, MAC DHCP and MS AD.
ASKER
Okay, I'm going to skip back to the beginning here. I think the answer to the problem is in the details. The issues lies with DNS failing over to the secondary server.
For starters, nslookup defaults to the primary DNS server:
So, long story short, the issue lies with having inconsistent DNS server lookup zones. (20.6 knows nothing of the .local domain).
Now... I see I have 1 solution (get rid of 20.6) with 2 ways to get there:
1) Change DHCP to only point to the DNS servers that host the correct lookup zones. In this case it is xxx.123.20.8 and xxx.123.44.12
2) Force through Group Policy the clients to use the DNS servers in option 1.
The real question before I can act on one of those solutions is why would my clients be querying the secondary DNS server at all? Is it asking all 3 DNS servers and taking the one's answer the replies the quickest? The primary DNS server, xxx.123.20.8 is on the same subnet as my machine. The fact that this happens multiple times a day (it failing over to the secondary DNS server) tells me there is something I'm missing. Event logs aren't showing anything eventful except for this, which I'm guessing I'm getting because this server has a public IP address...
For starters, nslookup defaults to the primary DNS server:
C:\Users\me>nslookup
Default Server: DC.domain.org
Address: xxx.123.20.8
> Server1
Server: domainabdhcpdns.domain.org
Address: xxx.123.20.6
*** domainabdhcpdns.domain.org can't find Server1: Non-existent domain
> Server2
Server: domainabdhcpdns.domain.org
Address: xxx.123.20.6
*** domainabdhcpdns.domain.org can't find Server2: Non-existent domain
> server xxx.123.20.8
Default Server: DC.domain.org
Address: xxx.123.20.8
> Server2
Server: DC.domain.org
Address: xxx.123.20.8
Name: Server2.domain.local
Address: xxx.123.20.174
> Server1
Server: DC.domain.org
Address: xxx.123.20.8
Name: Server1.domain.local
Address: xxx.123.20.158
As shown here, the primary DNS server, 20.8 can resolve the nslookup request, however, the secondary server, 20.6 cannot.So, long story short, the issue lies with having inconsistent DNS server lookup zones. (20.6 knows nothing of the .local domain).
Now... I see I have 1 solution (get rid of 20.6) with 2 ways to get there:
1) Change DHCP to only point to the DNS servers that host the correct lookup zones. In this case it is xxx.123.20.8 and xxx.123.44.12
2) Force through Group Policy the clients to use the DNS servers in option 1.
The real question before I can act on one of those solutions is why would my clients be querying the secondary DNS server at all? Is it asking all 3 DNS servers and taking the one's answer the replies the quickest? The primary DNS server, xxx.123.20.8 is on the same subnet as my machine. The fact that this happens multiple times a day (it failing over to the secondary DNS server) tells me there is something I'm missing. Event logs aren't showing anything eventful except for this, which I'm guessing I'm getting because this server has a public IP address...
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="16384">5504</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-04-11T16:40:11.000000000Z" />
<EventRecordID>10440</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>DC.domain.local</Computer>
<Security />
</System>
- <EventData Name="DNS_EVENT_INVALID_PACKET_DOMAIN_NAME">
<Data Name="param1">64.59.135.214</Data>
<Binary>D26480010000000000000000</Binary>
</EventData>
</Event>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay, I've looked at our configuration thoroughly, and decided that we will change our DHCP server (an apple box) to no longer serve DNS and to point them to Windows servers instead, as all zones reside there already. Eventually, we will also have those windows server take over dhcp and trash the mac. Points will be awarded early next week assuming this fixes the issue, otherwise I will update my findings after running with this a few days. Thanks for the advice on replication. I plan to have a total of 5 PC DNS servers when this is complete. Currently we only have 2 pc dns servers, and 20 some mac dns servers that don't know about our pc domain :(
ASKER
I guess I should mention for this to make since - we have about 20 locations within the same city. 4500 Mac clients, 300 PC clients.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ALSO: DNS is not necessarily your problem.
Ping is a universal tool that can use NetBIOS, or DNS to translate the name to an IP.
Ping Server1 (will use a NetBIOS query to the NetBIOS name server)
Ping Server1.domain.com (will use a DNS query to the DNS server if not within DNS cache)
Ping IPaddress (will use ARP to translate the IP to a MAC address to find the NIC card).
Be careful with ping.. If you question DNS, USE NSLOOKUP.
If you question NetBIOS, download and install NBLOOKUP
Ping is a universal tool that can use NetBIOS, or DNS to translate the name to an IP.
Ping Server1 (will use a NetBIOS query to the NetBIOS name server)
Ping Server1.domain.com (will use a DNS query to the DNS server if not within DNS cache)
Ping IPaddress (will use ARP to translate the IP to a MAC address to find the NIC card).
Be careful with ping.. If you question DNS, USE NSLOOKUP.
If you question NetBIOS, download and install NBLOOKUP
ASKER
This pretty much summed up the problem, though I still want to know why DNS was timing out and failing over to the secondary server:
~Secondary DNS server, is also the dhcp server
NOTE: This one may cause you problems if its DNS data doesn't host the SeRVice (SRV) records for your Active Directory domain.
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.
NOTE: This one will cause you problems because it's not an AD server and doesn't host Domain SeRVice (SRV) records for windows domain features unless the domain zones are replicated from the AD domain controller.
~Secondary DNS server, is also the dhcp server
NOTE: This one may cause you problems if its DNS data doesn't host the SeRVice (SRV) records for your Active Directory domain.
--------------------------
~Third DNS server, xxx.123.17.1, is our authoritative server over our .org domain.
NOTE: This one will cause you problems because it's not an AD server and doesn't host Domain SeRVice (SRV) records for windows domain features unless the domain zones are replicated from the AD domain controller.
1. When you perform nslookup server1 what do you recieve?
2. If you ping by FQDN, what do you recieve? such as server1.domain.local?
After issue resolvoed, perform same top 2 and provide data for that as well.