Windows 2008 R2 - DNS Issue

ise_IT
ise_IT used Ask the Experts™
on
We have DNS configured on Windows 2008 R2 DC.
DNS resolving internally fine.
Problem is resolving some external (internet) site.
DNS will resolve xyz.com
After a while dns will give Non-existent Domain for xyz.com
When we clear a cache or restart a DNS service, DNS will resolve xyz.com again.
we did the following:
- Configured conditional forwarding for specific site.
- Forward to ISP DNS.
- Disable EDNS0.
- Edit MaxCacheTTL  http://support.microsoft.com/kb/968372
- Install the hotfix provided by microsoft  http://support.microsoft.com/kb/2508835
  Still we are facing same problem.

We installed the nwtwok monitor to check really what is happening and find the following:
- First time it resolved the site successfully. After a  while it gives response :Name Error.
dns-nm.JPG
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
dnscmd /config /enableednsprobes 0

http://support.microsoft.com/kb/832223

Author

Commented:
I run the command and restart DNS service.
Still same problem.
can you disable IPV6 on your DNS server...
try setting your forward dns to opendns IP's (208.67.222.222 - 208.67.220.220)

Commented:
Configure DNS forwarding under server properties to fwd the external queries to outside.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
run this dns test from intodns.com and post the results,

Author

Commented:
Anuroopsundd:
IPV6 is disabled.

christophel:
Try but same result.

Sandeep_Agarwal_:
Try but same result.

WORKS2011:
It is an internal DNS.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
run the test, it will test external

Author

Commented:
you need to run it for my domain or the domain i'm facing problem with reslove it.

Commented:
I believe your external DNS provider is casing your issue, it is not allowing DNS updates.  Inquire about this to them.  You may want to get another well respected DNS service provider.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
run it for both domains, it won't hurt to know where problems are you can fix your domain's dns and notify the other IT department if the domain you're sending to has DNS issues.
Top Expert 2014

Commented:
@ WORKS2011 - I think you're confusing the issue.  Scanning the external DNS has no relation to the problem the asker is experiencing.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
ise_IT wrote, "DNS resolving internally fine. Problem is resolving some external (internet) site."

Am I wrong with my understanding of which sites are not resolving?
Top Expert 2014

Commented:
My understanding is that the problem is with clients inside their network resolving host names that are external to their environment.  So we're on the same page as far as which hosts are resolving, but the question is from where?  From inside their network or from outside?  My interpretation is from inside, I think yours is from outside.

But I'll let the author comment if I'm wrong.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
thanks footech, this site is awesome because everyone is working to help everyone out even when something is misunderstood. I agree we'll let the author decide and I get your (and probably the authors) point now. Thanks for clarifying.
Top Expert 2014

Commented:
@ WORKS2011 - I agree.  :)  I just wish I had an answer for the author.  Any time I've heard of this problem it's been resolved by one of the items already mentioned.

Author

Commented:
local client (inside my network) are trying to resolve external website (internet) using AD DNS. AD DNS is resolving  most of internet site but sometimes it is resolving but after a while it will give NX-domain.Although it resolved it before.
There is no problem with AD DNS for internal (inside network) resolving.
Hope i make it clear.
WORKS2011Managed IT Services, Cyber Security, Backup

Commented:
why haven't you run the DNS test I asked you to run on 2012-04-14 at 18:27:36ID: 37847286

NXDOMAIN or Non-Existent Domain is a term used for the Internet domain name that is unable to be resolved using the DNS implementation owing either to domain name not yet registered or the server problem.

Author

Commented:
Please find attached the result dfor domain we are facing problem with it.
tadawul.pdf
Managed IT Services, Cyber Security, Backup
Commented:
there are clearly problems with the DNS servers with the site you're trying to contact. I would forward this information on to them, you're likely to have problems sending with the errors they are showing, the main error being "DNS Servers responded - ERROR: One or more of your nameservers did not respond: The ones that did not respond are 212.118.132.206

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial