[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


DNS request from guest OS to ISP fail in Hyper-V

Posted on 2012-08-23
Medium Priority
Last Modified: 2012-08-29

after very intens investigation I would like to reduce my question to the very essence.
The setup is as follows:
* Hyper-V core 2008R2 with one NIC
* Two guest OSs - 1x W2k3 Std., 1x W2k3SBS
* DNS-Server on W2k3SBS guest

* any DNS-request within the whole network to the internal DNS-Server works fine
* DNS-request from ANY other machines except the two virtual Servers to external DNS-Servers also work fine
* DNS-request from the Hyper-V host to external DNS-Servers are also ok
* DNS-request from any of the virtual servers fail.
* DNS-packets from the virtual servers can be successfuly traced up to the external DNS-server
* It makes no difference if nslookup is using the external DNS-server or the internal one that is then forwarding the request to external DNS-server. In any case the packets do definitly arrive at the external DNS and are answered, but the answers never arrive at the guest OS
* DNS trace on the w2k3SBS guest shows DNS-packets going out to the external DNS-servers but no packets coming in
* no firewall what so ever that could block any traffic (Hyper-V firewall explicitly turned off)
* system time is in sync on all machines
* again: ANY other computer on the network (using the same gaetway/firewall) is OK

The only thing I can think of may be the Hyper-V host not passing DNS packets from outside to the guest OSes.

Anyone ever had such a strange problem ?
Question by:shirkaan
  • 4

Author Comment

ID: 38325544
Hi again,

meanwhile I did some "wiresharking" between the router and ADSL-modem and the findings are stunning:
DNS-requests from the two virtual servers are definitly transmitted to the DNS-server but never receive any reply.
The same DNS-requests from ANY other machine in the network are also transmitted to the DNS-server and DO receive a reply (?)
So it seems someone is fiddling around with my DNS-requests, but only from to distinctive servers - does this make sense ?

Thanks for ANY comment - I'll keep you up to date.
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38326931
Any vlans in play here? how is the networking set up for the vm's? host-only/internal/actual network card (direct)?

Author Comment

ID: 38328169
No vlans. Networking setup for the vm's is actual network card.
But: As I captured the packets passing to and from the internet between the router and the ADSL-modem I could see the DNS requests coming from the vm's going out to the internet. No answer came back. Looking at the traffic between router and modem the only difference between DNS requests coming from the vm's and those coming from any other machine in the network is that only the requests from the other machines are answered.
So the DNS response packets coming from the internet don't even arrive at the router.
Thus there cannot be any problem with the networking setup of the vm's (?)

Accepted Solution

shirkaan earned 0 total points
ID: 38329570
Problem solved!
Believe it or not, the ADSL-Modem which can act as a router too went nuts. A few months ago I implemented a cisco router behind the modem and setup the modem to pass everything to the router unconditionaly. As this is a ZyXEL it knows to modes called "SUA only" and "full feature". Sure I could also have used the "SUA only" and only use the default route. But as the web-GUI had some bugs I used the other mode which was smother to configure and did literaly the same thing in my case.
Now this was not wrong but the firmware seems to have a bug that only shows in very rare cases and THIS seems to have been such a case. The router filtered ONLY DNS-response packets going to certain IP-adresses in the LAN (!) Some kind of pseudo intelligence...
So Thank you very much for your time - nobody would perhaps ever have thought about such strange behaviour of a modem/router.

I sure hope this strange story can help someone else having similar problems with a ZyXEL 660R-61.

Author Closing Comment

ID: 38344682
Very tricky and unusual, only to be solved with very systematic approach. Symptoms of the problem pointed to many other possible causes.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The environment that this is running in is SCCM 2007 R2 running on a Windows 2008 R2 server. The PXE Distribution point is running on its own Windows 2008 R2 box. This is what Event viewer showed after trying to start the WDS service:  An erro…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question