emike09
asked on
Intermittent DNS Failure
Hello,
I have a business running Windows SBS 2011. The server provides AD, DNS, and Exchange services for the 15-computer company.
We recently have started experiences DNS errors for every client behind the firewall. Those on wifi (same cable modem) do just fine. The issue is intermittent, with about a 50-60% success rate for resolution. When DNS is not working, Simple Query's pass, but recursive query's fail.
Here are some items that might help understand the system:
TCP/IPv4 DNS is pointed to self at 10.1.1.2
Server has no port blocking of any kind on the firewall(only during troubleshooting)
Firewall is a Netgear Prosafe UTM5, updated.
DNS is using Root Hints only, no forwarders
DNS Round Robin is enabled
Firewall WAN port DNS address is set to Google DNS: 8.8.8.8, 8.8.4.4
Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)
Any other questions, let me know.
I have a business running Windows SBS 2011. The server provides AD, DNS, and Exchange services for the 15-computer company.
We recently have started experiences DNS errors for every client behind the firewall. Those on wifi (same cable modem) do just fine. The issue is intermittent, with about a 50-60% success rate for resolution. When DNS is not working, Simple Query's pass, but recursive query's fail.
Here are some items that might help understand the system:
TCP/IPv4 DNS is pointed to self at 10.1.1.2
Server has no port blocking of any kind on the firewall(only during troubleshooting)
Firewall is a Netgear Prosafe UTM5, updated.
DNS is using Root Hints only, no forwarders
DNS Round Robin is enabled
Firewall WAN port DNS address is set to Google DNS: 8.8.8.8, 8.8.4.4
Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)
Any other questions, let me know.
Alan Hardisty
Just add the IP addresses of your ISP's DNS servers to the DNS Server Properties> Forwarders tab and it should solve the problem.
ASKER
I had Comcast's DNS servers in the Forwarders tab before but it still had issues. If this is how it's supposed to be, I'll add them in.
Your NIC has two IP addresses?!? That isn't a standard SBS 2011 configuration and very well could be impacting the DNS server if the bindings aren't correct. Please post an ipconfig /all
>>"Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)"
Is this in the properties of the DNS server? It should be one IPv4, the SBS's IP, and usaly 2 IPv4's. The extra's may be coming from the VPN which will cause problems.
Also the client machines should point ONLY to the SBS for DNS. If an alternate such as a router or ISP is added you will have a lot of problems.
Is this in the properties of the DNS server? It should be one IPv4, the SBS's IP, and usaly 2 IPv4's. The extra's may be coming from the VPN which will cause problems.
Also the client machines should point ONLY to the SBS for DNS. If an alternate such as a router or ISP is added you will have a lot of problems.
ASKER
All of these addresses are enabled in the DNS server interfaces tab:
fe80:fd5f:a556:d1cb:53b1
169.254.83.177
fe80:c9cd:bc2d:6ad7:462d
fe80:e699:2f9c:9262:3e53
10.1.1.2 <-- Server internal IP
So you think only the 10.1.1.2 should be on?
fe80:fd5f:a556:d1cb:53b1
169.254.83.177
fe80:c9cd:bc2d:6ad7:462d
fe80:e699:2f9c:9262:3e53
10.1.1.2 <-- Server internal IP
So you think only the 10.1.1.2 should be on?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There are two NICs, but the second NIC has always been disabled, and still is. Not even plugged in.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great guys I've made some changes. Let's hope for the best. Any reason why I can't just remove IPv6 addresses completely from DNS interfaces? We're IPv4 internally.
IPv6 is very important with Server 2008 and newer, there is no reason to remove it. There is a way to do so, but requires registry changes and there is no need.
Various windows services increasingly rely on IPv6 even for inter-process communications. Leave them be.
At least Cliff and I are in agreement :-)
Even if we are cross-posting. :)
Does the Fix My Network wizard report any issues?
ASKER
A combination of the Fix My Network function and fixing the IP addresses used in the Interfaces seems to have resolved the issue. Thanks guys.
Good to hear. Thanks emike09.
Cheers!
--Rob
Cheers!
--Rob