Intermittent DNS Failure

Hello,
I have a business running Windows SBS 2011.  The server provides AD, DNS, and Exchange services for the 15-computer company.

We recently have started experiences DNS errors for every client behind the firewall.  Those on wifi (same cable modem) do just fine.  The issue is intermittent, with about a 50-60% success rate for resolution.  When DNS is not working, Simple Query's pass, but recursive query's fail.

  Here are some items that might help understand the system:

TCP/IPv4 DNS is pointed to self at 10.1.1.2
Server has no port blocking of any kind on the firewall(only during troubleshooting)
Firewall is a Netgear Prosafe UTM5, updated.
DNS is using Root Hints only, no forwarders
DNS Round Robin is enabled
Firewall WAN port DNS address is set to Google DNS: 8.8.8.8, 8.8.4.4
Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)

Any other questions, let me know.
emike09Asked:
Who is Participating?
 
Cliff GaliherCommented:
The 169.254 address is particularly concerning. That is an APIPA address and is generated when Windows could not contact a DHCP server. Does this server have 2 NICs? 2 NICs is not supported on SBS 2011 and if the server has a dual-port NIC, one port should be disabled to be compatible with SBS 2011.

It is also concerning that you have 3 IPv6 addresses in the fe80 range. This does make me think you have multiple NICs on this server and that is likely causing some issues.
0
 
Alan HardistyCo-OwnerCommented:
Just add the IP addresses of your ISP's DNS servers to the DNS Server Properties> Forwarders tab and it should solve the problem.
0
 
emike09Author Commented:
I had Comcast's DNS servers in the Forwarders tab before but it still had issues.  If this is how it's supposed to be, I'll add them in.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
Cliff GaliherCommented:
Your NIC has two IP addresses?!? That isn't a standard SBS 2011 configuration and very well could be impacting the DNS server if the bindings aren't correct. Please post an ipconfig /all
0
 
Rob WilliamsCommented:
>>"Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)"

Is this in the properties of the DNS server?  It should be one IPv4, the SBS's IP, and usaly 2 IPv4's.  The extra's may be coming from the VPN which will cause problems.

Also the client machines should point ONLY to the SBS for DNS.  If an alternate such as a router or ISP is added you will have a lot of problems.
0
 
emike09Author Commented:
All of these addresses are enabled in the DNS server interfaces tab:

fe80:fd5f:a556:d1cb:53b1
169.254.83.177
fe80:c9cd:bc2d:6ad7:462d
fe80:e699:2f9c:9262:3e53
10.1.1.2 <-- Server internal IP

So you think only the 10.1.1.2 should be on?
0
 
Rob WilliamsCommented:
Do you have multiple NIC's enabled on the SBS?  You can only have one NIC. You must disable the second, not just disconnect, and the run the Fix My Network wizard in the SBS console under Network / Connectivity.
After that check the DNS console again.
0
 
emike09Author Commented:
There are two NICs, but the second NIC has always been disabled, and still is.  Not even plugged in.
0
 
Rob WilliamsCommented:
Doesn't matter 2 NIC's is a major mistake with SBS. The DNS issues are likely caused by those IP's being present.  The client and or server is trying to resolve using the 169.254.x.x address.  It can be disabled in DNS and "might" solve the DNS issue but it can cause problems with IIS, Exchange and more.

As you can see even though disconnected it has an IP (an APIPA address)
0
 
emike09Author Commented:
Great guys I've made some changes.  Let's hope for the best.  Any reason why I can't just remove IPv6 addresses completely from DNS interfaces?  We're IPv4 internally.
0
 
Rob WilliamsCommented:
IPv6 is very important with Server 2008 and newer, there is no reason to remove it.  There is a way to do so, but requires registry changes and there is no need.
0
 
Cliff GaliherCommented:
Various windows services increasingly rely on IPv6 even for inter-process communications. Leave them be.
0
 
Rob WilliamsCommented:
At least Cliff and I are in agreement :-)
0
 
Cliff GaliherCommented:
Even if we are cross-posting.  :)
0
 
DrDave242Commented:
Does the Fix My Network wizard report any issues?
0
 
emike09Author Commented:
A combination of the Fix My Network function and fixing the IP addresses used in the Interfaces seems to have resolved the issue.  Thanks guys.
0
 
Rob WilliamsCommented:
Good to hear. Thanks emike09.
Cheers!
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.