?
Solved

Intermittent DNS Failure

Posted on 2012-09-12
17
Medium Priority
?
1,216 Views
Last Modified: 2012-09-13
Hello,
I have a business running Windows SBS 2011.  The server provides AD, DNS, and Exchange services for the 15-computer company.

We recently have started experiences DNS errors for every client behind the firewall.  Those on wifi (same cable modem) do just fine.  The issue is intermittent, with about a 50-60% success rate for resolution.  When DNS is not working, Simple Query's pass, but recursive query's fail.

  Here are some items that might help understand the system:

TCP/IPv4 DNS is pointed to self at 10.1.1.2
Server has no port blocking of any kind on the firewall(only during troubleshooting)
Firewall is a Netgear Prosafe UTM5, updated.
DNS is using Root Hints only, no forwarders
DNS Round Robin is enabled
Firewall WAN port DNS address is set to Google DNS: 8.8.8.8, 8.8.4.4
Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)

Any other questions, let me know.
0
Comment
Question by:emike09
  • 6
  • 5
  • 4
  • +2
17 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38393303
Just add the IP addresses of your ISP's DNS servers to the DNS Server Properties> Forwarders tab and it should solve the problem.
0
 

Author Comment

by:emike09
ID: 38393306
I had Comcast's DNS servers in the Forwarders tab before but it still had issues.  If this is how it's supposed to be, I'll add them in.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 38393327
Your NIC has two IP addresses?!? That isn't a standard SBS 2011 configuration and very well could be impacting the DNS server if the bindings aren't correct. Please post an ipconfig /all
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 38393335
>>"Interfaces for IP has two IPv4 addresses and 3 IPv6 addresses enabled (perhaps I only need one of these?)"

Is this in the properties of the DNS server?  It should be one IPv4, the SBS's IP, and usaly 2 IPv4's.  The extra's may be coming from the VPN which will cause problems.

Also the client machines should point ONLY to the SBS for DNS.  If an alternate such as a router or ISP is added you will have a lot of problems.
0
 

Author Comment

by:emike09
ID: 38393393
All of these addresses are enabled in the DNS server interfaces tab:

fe80:fd5f:a556:d1cb:53b1
169.254.83.177
fe80:c9cd:bc2d:6ad7:462d
fe80:e699:2f9c:9262:3e53
10.1.1.2 <-- Server internal IP

So you think only the 10.1.1.2 should be on?
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1200 total points
ID: 38393403
Do you have multiple NIC's enabled on the SBS?  You can only have one NIC. You must disable the second, not just disconnect, and the run the Fix My Network wizard in the SBS console under Network / Connectivity.
After that check the DNS console again.
0
 

Author Comment

by:emike09
ID: 38393406
There are two NICs, but the second NIC has always been disabled, and still is.  Not even plugged in.
0
 
LVL 60

Accepted Solution

by:
Cliff Galiher earned 800 total points
ID: 38393410
The 169.254 address is particularly concerning. That is an APIPA address and is generated when Windows could not contact a DHCP server. Does this server have 2 NICs? 2 NICs is not supported on SBS 2011 and if the server has a dual-port NIC, one port should be disabled to be compatible with SBS 2011.

It is also concerning that you have 3 IPv6 addresses in the fe80 range. This does make me think you have multiple NICs on this server and that is likely causing some issues.
0
 
LVL 78

Assisted Solution

by:Rob Williams
Rob Williams earned 1200 total points
ID: 38393412
Doesn't matter 2 NIC's is a major mistake with SBS. The DNS issues are likely caused by those IP's being present.  The client and or server is trying to resolve using the 169.254.x.x address.  It can be disabled in DNS and "might" solve the DNS issue but it can cause problems with IIS, Exchange and more.

As you can see even though disconnected it has an IP (an APIPA address)
0
 

Author Comment

by:emike09
ID: 38393418
Great guys I've made some changes.  Let's hope for the best.  Any reason why I can't just remove IPv6 addresses completely from DNS interfaces?  We're IPv4 internally.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38393423
IPv6 is very important with Server 2008 and newer, there is no reason to remove it.  There is a way to do so, but requires registry changes and there is no need.
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 38393424
Various windows services increasingly rely on IPv6 even for inter-process communications. Leave them be.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38393430
At least Cliff and I are in agreement :-)
0
 
LVL 60

Expert Comment

by:Cliff Galiher
ID: 38393442
Even if we are cross-posting.  :)
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 38395325
Does the Fix My Network wizard report any issues?
0
 

Author Closing Comment

by:emike09
ID: 38396166
A combination of the Fix My Network function and fixing the IP addresses used in the Interfaces seems to have resolved the issue.  Thanks guys.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 38396465
Good to hear. Thanks emike09.
Cheers!
--Rob
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question