Solved

Windows Server 2012 DNS Issues

Posted on 2013-01-16
18
1,201 Views
Last Modified: 2013-02-09
We have a new Hyper-V Host and 3 Guests, but in configuring one of these guests as a DNS Server (AD-Integrated) we see that there are issues in setting Forwarders - FQDN resolves but Validated timeouts almost every time. We are using ISPs DNS Servers and also tried Google's Public 8.8.8.8 and it also timesout.

Help please!
0
Comment
Question by:Flipp
  • 9
  • 8
18 Comments
 
LVL 33

Expert Comment

by:paulmacd
Comment Utility
Is there only one network path?  That is, is it possible there are two NICs configured for this VM?
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
Are you able to use nslookup to query your ISP nameservers and Google nameservers ?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
All VMs have one NIC each, which is connected to Virtual Switch. "Hyper-V NIC Team" has four physical adapters configured for use with this Virtual Switch. I have found that having Load Balancing for this team set to 'Hyper-V Port' resolves the instability/connectivity issues I was seeing, but now my Load Balance only allows for max 1GB throughput instead of using all 4 NICs. The other mode which I assumed would work fine is 'Address Hash', but for some reason when I set the team to this mode I get funny/various lookup issues - I can ping 8.8.8.8 just fine.
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
ping is one thing, nslookup is another...

what type of team have you created ? a Microsoft 2012 team, or one provided by the NIC vendor, such as the HP NCU ?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
Server 2012 Team.
0
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 500 total points
Comment Utility
Aha, the 2012 "software" teaming is not as "robust" as the teaming from the HP for example.

However if you are able to ping, then you have at least basic connectivity.  I would only expect 1Gbps for each VM with "Hyper-V port"

http://technet.microsoft.com/en-us/library/hh831648.aspx
"it limits a single virtual machine to the bandwidth that is available on a single network adapter"

If you are limited to using 2012 teaming, you might have better performance from using each NIC on the host individually, giving each VM 4 virtual NICs (each one bound to a different physical NIC) and then using 2012 teaming in the guest.

Dealing with the DNS issue, have you tried nslookup yet ?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
So my issue is then that all my Guests are not Server 2012 due to incompatibilities (i.e. Exchange 2010), so how would I use NIC Teaming in Server 2008 R2?

This seems like a real mess to something that seems such a simple requirement.

Have you been successful with Server 2012 NIC Teaming in Host before?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
Let me take a step back and explain my configuration, and see if I am missing anything .....

Hyper-V Host is Server 2012 and I have enabled NIC Teaming and created a 'Management Team' for this machine with 2 NICs which are set to Address Hash - dont seem to be any issues with this.
I then create a 2nd NIC Team 'Hyper Team' and if I use Address Hash as the LB Mode I see weird nslookup results. I also create a Virtual Switch 'External vSwitch' so that my VM can connect its virtual NIC. Virtual NIC is assigned Static IP and setup as DC, DNS Roles.
I first start to see this weird nslookup DNS resolving when I go to set the DNS FOrwarders (I have tried ISP and Public Google) where some will Validate and resolve FQDN and some will not.
If I then change the LB Mode from Address Hash to Hyper-V Port, I get zero issues.

Thoughts?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
Interesting that I came across http://www.aidanfinn.com/?p=14049 which talks about the setup I am going with that traffic will bypass NIC Team in Host if setup like this, so recommendation is to have multiple vNICs as you mentioned and multiple vSwitch (one per VM).
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
a much better description :-)

i's suggest that you were experience the problem on all traffic, but noticing it DNS being UDP rather than TCP

TCP works around ropped packets, UDP doesn't...

I probably wouldn't use Windows Teaming in a production environment, but 99% of the time I use HP servers with HP NICS, so it isn't an issue for me.

hyper-v port will only provide one physical NICs worth of bandwidth per guest, as it this is why I suggested doing the load balancing in the guest rather than the host, however if you're not running 2012 for the guests, thats a non starter...

As to why address hash was causing the problem;  I would look at the switch that the physical NICs are connected to, at a guess, it's MAC table was getting "confused", the difference between the management team and the guest team, is that the management team only has one MAC address on it, as opposed to the guest team which presumable has "more".

What swiitch are you using ? Does it have support for LACP ? What server and NICs are you using ?
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
Do you have SR-IOV NICs ? and an SR-IOV motherboard ?
0
 
LVL 6

Accepted Solution

by:
Flipp earned 0 total points
Comment Utility
So I also came across http://social.technet.microsoft.com/wiki/contents/articles/14131.windows-2012-server-nic-teaming-for-hyperv.aspx which confirms the LB Mode Address Hashing v Hyper-V Port connectivity findings.
SO am back on Hyper-V Port knowing that each Guest will only ever use 1GB link. Considering this is a small 40 User / Single Site environment I am not too concerned about getting a bigger link.
So I assume that if looking for greater link speeds I should NIC Team using NIC Manufacturer software on Host?
Not sure about SR-IOV, and considering my level of expertise I would prefer to keep things simple at moment :)
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
SR-IOV is a new hardware/driver combination that allows a physical device (such as a NIC, or HBA) to be presented as that device to the Guest, it requires a SR-IOV capable motherboard, device, and hypervisor, but is quite simple to use.

What switch (physical) are you using ?
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
Netgear GS748T in Test Lab
Netgear GS748TPS in Production
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
0
 
LVL 6

Author Comment

by:Flipp
Comment Utility
Am currently in "Switch Independent".

So are you saying that if I switch the mode to Static Teaming or LACP and Enable Trunking on switch this would resolve the connectivity issues and allow me to Team my NICs to have > 1GB link?
0
 
LVL 36

Expert Comment

by:ArneLovius
Comment Utility
might resolve them.

but I'd certainly give it a go
0
 
LVL 6

Author Closing Comment

by:Flipp
Comment Utility
I did not get a chance to try your suggestion above to switch modes as we went into production. May reference this on next project.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now