• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

DNS Issues

Hi
I have a very strange DNS related issue.
I look after a company who is situated across 2 different sites with a separate subnet for each site.
There is a DNS server located in each site with 1 AD integrated zone, there is 1 domain.
Both servers are running server 2008 R2 64bit
The main problem is that workstations in each site cannot communicate with servers in the other site however they can still communicate with servers in the same site. The issue is intermittent
Servers in both sites can communicate with servers in the other site so there appears to be no issue at the server level.
I can ping all servers from workstations via IP address

when the problem occurs I cannot ping remote servers (from a workstation)and the response given is "ping response could not find host xxxxxx. Please check the name and try again"
However if I flush the DNS is works again for a period of time.
When its not working if I run the command ipconfig /flushdns to display the local DNS cache it displays all the servers in the remote site as negative DNS records eg

SERVERNAME
-------------------------------------------------
Name does not exist

As soon as I flush the DNS cache it works. But for some reason after a period of time the DNS records turn up as a negative DNS record.
If I run a nslookup it resolves all DNS names
If I turn off DNS client cache it works.
The workstations use DHCP
So this points to an issue on the workstation side, however it seems to affect all workstations at the same time which points back at the server
All workstations and servers have up to date AV software and I have run a scan and it picks up no issues.
I have run some debugging at the server DNS side and when the issue occurs it isn't logging anything that I can see.
I have checked firewall ports and DNS is open. I have also tried turning the firewall off completely.
The DNS replication is working fine.
I have set the TTL on DNS to 1 hour, I have enabled scavenging on DNS records to 1 day to see if this will help.
0
CodeBlueEngineers
Asked:
CodeBlueEngineers
  • 5
1 Solution
 
CodeBlueEngineersAuthor Commented:
To add to that I have also reloaded the DNS for the zone and manually forced replication.
Also just a correction the command I run is ipconfig /displaydns to show the local DNS cache
0
 
S00007359Cloud Engineering OfficerCommented:
Can you enlighten on how the remote sites are connected?, does each site have adsl connection or dedicated wan/fibre, and how is the routing setup? sounds like an issue with DNS and TTL
0
 
ZenVenkyArchitectCommented:
It looks like a DNS misconfiguration on DCs, check below link to correct it.

DNS Best Practices

Also make sure PDC is the authoritative Time Server for the domain.

http://support.microsoft.com/kb/816042
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
CodeBlueEngineersAuthor Commented:
That's great thanks Zenvenky, I will run this past the customer and organise a suitable time to do this. Will keep you posted. Some good advice there
0
 
CodeBlueEngineersAuthor Commented:
Hi experts
An update on the work carried out
I have configured the best practices as recommended, unfortunately the same issues still occur.
DISCLAIMER- The below setup was against our recommendation, and we do not support the network
However there are some configurations that they have which are definitely no recommended.
The servers in 1 site all have publicly listed IP addresses, these servers are also part of the AD domain.
The publicly facing DC is also being used as a DNS server and unfortunately they had received DOS attacks.
So to increase the security the local admin deleted all root hints and turned off all forwarders.
This is about the time that the issues first started occurring, I have asked to put this back to the way it was originally setup but they have refused due to the security concerns.
So if anyone can shed any light on this that would be great
0
 
CodeBlueEngineersAuthor Commented:
Hi experts
we have found the issue and applied the fix.
Basically as the DNS forwarders and root hints were removed, all workstations had been set to use google as the 3rd DNS server.
When local DNS was flushed we could then ping local servers, but as soon as something external needed to be resolved it would default to the google DNS server and then stay on that server for everything else. As google cannot resolve internal servers it would then fail to work.
The fix for this is we have removed the google DNS from all computers and set an internal facing DNS as the primary and forwarding out to the internet from there. There is still a few other things we need to do to get them in a best practice state but this is what fixed this issue
0
 
CodeBlueEngineersAuthor Commented:
Issue solved internally
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now