Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DNS Issues

Posted on 2013-05-30
7
Medium Priority
?
259 Views
Last Modified: 2013-06-14
Hi
I have a very strange DNS related issue.
I look after a company who is situated across 2 different sites with a separate subnet for each site.
There is a DNS server located in each site with 1 AD integrated zone, there is 1 domain.
Both servers are running server 2008 R2 64bit
The main problem is that workstations in each site cannot communicate with servers in the other site however they can still communicate with servers in the same site. The issue is intermittent
Servers in both sites can communicate with servers in the other site so there appears to be no issue at the server level.
I can ping all servers from workstations via IP address

when the problem occurs I cannot ping remote servers (from a workstation)and the response given is "ping response could not find host xxxxxx. Please check the name and try again"
However if I flush the DNS is works again for a period of time.
When its not working if I run the command ipconfig /flushdns to display the local DNS cache it displays all the servers in the remote site as negative DNS records eg

SERVERNAME
-------------------------------------------------
Name does not exist

As soon as I flush the DNS cache it works. But for some reason after a period of time the DNS records turn up as a negative DNS record.
If I run a nslookup it resolves all DNS names
If I turn off DNS client cache it works.
The workstations use DHCP
So this points to an issue on the workstation side, however it seems to affect all workstations at the same time which points back at the server
All workstations and servers have up to date AV software and I have run a scan and it picks up no issues.
I have run some debugging at the server DNS side and when the issue occurs it isn't logging anything that I can see.
I have checked firewall ports and DNS is open. I have also tried turning the firewall off completely.
The DNS replication is working fine.
I have set the TTL on DNS to 1 hour, I have enabled scavenging on DNS records to 1 day to see if this will help.
0
Comment
Question by:CodeBlueEngineers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
7 Comments
 

Author Comment

by:CodeBlueEngineers
ID: 39209843
To add to that I have also reloaded the DNS for the zone and manually forced replication.
Also just a correction the command I run is ipconfig /displaydns to show the local DNS cache
0
 
LVL 12

Expert Comment

by:S00007359
ID: 39209855
Can you enlighten on how the remote sites are connected?, does each site have adsl connection or dedicated wan/fibre, and how is the routing setup? sounds like an issue with DNS and TTL
0
 
LVL 10

Expert Comment

by:Zenvenky
ID: 39209957
It looks like a DNS misconfiguration on DCs, check below link to correct it.

DNS Best Practices

Also make sure PDC is the authoritative Time Server for the domain.

http://support.microsoft.com/kb/816042
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 

Author Comment

by:CodeBlueEngineers
ID: 39210115
That's great thanks Zenvenky, I will run this past the customer and organise a suitable time to do this. Will keep you posted. Some good advice there
0
 

Author Comment

by:CodeBlueEngineers
ID: 39220951
Hi experts
An update on the work carried out
I have configured the best practices as recommended, unfortunately the same issues still occur.
DISCLAIMER- The below setup was against our recommendation, and we do not support the network
However there are some configurations that they have which are definitely no recommended.
The servers in 1 site all have publicly listed IP addresses, these servers are also part of the AD domain.
The publicly facing DC is also being used as a DNS server and unfortunately they had received DOS attacks.
So to increase the security the local admin deleted all root hints and turned off all forwarders.
This is about the time that the issues first started occurring, I have asked to put this back to the way it was originally setup but they have refused due to the security concerns.
So if anyone can shed any light on this that would be great
0
 

Accepted Solution

by:
CodeBlueEngineers earned 0 total points
ID: 39233571
Hi experts
we have found the issue and applied the fix.
Basically as the DNS forwarders and root hints were removed, all workstations had been set to use google as the 3rd DNS server.
When local DNS was flushed we could then ping local servers, but as soon as something external needed to be resolved it would default to the google DNS server and then stay on that server for everything else. As google cannot resolve internal servers it would then fail to work.
The fix for this is we have removed the google DNS from all computers and set an internal facing DNS as the primary and forwarding out to the internet from there. There is still a few other things we need to do to get them in a best practice state but this is what fixed this issue
0
 

Author Closing Comment

by:CodeBlueEngineers
ID: 39247011
Issue solved internally
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question