CodeBlueEngineers
asked on
DNS Issues
Hi
I have a very strange DNS related issue.
I look after a company who is situated across 2 different sites with a separate subnet for each site.
There is a DNS server located in each site with 1 AD integrated zone, there is 1 domain.
Both servers are running server 2008 R2 64bit
The main problem is that workstations in each site cannot communicate with servers in the other site however they can still communicate with servers in the same site. The issue is intermittent
Servers in both sites can communicate with servers in the other site so there appears to be no issue at the server level.
I can ping all servers from workstations via IP address
when the problem occurs I cannot ping remote servers (from a workstation)and the response given is "ping response could not find host xxxxxx. Please check the name and try again"
However if I flush the DNS is works again for a period of time.
When its not working if I run the command ipconfig /flushdns to display the local DNS cache it displays all the servers in the remote site as negative DNS records eg
SERVERNAME
--------------------------
Name does not exist
As soon as I flush the DNS cache it works. But for some reason after a period of time the DNS records turn up as a negative DNS record.
If I run a nslookup it resolves all DNS names
If I turn off DNS client cache it works.
The workstations use DHCP
So this points to an issue on the workstation side, however it seems to affect all workstations at the same time which points back at the server
All workstations and servers have up to date AV software and I have run a scan and it picks up no issues.
I have run some debugging at the server DNS side and when the issue occurs it isn't logging anything that I can see.
I have checked firewall ports and DNS is open. I have also tried turning the firewall off completely.
The DNS replication is working fine.
I have set the TTL on DNS to 1 hour, I have enabled scavenging on DNS records to 1 day to see if this will help.
I have a very strange DNS related issue.
I look after a company who is situated across 2 different sites with a separate subnet for each site.
There is a DNS server located in each site with 1 AD integrated zone, there is 1 domain.
Both servers are running server 2008 R2 64bit
The main problem is that workstations in each site cannot communicate with servers in the other site however they can still communicate with servers in the same site. The issue is intermittent
Servers in both sites can communicate with servers in the other site so there appears to be no issue at the server level.
I can ping all servers from workstations via IP address
when the problem occurs I cannot ping remote servers (from a workstation)and the response given is "ping response could not find host xxxxxx. Please check the name and try again"
However if I flush the DNS is works again for a period of time.
When its not working if I run the command ipconfig /flushdns to display the local DNS cache it displays all the servers in the remote site as negative DNS records eg
SERVERNAME
--------------------------
Name does not exist
As soon as I flush the DNS cache it works. But for some reason after a period of time the DNS records turn up as a negative DNS record.
If I run a nslookup it resolves all DNS names
If I turn off DNS client cache it works.
The workstations use DHCP
So this points to an issue on the workstation side, however it seems to affect all workstations at the same time which points back at the server
All workstations and servers have up to date AV software and I have run a scan and it picks up no issues.
I have run some debugging at the server DNS side and when the issue occurs it isn't logging anything that I can see.
I have checked firewall ports and DNS is open. I have also tried turning the firewall off completely.
The DNS replication is working fine.
I have set the TTL on DNS to 1 hour, I have enabled scavenging on DNS records to 1 day to see if this will help.
Can you enlighten on how the remote sites are connected?, does each site have adsl connection or dedicated wan/fibre, and how is the routing setup? sounds like an issue with DNS and TTL
It looks like a DNS misconfiguration on DCs, check below link to correct it.
DNS Best Practices
Also make sure PDC is the authoritative Time Server for the domain.
http://support.microsoft.c
DNS Best Practices
Also make sure PDC is the authoritative Time Server for the domain.
http://support.microsoft.c
ASKER
That's great thanks Zenvenky, I will run this past the customer and organise a suitable time to do this. Will keep you posted. Some good advice there
ASKER
Hi experts
An update on the work carried out
I have configured the best practices as recommended, unfortunately the same issues still occur.
DISCLAIMER- The below setup was against our recommendation, and we do not support the network
However there are some configurations that they have which are definitely no recommended.
The servers in 1 site all have publicly listed IP addresses, these servers are also part of the AD domain.
The publicly facing DC is also being used as a DNS server and unfortunately they had received DOS attacks.
So to increase the security the local admin deleted all root hints and turned off all forwarders.
This is about the time that the issues first started occurring, I have asked to put this back to the way it was originally setup but they have refused due to the security concerns.
So if anyone can shed any light on this that would be great
An update on the work carried out
I have configured the best practices as recommended, unfortunately the same issues still occur.
DISCLAIMER- The below setup was against our recommendation, and we do not support the network
However there are some configurations that they have which are definitely no recommended.
The servers in 1 site all have publicly listed IP addresses, these servers are also part of the AD domain.
The publicly facing DC is also being used as a DNS server and unfortunately they had received DOS attacks.
So to increase the security the local admin deleted all root hints and turned off all forwarders.
This is about the time that the issues first started occurring, I have asked to put this back to the way it was originally setup but they have refused due to the security concerns.
So if anyone can shed any light on this that would be great
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Issue solved internally
ASKER
Also just a correction the command I run is ipconfig /displaydns to show the local DNS cache