Solved

DNS request steps and problem to resolve only one external dns hostname

Posted on 2013-06-12
22
479 Views
Last Modified: 2013-06-17
I'm really struggling to find out why this happens.

DNS server: two local windows 2003 SP 2 DNS servers(FS1 and FS2)
each workstations configured to use FS1 as primary DNS server, FS2 as secondary DNS server.

I have problem to nslookup one specific hostname which is 'service101-us.mimecast.com'.

When I nslookup the hostname from the two DNS server consoles, it resolves with no problem.

But when I nslookup from any workstation, it fails. I run nslookup to FS2 to bypass the primary DNS server by typing 'nslookup - FS2', then nslookup, it successfully resolves.

So the problem seems to be the FS1, somehow it can't resolves the specific hostname. It happens daily, so I have to restart DNS service on FS1. then the problem goes away.

Does anyone know why FS1 can't resolve only one specific external DNS hostname until restarting dns service??
0
Comment
Question by:crcsupport
  • 13
  • 7
  • 2
22 Comments
 
LVL 1

Author Comment

by:crcsupport
ID: 39241446
> service101-us.mimecast.com
Server:  FS1.mydomain.local
Address:  192.xxx.xxx.xxx

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to FS1.mydomain.local timed-out
>
0
 
LVL 9

Assisted Solution

by:M Roe
M Roe earned 112 total points
ID: 39241484
do you have any forwarders setup on FS1
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39241496
No forwarders, only root hint
0
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39241498
When the problem occurs on FS1, try this:

nslookup
> server fs1.mydomain.local
> set debug
> service101-us.mimecast.com

Capture the data, then switch to fs2:

> server fs2.mydomain.local
> service101-us.mimecast.com

Compare the two outputs and see if they are both attempting to resolve in the same way.  One other thing you can try is to see if the cache on fs1 is getting corrupted.  In the DNS tool you can have it flush the cache.  When the problem crops up, confirm it with the nslookup against fs1, flush the cache, then test it again and see if it resolves.
0
 
LVL 9

Assisted Solution

by:M Roe
M Roe earned 112 total points
ID: 39241540
put in a forwarder and see if the issue is resolved
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39241892
Thanks. since I restarted DNS, it works again. I'll wait  a day or two and when problem occurs, I'll try options you guys suggested. It happens again in less than two days usually.
I'll keep this thread open till then.
0
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39241908
One thing to try...  Go ahead and capture the nslookup debug details from FS1 while it works, then run it again when it fails and see if anything jumps out at you.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39241951
That's good idea, gt2847c. I'll do that
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39241974
Following is the nslookup debug output while it works.

> set debug
> service101-us.mimecast.com
Server:  fs1.mydomain.local
Address:  192.xxx.xxx.xxx

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 6, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        service101-us.mimecast.com.MYDOMAIN.LOCAL, type = A, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.local
        ttl = 3600 (1 hour)
        primary name server = fs1.mydomain.local
        responsible mail addr = hostmaster
        serial  = 11665
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 900 (15 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 7, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        service101-us.mimecast.com.MYDOMAIN.LOCAL, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  mydomain.local
        ttl = 3600 (1 hour)
        primary name server = fs1.mydomain.local
        responsible mail addr = hostmaster
        serial  = 11665
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 900 (15 mins)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 8, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 1,  authority records = 0,  additional = 0

    QUESTIONS:
        service101-us.mimecast.com, type = A, class = IN
    ANSWERS:
    ->  service101-us.mimecast.com
        internet address = 207.211.31.80
        ttl = 288 (4 mins 48 secs)

------------
Non-authoritative answer:
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 9, rcode = NOERROR
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        service101-us.mimecast.com, type = AAAA, class = IN
    AUTHORITY RECORDS:
    ->  mimecast.com
        ttl = 86388 (23 hours 59 mins 48 secs)
        primary name server = dns01.mimecast.com
        responsible mail addr = root.mimecast.com
        serial  = 111540
        refresh = 10800 (3 hours)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

------------
Name:    service101-us.mimecast.com
Address:  207.211.31.80

>
0
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39242007
As you got a non-authoritative answer, this was pulled from cache.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39242197
Isn't is normal to have non-authoritative answer? Our AD integrated DNS server keeps DNS records of our internal domain only. Any request needs to go out to root hints to find which will return non-authoritative answer.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39242231
That's correct, I was just pointing out that your FS1 had already cached the entry when you ran your debug test.  If there is no cached entry, a query will force FS1 to recursively resolve the address and (the first time) you'll get an authoritative answer.  Thereafter until the TTL expires for the cached entry, you'll get the non-authoritative cached response.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39242378
Umm... That may explain the problem because it happens daily at some point. After I restart the DNS server, I manually resolve the hostname using nslookup. The  exchange server I'm having problem with DNS resolution to the hostname never contacts DNS server or outgoing email doesn't kick in to resolve the recipient mail server hostname (service101-us.mimecast.com).

The initial problem was because the recipient mail server locks out our outgoing mail to it. I found it's because they run grey listing at their spam filter. With further research, there's some glitch between exchange server older than 2010 and grey listing.

I thought I fixed the problem modifying registry key 'GlitchRetry' in exchange server, but it seems like it still has problem on DNS side.

I like to test quickly by flushing the DNS cache, but to be safe, I'll let you tomorrow. :)
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39244546
Again, 3 emails were stuck in our exchange server. NSlookup to the recipient mail server was timing out. This time, I cleared cache in DNS server FS1, then I forced connection in exchange server, emails went through.

I read online article about email being stuck in cache preventing proper DNS service.

Tomorrow, I'll see if clearing the cache helped for long run.
0
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39246062
One other item to try before clearing the DNS server cache...  The local machine also caches DNS entries...  On the exchange server, try (at cmd prompt) "ipconfig /flushdns" and see if that makes any difference...
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39247646
I did ipconfig /flushdns on exchange server, it didn't help.
I checked this morning again, the problems till exists. So stale record in DNS server's cache doesn't seem to be the culprit.
I added Google DNS 8.8.8.8 as a forwarder and see what happens tomorrow.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39247733
If this doesn't work, the last option that I have may be add manual record for mimecast in host file. I spoke to mimecast support, they seem as they haven't noticed this problem. I don't think I'm the only one having such problem.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39247745
Maybe others using exchange 2003 to send emails to mimecast and others expecting to receive emails from exhcnage 2003 sender don't really care about when the emails go through. But our client who uses mimecast email service calls us if they don't receive emails in 10 minutes after we sent. The stuck emails in queue go through usually after 40 minutes.
0
 
LVL 9

Assisted Solution

by:gt2847c
gt2847c earned 388 total points
ID: 39247750
Did you run an NSLOOKUP with debug when it was failing?  If so, did anything show an error or a failed lookup?
0
 
LVL 9

Accepted Solution

by:
gt2847c earned 388 total points
ID: 39247756
Another item, have you checked the exchange logs to see if there were any errors listed?
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39248038
I don't see any error on exchange log, it just shows normal process for the stuck email in queue.
1019,1020,1031,.1033,1034.

It doesn't show why it got stuck in queue and stay as active.

I forgot about running debug for DNS when I saw the problem.
I added forwarder, so will wait until Monday morning if email gets stuck again and this time I should not forget to run it.
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39253200
It looks like it was resolved. I didn't see the email stuck for 3 days. I found a news that Mimecast had DNS server problem around mid May, but it was in UK. I don't know if it somehow affected our DNS server's resolution without forwarder.

Thank you all!!!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now