Intermittent internal DNS resolution issues (AD intergrated DNS)

Hi All

Our DNS servers are all Win 2008R2 domain controllers, we have our main internal Zone mydomain.local plus an additional couple of forward lookup zones that are also AD integrated,

I am seeing an issue were some workstations  are not able to resolve DNS records that are in these zones, yet the machine next to them can (all PC's are Win 7), also sometimes these same machines that are not working do in fact work, its intermittent,

I was notified that a web page was not working for a couple of users, when I tried to ping it from their machines I was getting host not found, however on the machines that were working it resolved, doing an IP config showed that they use the same primary DNS server.

if I do an nslookup on the machines that are working I get 2 timeouts before it resolves the name, not sure if that's relevant as it still works, all PC's are Gigabit connected and are on the same physical site as their primary DNS server.

Not really sure how to start troubleshooting this one, had a look on the DNS event log but nothing in there

Anyone got any idea's

Who is Participating?
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
If issue with NSLOOKUP only then it seems that your firewall does not support EDNS0 traffic, please try to disable this feature.To disable it, you can run this command: dnscmd /config /EnableEDNSProbes 0
EDNS0 (Extension mechanisms for DNS)
DNS Forwarders Problems in Windows 2008 R2 DNS Services
Also ensure the correct dns setting on DC as below.
Sushil SonawaneCommented:
Make sure on your desktop / system NIC card dns server setting pointing to your dns server.

Make sure your windows firewall or network firewall not blocking your dns request port no or access software/website port no.

If still issue persists then add host entry in local system host file it is store in  (root drive\windows\system32\drivers\etc\host)
ncomperAuthor Commented:

Yes all PC's point to our DC's for DNS.

We disable the firewall on all internal machines domain profile.

We did test adding an entry in the hosts file and it fixed it, as soon as we removed the issue come back, however I don't like using hosts file as its hard to manage and doesn't scale, I would prefer to to get to the root cause of the issue

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Have you done an ipconfig /flushdns on the machines? Are you purging stale DNS records?
Pramod UbheCommented:
also check for network latency between clients and DNS servers, it should not be more than 300msec.
Also you might want to check network settings of your clients like dns suffix, WINS settings, connection specific dns suffix. Also make sure to try fqdn.
ncomperAuthor Commented:
Latency on our network is sub 1 ms so don't think its that.

Thanks, ill check those articles out
ncomperAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.