Link to home
Start Free TrialLog in
Avatar of James Parsons
James ParsonsFlag for Canada

asked on

SBS 2011 DNS Issue

We have SBS2011. If we set the internal NIC to point to itself the server cannot get out to the internet. Can only get out to the internet if we set it to google DNS or something like that. Also, we have issues with clients getting out to the internet using the internal DNS server. Doing some nslookup stuff made it seem like the server IP was being blocked, so we changed the IP on the server and it worked for a bit, but now the same things are happening. Also we can't add machines to the domain as it can't find the .local domain name by pinging. Wondering if we need to reinstall DNS on this box. Suggestions first?
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Very much doubt you need to reinstall DNS. And yes, changing the NIC settings will cause problems adding machines to the domain (and a plethora of other issues.)

Without the details of the nslookup tests you've done, it is tough to be precise. But if root hints arent' working for you, I'd set up forwarders on the DNS server service. Also do some testing to see if your ISP is doing any filtering. This is particularly common with residential connections. They limit the number of DNS queries and may restrict access to root hints or even 3rd-party DNS providers.

-Cliff
All machines on the domain including the server must point the server's IP an the ONLY DNS server - don't be tempted to point any machines to the internet either as the preferred or alternate DNS server.

Open the DNS console and make sure that you have a forwarder set to point either to your router or the ISPs designated DNS server - that the ONLY place an external DNS server should EVER be listed.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of James Parsons

ASKER

Hi KCTS - How you have descirbed it is how we have it setup. However, if we only point machines to the SBS box for DNS they cannot connect to the internet, so we've had to put Google DNS in the DHCP scope that these computers get in order to get out. Currently their DNS settings are:

192.168.1.4 (SBS Box)
8.8.8.8

As for the server, the only IP specified on its internal NIC is its own (192.168.1.4)

We've run the Fix My Network before and it hasnt' found any issues.
Add Forwarders to the forwarders tab on the DNS Server Properties.  That should resolve the problem.

http://technet.microsoft.com/en-us/library/cc754941.aspx

Alan
We do have the ISP DNS IP addresses in the forwarding tab. It shows the IP's. but says 'Unable To Resolve' for the server FQDN. This may be normal?
Forget the ISP - use 8.8.8.8 ans 8.8.4.4 (Google's), they usually work happily.

Alternatively try 158.43.240.4 and 158.43.240.3 (Pipex) - I've had success with those before.

Alan
Ok, changed the forwarders to Googles. NSLookup isn't resolving anything locally on that SBS box though. Timing out.
Restart the DNS Server Service and try again.
Restarted DNS Server services. See attached NSLookup.
nslookup.JPG
Perfect!!!!

Is that a client or the server?

Can you show me an ipconfig  /all from both the server and client please.

Thanks

Alan
That is nslookup from the server.  I've attached ipconfig / all for both server and client.
server-ipconfig-all.JPG
desktop-ipconfig-all.JPG
You have 192.168.1.1
and 8.8.8.8

listed in the clients as DNS server - REMOVE THESE

The only place these should be as forwarders as per my previous comment - having these listed will cause errors!!!

Because of the way DNS works if the SBS server does no respond in a timely manor to a client (maybe it is busy for a faction of a second), then the client will permanently switch to the next DNS server in the list - from that point onwards it won't be able to locate computers and services in its own domain.
While I absolutely agree, as I've read it, 8.8.8.8 is being added as a workaround. Further, nslookup isn't working *from* the server, and a client ipconfig wouldn't impact that. I'd like to get DNS working on the server, from the server first, then we can revisit the desktop.

In looking at the ipconfig from the server, I can't help but notice that there are two IPv6 link-local addresses on one NIC. That isn't a default configuration, even with windows' various auto-discovery methods. And while IPv6 in general would not interfere, if it has been misconfigured (and I suspect it has) then that *would* cause problems.

Can you tell me how that configuration came to exist?

-Cliff
Cliff - you're absolutely right. If i remove 192.168.1.1 and 8.8.8.8 from the DHCP scope (and subsequently from the desktops), then those devices cannot connect to the internet.

As far as the IPv6 on the server is concerned, not sure. This server was setup as  migration from SBS 2003. We do have two NICs on there, both enabled. We've left IPv6 enabled since we've heard of issues with slow boot times on SBS - but maybe that got fixed in 2011.
SBS does not support two NICs. Full stop. You can leave IPv6 enables, THAT is fine. But even in a migration, NIC settings are not pulled over, and one NIC would not receive two IPv6 addresses. The only way that happens is if it was set manually or IPv6 were *badly* misconfigured.

So here is what I'd do. First, have a backup.

Then. Have a backup.

And if you need to, make a backup.


From there, disable the NIC not in use (and don't tell me they are both in use!)  Then go into the adapter settings for the NIC that is still enabled, and if you are sure you aren't using IPv6, reset the IPv6 network settings to default...which is autoconfiguration only. No manually assigned IP addresses.

Then run the Fix My Network Wizard and see if it needs to rebind any services to the one NIC (probably the DNS service at the very least, which explains the DNS issue.)

And then you should be back in business.
Hi Cliff. We've disabled the secondary NIC. We also set the IPv6 on the primary adapter to obtain automatically - i'm not sure how those settings got there. Ran the 'Fix May Network' Wizard. Here:s what our results are. Not sure how to proceed at this point:

- Static IP address for IPv6 is not configured
- No internet connection found
- Could not configure the router
- The DNS server is not listening to the IP address of the primary network adapter
- DNS is using a DNS forwarder
- A DNS resource record is missing
- A internet DNS record is missing
- Exchange SMTP connectors are invalid


I'm not worried about the Exchange message as we're not using Exchange on this SBS box. However, i'm wondering which of these issues we should apply fixes too now.
The DNS issues, at least...except the forwarders one if you want to use forwarders. But missing records (the resource record and the internet record at least) and the DNs service listening on the wrong network adapter are all pretty big issues and will definitely cause problems.

The static IP issue is not significant.

The internet connection of course can't be found because it relies on DNS to test...and that is broken.

Not being able to configure the router is not uncommon. That uses UPnP to configure port forwarding for RWA and mail, but can be skipped and many people prefer not to rely on UPnP anyways.

And theSMTP connector, as you said, you don't care about. Long term that could be a problem...

So that leaves the other tests.

-Cliff
Alright. Fixed all of the DNS record issues, however that server still will not connect to the internet.
Is the server pointing to ITSELF as the DNS server - with no other DNS servers listed ?
Are you sure the errors are fixed? You've rebooted the server and rerun the fix my network wizard? You've tested this with nslookup?  The whole "will not connect to the internet" thing is just too vague. The internet is a vast network with many protocols and paths. Unless you unplugged the ethernet cable, I'm sure your server is connected to the internet. Just the appropriate and necessary traffic isn't being routed right, and we haven't verified that this was fixed....
KCTS - Correct. See attached screenshot of current IPv4 settings.
IPSettings.JPG
Update: It looks like the DNS on the server is the issue. Is there any way to reinstall DNS on SBS 2011?
We are going to try a new NIC in the box, but it looks like a DNS issue on the server and i think we need to reinstall DNS but we  have no experience with that.
As of now we have not been able to install and test on a new NIC.  So the troubleshooting continues.

Update to where we are at right now:

BPA: only shows warnings on things we aren't using

nslookup on the server in question:

nslookup 75.153.176.1
Server:    sbserver.sportsconnection.local
Address:    192.168.1.4

DNS request timed out.
        timeout was 2 seconds.

ipconfig of server in question:

ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : SBSERVER
   Primary Dns Suffix  . . . . . . . : SportsConnection.local
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : SportsConnection.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client) #34
   Physical Address. . . . . . . . . : D4-AE-52-66-D9-A7
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1099:7128:b929:dccd%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 248819282
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-C4-7D-01-D4-AE-52-66-D9-A7
   DNS Servers . . . . . . . . . . . : 192.168.1.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C0A28462-0059-4782-A616-A07BEBE4D9D9}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Forward lookup zone delegations appear to be correct
No conditional forwarders are configured
Reverse lookup zones appear to be correct
Forwarders are set as ISP currently (only way I could get them to resolve was by adding them to a fresh hosts file manually)
Root Hints are only used if forwarders are not available.

Any and all continued help with this issue will be greatly appreciated.
Any ideas based on the updated information provided?  I have a server that is not connecting to the internet and cannot figure out why.
Avatar of VASyncaddSA
VASyncaddSA

Any final resolution to this? We're running into similar issues.
Fix my network solved the issue.  Thanks.