[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

Windows 2008 DNS recursive failure

Simple query passes while recursive fails. seems that DNS CAN be resolved, just refuses to show in DNS properties monitoring tab

tried with and without forwarders. nslookup from server works when using local server DNS and google's public DNS.

when using local server DNS nslookup to www.microsoft.com regularly fails on first attempt

when recursion is disabled monitoring on the server is responding to both simple and recursive.

windows small business server 2011 standard sp1
0
tetrauk
Asked:
tetrauk
  • 5
  • 3
  • 2
  • +1
1 Solution
 
Cris HannaCommented:
Do you have DNS forwarders set up or using root hints?
There is a known issue if you only use root hints
0
 
Craig BeckCommented:
Yes if you only use root hints you'll see this behaviour.  Similarly if your DNS server uses external forwarders but a firewall is blocking traffic, for example, you'll also experience recursive failures.
0
 
tetraukAuthor Commented:
We have tried with forwarders and with Root hints.

Both have the same issue, It cant be a Firewall issue as i can nslookup to 8.8.8.8 fine.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Craig BeckCommented:
It may be a firewall issue even if you can nslookup to 8.8.8.8.

DNS Server uses TCP ports as well as UDP ports.  Client lookups generally only use UDP.  Therefore if your firewall is only allowing UDP port 53 outbound, but blocking TCP port 53, you'll fail recursive lookups.
0
 
tetraukAuthor Commented:
we have no blocking of any outbound connections on the router/firewall (draytek 2830)
0
 
Craig BeckCommented:
What about the firewall on the server itself?
0
 
tetraukAuthor Commented:
No. the firewall on the server is deactivated.
0
 
superjohnbarnesCommented:
Did you manage to solve this?  I have a similar issue on windows server 2008 with Draytek router.
0
 
tetraukAuthor Commented:
Still having this issue, we also use draytek routers and i'm wondering if this is an issue with draytek i have had previous issues with draytek and dns
0
 
superjohnbarnesCommented:
I think that the draytek is the main contender for DNS issues.  We use them heavily across our infrastructure and the DNS often falls over.  A reboot of the router works most times.

We are looking to move away from Draytek routers in the near future.
0
 
tetraukAuthor Commented:
*
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now