Solved

Strange DNS resolution issue

Posted on 2014-03-12
6
455 Views
Last Modified: 2014-11-07
Hi all

I am having a strange issue on my inherited network, and I'm sure there is a misconfiguration somewhere. I find them all the time, unfortunately. This one has me stumped as to how to fix it.

I have an active directory integrated domain, let's call it corp.company.org. We also have a hosted website at company.org, which lives at ip 1.2.3.4

I have 4 dcs in my network and 3 dns servers. One of the dcs is also a print server, let's call it prtDC, it's FQDN is prtDC.corp.company.org.

Intermittently people report they can't print or access the internet. Almost without fail, if I ping the print server prtDC, it returns the ip of our website, 1.2.3.4.

The fix is to do ipconfig /release /flushdns /renew and it usually works.

This happens randomly, and I thought perhaps one of the DNS servers was failing, and the lookup was being passed to internet dns servers, which would return the IP of our company.org address. I added another DNS server, and made it the primary DNS server for our domain. This didn't fix the issue.

However, digging a little, I see that if from the command line I type "nslookup servername" then I get the correct internal ip. If I type "nslookup servername.corp.company.org" I get the external ip of our webserver. Our dns suffix search list is corp.comany.org and company.org, if this helps.

I did notice in the DNS manager on the servers, they list the SOA as themselves -- so DNSserverA lists DNSserverA and DNSserverB lists DNSserverB as the SOA.

Also, there was a name server record for a machine that doesn't have DNS installed. I deleted that manually, but this doesn't fix anything either.

Could anyone give me an idea of where to go to fix this? It's driving me crazy and I don't know exactly where to look.

EDIT: nslookup server returns right address (most of the time) and nslookup server.corp.company.org. (with the end . ) returns correctly too.
0
Comment
Question by:scox72
6 Comments
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 39924443
Lets start with basics
can you post dcdiag /test:dns /e  and dcdiag /q /e from one DC ...repadmin /replsum would also be great

Follow below link and let me know do you have proper DNS configured
Also let me know why do you have 2 DNS suffix

http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0
 
LVL 39

Expert Comment

by:footech
ID: 39924636
You might try some further diagnostics with nslookup.  Enter interactive mode and then set debug mode.  Also try one of your other DNS servers to see if it's returning the same info.
nslookup
set d2
servername.corp.company.org
server ip.of.other.dns
servername.corp.company.org


With AD integrated zones each DNS server will report itself in the SOA.

When a machine can't resolve is having trouble, have you verified that the info is correct from an ipconfig /all before doing the release/renew?
0
 

Author Comment

by:scox72
ID: 39926858
Hi guys thanks so much for the input.  When the problem happens I do check the ipconfig and it all looks fine. I'll make sure that's the case, though.

I went through best practices listed above, I do have to wait till this evening to do a start/stop on the dns and network service.

Here's the replsum:

Replication Summary Start Time: 2014-03-13 12:19:14

Beginning data collection for replication summary, this may take awhile:

  .......

Source DSA          largest delta    fails/total %%   error

 BART                      29m:16s    0 /  15    0  
 IDENTITY                  29m:16s    0 /  15    0  
 KNOWLEDGE                 29m:16s    0 /  15    0  
 REDBIRD                   27m:35s    0 /  15    0  

Destination DSA     largest delta    fails/total %%   error
 BART                      27m:36s    0 /  15    0  
 IDENTITY                  26m:56s    0 /  15    0  
 KNOWLEDGE                 25m:07s    0 /  15    0  
 REDBIRD                   29m:16s    0 /  15    0

------------------------

And I attached the other two files, as they're quite long. One thing -- I tested on another server and the dcdiag had several warns in the summary. I can post that too if you'd lke, just let me know.
dcdiag-Test.txt
dcdiag-Q-E.txt
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 39929711
However, digging a little, I see that if from the command line I type "nslookup servername" then I get the correct internal ip. If I type "nslookup servername.corp.company.org" I get the external ip of our webserver. Our dns suffix search list is corp.comany.org and company.org, if this helps.
EDIT: nslookup server returns right address (most of the time) and nslookup server.corp.company.org. (with the end . ) returns correctly too.
This suggests that you have a wildcard host record in the public company.org zone, and that record contains the IP address of your web server. Nslookup just loves to append suffixes, as you'll see if you run it in debug or d2 mode, so nslookup servername results in a query for servername.corp.company.org, which returns the correct host record, but nslookup servername.corp.company.org results in a query for servername.corp.company.org.corp.company.org, which doesn't match anything, and a query for servername.corp.company.org.company.org, which gets sent out to the public DNS because your server isn't authoritative for the company.org zone. Normally that query would fail too, but the wildcard *.company.org record matches it, so the address of the website gets returned.

As you've already seen, adding that final dot to your query keeps nslookup from appending suffixes, so nslookup servername.corp.company.org. should return the correct address every time (and it appears that it does).

If my assumption about the wildcard record is correct, it looks like internal queries are sometimes being sent out to the public DNS servers when they shouldn't be - a query for prtdc is being turned into a query for prtdc.company.org, which gets answered by the public DNS, rather than prt.corp.company.org, which would never go beyond your internal DNS. Are you certain that the DNS suffix search order (corp.company.org first) is correct on all machines? Come to think of it, do you even need company.org in the DNS suffix search list at all?

Of course, there's another possibility: have you double-checked to make sure your internal machines are only using your internal DNS servers?
0
 

Author Closing Comment

by:scox72
ID: 39983682
Took me a while to make sure this was working, but removing the external DNS entries from all computer and following best practices on all DNS servers to a T fixed this issue.

thanks again for your help!
0
 

Expert Comment

by:SuzenJ
ID: 40427934
Hi all..
I'm having the same exact DNS issue as scox72 but not sure how to resolve it.
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:

DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers

"This suggests that you have a wildcard host record in the public company.org zone, and that record contains the IP address of your web server."

Where to find the wildcard host record?? Need to check from NS1 server? or internal DNS servers?
0

Join & Write a Comment

Suggested Solutions

Resolve DNS query failed errors for Exchange
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now