scox72
asked on
Strange DNS resolution issue
Hi all
I am having a strange issue on my inherited network, and I'm sure there is a misconfiguration somewhere. I find them all the time, unfortunately. This one has me stumped as to how to fix it.
I have an active directory integrated domain, let's call it corp.company.org. We also have a hosted website at company.org, which lives at ip 1.2.3.4
I have 4 dcs in my network and 3 dns servers. One of the dcs is also a print server, let's call it prtDC, it's FQDN is prtDC.corp.company.org.
Intermittently people report they can't print or access the internet. Almost without fail, if I ping the print server prtDC, it returns the ip of our website, 1.2.3.4.
The fix is to do ipconfig /release /flushdns /renew and it usually works.
This happens randomly, and I thought perhaps one of the DNS servers was failing, and the lookup was being passed to internet dns servers, which would return the IP of our company.org address. I added another DNS server, and made it the primary DNS server for our domain. This didn't fix the issue.
However, digging a little, I see that if from the command line I type "nslookup servername" then I get the correct internal ip. If I type "nslookup servername.corp.company.or
I did notice in the DNS manager on the servers, they list the SOA as themselves -- so DNSserverA lists DNSserverA and DNSserverB lists DNSserverB as the SOA.
Also, there was a name server record for a machine that doesn't have DNS installed. I deleted that manually, but this doesn't fix anything either.
Could anyone give me an idea of where to go to fix this? It's driving me crazy and I don't know exactly where to look.
EDIT: nslookup server returns right address (most of the time) and nslookup server.corp.company.org. (with the end . ) returns correctly too.
I am having a strange issue on my inherited network, and I'm sure there is a misconfiguration somewhere. I find them all the time, unfortunately. This one has me stumped as to how to fix it.
I have an active directory integrated domain, let's call it corp.company.org. We also have a hosted website at company.org, which lives at ip 1.2.3.4
I have 4 dcs in my network and 3 dns servers. One of the dcs is also a print server, let's call it prtDC, it's FQDN is prtDC.corp.company.org.
Intermittently people report they can't print or access the internet. Almost without fail, if I ping the print server prtDC, it returns the ip of our website, 1.2.3.4.
The fix is to do ipconfig /release /flushdns /renew and it usually works.
This happens randomly, and I thought perhaps one of the DNS servers was failing, and the lookup was being passed to internet dns servers, which would return the IP of our company.org address. I added another DNS server, and made it the primary DNS server for our domain. This didn't fix the issue.
However, digging a little, I see that if from the command line I type "nslookup servername" then I get the correct internal ip. If I type "nslookup servername.corp.company.or
I did notice in the DNS manager on the servers, they list the SOA as themselves -- so DNSserverA lists DNSserverA and DNSserverB lists DNSserverB as the SOA.
Also, there was a name server record for a machine that doesn't have DNS installed. I deleted that manually, but this doesn't fix anything either.
Could anyone give me an idea of where to go to fix this? It's driving me crazy and I don't know exactly where to look.
EDIT: nslookup server returns right address (most of the time) and nslookup server.corp.company.org. (with the end . ) returns correctly too.
You might try some further diagnostics with nslookup. Enter interactive mode and then set debug mode. Also try one of your other DNS servers to see if it's returning the same info.
nslookup
set d2
servername.corp.company.or
server ip.of.other.dns
servername.corp.company.or
With AD integrated zones each DNS server will report itself in the SOA.
When a machine can't resolve is having trouble, have you verified that the info is correct from an ipconfig /all before doing the release/renew?
nslookup
set d2
servername.corp.company.or
server ip.of.other.dns
servername.corp.company.or
With AD integrated zones each DNS server will report itself in the SOA.
When a machine can't resolve is having trouble, have you verified that the info is correct from an ipconfig /all before doing the release/renew?
ASKER
Hi guys thanks so much for the input. When the problem happens I do check the ipconfig and it all looks fine. I'll make sure that's the case, though.
I went through best practices listed above, I do have to wait till this evening to do a start/stop on the dns and network service.
Here's the replsum:
Replication Summary Start Time: 2014-03-13 12:19:14
Beginning data collection for replication summary, this may take awhile:
.......
Source DSA largest delta fails/total %% error
BART 29m:16s 0 / 15 0
IDENTITY 29m:16s 0 / 15 0
KNOWLEDGE 29m:16s 0 / 15 0
REDBIRD 27m:35s 0 / 15 0
Destination DSA largest delta fails/total %% error
BART 27m:36s 0 / 15 0
IDENTITY 26m:56s 0 / 15 0
KNOWLEDGE 25m:07s 0 / 15 0
REDBIRD 29m:16s 0 / 15 0
------------------------
And I attached the other two files, as they're quite long. One thing -- I tested on another server and the dcdiag had several warns in the summary. I can post that too if you'd lke, just let me know.
dcdiag-Test.txt
dcdiag-Q-E.txt
I went through best practices listed above, I do have to wait till this evening to do a start/stop on the dns and network service.
Here's the replsum:
Replication Summary Start Time: 2014-03-13 12:19:14
Beginning data collection for replication summary, this may take awhile:
.......
Source DSA largest delta fails/total %% error
BART 29m:16s 0 / 15 0
IDENTITY 29m:16s 0 / 15 0
KNOWLEDGE 29m:16s 0 / 15 0
REDBIRD 27m:35s 0 / 15 0
Destination DSA largest delta fails/total %% error
BART 27m:36s 0 / 15 0
IDENTITY 26m:56s 0 / 15 0
KNOWLEDGE 25m:07s 0 / 15 0
REDBIRD 29m:16s 0 / 15 0
------------------------
And I attached the other two files, as they're quite long. One thing -- I tested on another server and the dcdiag had several warns in the summary. I can post that too if you'd lke, just let me know.
dcdiag-Test.txt
dcdiag-Q-E.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Took me a while to make sure this was working, but removing the external DNS entries from all computer and following best practices on all DNS servers to a T fixed this issue.
thanks again for your help!
thanks again for your help!
Hi all..
I'm having the same exact DNS issue as scox72 but not sure how to resolve it.
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers
"This suggests that you have a wildcard host record in the public company.org zone, and that record contains the IP address of your web server."
Where to find the wildcard host record?? Need to check from NS1 server? or internal DNS servers?
I'm having the same exact DNS issue as scox72 but not sure how to resolve it.
I have 2 internal DNS servers (DNS1 and DNS2) as per below settings:
DNS1 (Windows server) > Forwarders point to External DNS NS1 (Linux server)
DNS2 (Windows server) > No forwarders being set
No DNS suffix search list being configured in both internal DNS servers
"This suggests that you have a wildcard host record in the public company.org zone, and that record contains the IP address of your web server."
Where to find the wildcard host record?? Need to check from NS1 server? or internal DNS servers?
can you post dcdiag /test:dns /e and dcdiag /q /e from one DC ...repadmin /replsum would also be great
Follow below link and let me know do you have proper DNS configured
Also let me know why do you have 2 DNS suffix
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/