Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Windows 2003 DNS question

Posted on 2014-04-14
14
482 Views
Last Modified: 2014-04-25
We are running Windows 2003 server in a single domain config, 2 DC's both running DNS.  9 subnets.  Lately, just lately,  people are occasionally unable to access resources to a file server in xxx.xxx.xxx.1 by name, but they can do so by IP address.  Mapping a drive to \\xxx.xxx.xxx.x\share works where using the name of the server does not.  Further, occasionally a person will lose connectivity to the Exchange 2003 server (same subnet as the file server),  Pinging the exchange server by name from that client returns the outside address of the exchange server instead of the inside address.  A \flushdns on the client fixes the problem right away.  None of the clients are in the same subnet as the server.  All of the servers are in the same subnet, but only 2 of the servers seem to have problems.  People are able to log on and get to the internet with no problems.  This happens in several subnets.   DCDIAG and NETDIAG test both pass, except for the root hint errors which can safely be ignored (???? - really?).   Should any external name servers (ISP) be included in the list of the reverse lookup zones?  How exactly should the subnetted zones be configured?   Any thoughts on where to look to find the cause of this would be appreciated.
0
Comment
Question by:quaybj
  • 7
  • 4
  • 2
14 Comments
 
LVL 1

Expert Comment

by:A-p-u
ID: 40000482
If you are going to run a split DNS configuration (different answered returned internally and externally), you should configure your clients to use servers that all return the same answers.

See http://blogs.technet.com/b/networking/archive/2009/06/26/dns-client-resolver-behavior.aspx for more info on how Windows would handle these queries.
0
 
LVL 10

Expert Comment

by:Korbus
ID: 40000675
If /flushDNS fixes the problem that implies the following to me:
Your workstations primary and secondary DNS servers, are not providing the same results for this name.  So,
If you are using your two internal DNS servers for this, I would start by comparing that name entry on both servers.
If you are using an external DNS server as your secondary, this is probably why it's getting the wrong address.
Also consider: Both situations would imply your primary DNS server is not always responding fast enough.
0
 

Author Comment

by:quaybj
ID: 40002223
Thanks Korbus,

I am using 2 internal DNS servers, both are DC's, both using the same names servers. i compared each setting on the servers, they are identical.

I am not using external DNS server as a secondary.

Speed may be an issue, the primary server (also the primary DC) is colocated out of state, secondary is in a one of the subnets physically close to the other subnets.  But this isssue is new, the colocation is not.  

Might it matter that the colocated server is using itself as the primary DNS and the 'local' older, slower server is also using itself as the primary? So those entries on the TCP/IP properties tab are reversed, and have been for years.

I am considering running DNS on another faster server in a location with a bigger circuit. Thoughts on that?

Still need to know Should any external name servers (ISP) be included in the reverse lookup zones?
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:quaybj
ID: 40002238
A-P-U
thanks for your response, but this is not a split brain issue.
Q
0
 
LVL 10

Accepted Solution

by:
Korbus earned 500 total points
ID: 40002281
No, I don't think you need ISP name servers in the reverse lookup zone.  But, though I can't image why you might want it, I'm really not sure.

The server's primary and secondary DNS server's in the TCP/IP settings should not effect how DNS server works: it has it's own database, and forwarder IP addresses.  (it only effects where standard TCP/IP domain name resolution requests go, from the OS and other software.)

Regarding adding a DNS server: while this may help reduce occurrences, a slow primary DNS should NOT be messing you up like this.  

I think we first need to figure out how the workstations are ever resolving the external IP address for names that are defined internally on your DNS.  

This external IP address is obviously coming from external/internet DNS servers (please confirm this IP exists nowhere in your internal DNS); but it sounds like, the only thing that is referencing external DNS, is your internal DNS servers' forwarding (as it should be- pls confirm).  
So if all requests are going through your internal DNS, why is it using the forwarder results, rather than internal results?

I'm a bit stumped on how to test this, though.  I'll post back when I have an idea.
0
 

Author Comment

by:quaybj
ID: 40002383
I am not using forwarders.  I was,for years  but about 2 months ago, I started seeing weird access and resolution problems,  tested and found the forwarders I was using were not valid DNS servers, found this article http://support.microsoft.com/kb/291382 that said forwarders were not really necessary and that root hints were better, did some more tests, found I had incorrectly resolving root hints, fixed that (or so i thought!) and all was good up until about 10 days ago.  Since I am getting root hint error from didiag, maybe I should put the forwarders back?  and what is the real story on this error, which people say to safely ignore?  Seems wrong to me.

     TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (199.7.91.13)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 199.7.83.42 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
               
            DNS server: 199.7.91.13 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               
         ......................... domain.org passed test DNS

The issues I am seeing are internal, not external, except for the email server issue, which happens every once in a while.

My ISP says that the routing to external world is being done on their side.  

I checked the DNS and verified that that external address is not in the list.  The only external address is an A record for our public web server.
0
 
LVL 1

Expert Comment

by:A-p-u
ID: 40002416
I would suggest an ipconfig /all on the client and see what DNS servers are listed. Then do an nslookup against each of those DNS servers querying for your Exchange server.

If you have a client getting the external IP address of your Exchange server, we have to figure out where it is getting that from.
0
 

Author Comment

by:quaybj
ID: 40002613
ok, but I am out of the office, will try the nslookups on a machine that has had the email resolving issue tomorrow.

Thanks..
0
 
LVL 10

Expert Comment

by:Korbus
ID: 40002818
It might NOT be safe to ignore those errors, since you are not using forwarders in your DNS server config.  Most people DO use forwarders, which may be why they said this error can be ignored (just guessing tho).

Without forwarders, I would think root hint problems would be a major issue for resolving external domain names (of course, this is NOT your problem: incorrect resolution of INTERNAL names is).

Please take these comments with a grain of salt, I'm no expert on root hints.
0
 

Author Comment

by:quaybj
ID: 40010773
Thanks Korbus
I am out of the office over Easter, but will pick yhis up when I get back.  I also am wary of ignoring the root hint errors.
Q
0
 

Author Comment

by:quaybj
ID: 40020665
Korbus, the problem has gone away as mysteriously as it came.  I am closing this ticket and awarding you the points because you made useful suggestions.  If i find anything about root hints that i think is useful, i will post it.

Thanks.

Q
0
 
LVL 10

Expert Comment

by:Korbus
ID: 40020746
Hi Quaybj,

Thanks for following up.  Gosh those mysteriously disappearing issues are SO frustrating!  Will it come back? When? Who knows, arrrgghh.

Oh, you mentioned you were giving me some points, but it looks like you gave them all to APU.  Don't worry about it this time, but just want to make sure you were aware for future posts.

K
0
 

Author Closing Comment

by:quaybj
ID: 40022412
I am awarding points to Korbus because of the reasoned, logical answer.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question