Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Using Forwarders on a Windows Server
I have always been told to use your ISP's DNSs as forwarders on Windows DNS Servers. Today there was a EventID 5504 in the event log and on of the articles from Microsoft says to turn off forwarders. That =kind of shocked me. So should you or should you not use forwarders on a Windows DNS Server?
I was surprised removing them the internet still worked. What does it use for resolution if it isn't forwarders?
I was surprised removing them the internet still worked. What does it use for resolution if it isn't forwarders?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Root hints are used when forwarders fail or are not used. I agree with DickMare though; lookups via root hints are slower than forwarder lookups.
I would either contact my ISP and see if they have other forwarders or use a different dns forwarder (possibly a public dns forwarder, e.g. google's public dns servers or openDNS).
-saige-
I would either contact my ISP and see if they have other forwarders or use a different dns forwarder (possibly a public dns forwarder, e.g. google's public dns servers or openDNS).
-saige-
I was using Comcast's DNSs. Switched to Google's and the EventID 5504 is still there so it isn't a forwarder issue. From what I read on EventID 5504 it isn't really worth messing with unless it is causing problems and it isn't. All the articles I read made it seem like a ISP DNS issue but that doesn't seem to be the case.
The IP Address of the offender is 173.254.179.200 which relates to a ISP in Sacremento, CA. So does that mean the forwarders are eventually hitting this ISP's DNS and it is returning something invalid?
The IP Address of the offender is 173.254.179.200 which relates to a ISP in Sacremento, CA. So does that mean the forwarders are eventually hitting this ISP's DNS and it is returning something invalid?
Can you use a tool like Wireshark to capture the packets to and from your server, I would like to know what workstation is trying to establish so many connections every so often to that IP
Finding the source might give you more insight to what is going on.
DirkMare
Finding the source might give you more insight to what is going on.
DirkMare
I have wireshark running and tried to filter by that IP address but it said it was an invalid address. I have a feeling it needs to be on the LAN and it isn't. Where can I apply the filter to look just for that destination address?
I don't normally use forwarders. The performance difference is largely theoretical; once running for a day or so most queries will be coming out of cache anyway. Would be really difficult to measure any difference in name resolution performance.
I am a little lost about root hints. Someone actually hosts a DNS Server "i.root-servers.net"? how could it be at 192.36.148.17?
There are three private ranges 10.0.0.0/24 (or 10.0.0.1 - 10.255.255.254), 172.16.0.0/20 (or 172.16.0.1 - 172.31.255.254) and 192.168.0.0/16 (or 192.168.0.1 - 192.168.255.254). Meaning that 192.36.148.17 is a perfectly valid public IP address.
Public and Private Addresses
-saige-
Public and Private Addresses
-saige-
That explains the private ranges but not the first part of the question. "Someone actually hosts a DNS Server "i.root-servers.net (along with the others)"?
Yes, someone actually hosts a nameserver called i.root-servers.net. This someone is Verisign.
You can read more about the *root* name servers here: https://en.wikipedia.org/wiki/Root_name_server
-saige-
Verisign, Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code top-level domains, and the back-end systems for the .jobs, .gov, and .edu top-level domains. Verisign also offers a range of security services, including managed DNS, distributed denial-of-service (DDoS) attack mitigation[5] and cyber-threat reporting.- Source
You can read more about the *root* name servers here: https://en.wikipedia.org/wiki/Root_name_server
-saige-
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2007… 140 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
Your DNS is either using cached queried results or root hints.
I would add them back. look at this article
DirkMare