Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS Server not functioning properly

Posted on 2016-10-20
9
Medium Priority
?
56 Views
Last Modified: 2016-11-09
Ever since I changed my DHCP-DNS server and changed IP addresses it has not been able to get to the internet effectively.  I get a unable to connect to DNS error, if I refresh it a couple of time it will eventually come up. The Domain Controllers seem to be working correctly and I get no errors from them.  I have manually deleted all the old IP addresses from the forward Lookup Zones.  I know it's DNS problem because if I change the DNS to 8.8.8.8 on a local station it works fine.  

I have run the command _ldap._tcp.noam.reskit.com SRV service location:
and everything looks great, found both DNS server.  

The DNS Server is connected to my domain and active directory.  It worked fine until I moved the FSMO roles and changed the IP address of the DNS server
0
Comment
Question by:lcfrederickson
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41852265
Check your forwarders. Have you changed ISP? it could be that you still have your old ISP's Forwarders setup in your DNS.

Get the DNS forwarders from your current ISP. Even if you haven't changed, it could be that they have changed their forwarder addresses and you might have missed the communication from them. Click on Edit and delete, add and reorder forwarding servers as required.
0
 
LVL 37

Expert Comment

by:Kimputer
ID: 41852311
Use nslookup on a PC to see if the DNS servers are responding correctly (obviously, enter a few domain names to see if it looks up quickly, for both domain related, as well as internet based)
0
 

Author Comment

by:lcfrederickson
ID: 41852342
NS Lookup works fine.  My ISP has not changed but I probably should have mentioned that I have a SonicWall TZ600 SonicWall for a firewall between the ISP and my local network
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 
LVL 27

Assisted Solution

by:DrDave242
DrDave242 earned 400 total points (awarded by participants)
ID: 41852366
What are you using for forwarders on your DNS server? Since 8.8.8.8 works when your internal machines use it as a DNS server, you can remove your existing forwarders and use it (and 8.8.4.4) as forwarders instead. Alternatively, you can remove all of your forwarders and use root hints.

Also, is there any chance your firewall is configured to only pass outbound DNS traffic from certain addresses? This is somewhat unusual, but I've run across it before in environments where strict control of external name resolution is needed.
0
 

Author Comment

by:lcfrederickson
ID: 41852614
The forward lookup zones are the Active Directory-integraged Primary, and standard primary for my domain.  The firewall configuration hasn't changed.

I added the 8.8.8.8 and 8.8.4.4 to the forwarders and removed the ip addresses of my DNS server.  How will that affect the group policy assignments on my domain?
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 41852693
How will that affect the group policy assignments on my domain?
I'm not sure what you mean. Changing the forwarders won't affect Group Policy at all, since that's processed inside the domain. The forwarders only come into play for resolving queries for names outside the domain.
0
 
LVL 10

Accepted Solution

by:
Muhammad Mulla earned 1600 total points (awarded by participants)
ID: 41853573
Your own DNS servers shouldn't be in the Forwarders. As DrDave242 mentioned, Forwarders are not used for names inside the domain, hence your internal DNS servers don't need to be in there.
0
 

Author Comment

by:lcfrederickson
ID: 41853712
Thanks!!!  It seem to be working great!
0
 
LVL 10

Expert Comment

by:Muhammad Mulla
ID: 41880251
Author accepted answer.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question