sshield4
asked on
Windows 2008r2 sp2 DNS
Our dns servers have cache.dns files.
If we do not have the check mark "use root hints " checked, are these files used?
I ask because the information in them is different. One server is able to resolve a site on AWS and the other server cannot.
Putting the check mark on does not seem to make a difference.
But if they are reading these files, that could be the root of the problem.
If we do not have the check mark "use root hints " checked, are these files used?
I ask because the information in them is different. One server is able to resolve a site on AWS and the other server cannot.
Putting the check mark on does not seem to make a difference.
But if they are reading these files, that could be the root of the problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Root hints servers do not come in play if you have configured Forwarders. did you check that both DNS servers are configured with same ISP DNS? can you check if you go to different ISP IPs from both DNS servers? Also, how and where are you checking the AWS URL?
I don't know why some people say that cached records are kept in the cache.dns file (located in C:\Windows\System32\dns), as I have never observed that to be true. Only root hints are kept there. Most Windows DNS/DCs are configured to load data from ActiveDirectory, and once the root hints are loaded from the file initially, the info is kept in AD. So, changing the cache.dns file doesn't reflect on your Root Hints tab, unless you were to first clear out the root hints container in AD (located under DC=RootDNSServers,CN=Micro softDNS,CN =System,DC =exampledo main,DC=co m).
I recommend you compare the Root Hints tab with what is listed at https://www.iana.org/domains/root/servers
I recommend you compare the Root Hints tab with what is listed at https://www.iana.org/domains/root/servers
ASKER
OK, that was what I was wondering, so we can rule out root hints.
Yes, same forwarders, but I have tried multiple other forwarders from our former ISP, and Open DNS, turning on root hints. Nothing works.All I can think of is that AWS is blocking that IP, but if it is really going to our ISP that should not even be a factor, correct?
Yes, same forwarders, but I have tried multiple other forwarders from our former ISP, and Open DNS, turning on root hints. Nothing works.All I can think of is that AWS is blocking that IP, but if it is really going to our ISP that should not even be a factor, correct?
is AWS link accessible from your home PC or mobile device? if so then that is not the factor. what happens if you do nslookup to the AWS link fqdn?
ASKER
times out on the bad server, goes through on the good server.
There is no home pc, we are a large organization.
Question for footech. Thanks for the link to the root hints page. How do I import that list, assuming mine is out of date. Also, these are not Ad servers. They are stand alone in the dmz zone.
There is no home pc, we are a large organization.
Question for footech. Thanks for the link to the root hints page. How do I import that list, assuming mine is out of date. Also, these are not Ad servers. They are stand alone in the dmz zone.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you everyone for all the help.
My network manager figured out what was going on when he looked at the logs because he saw it trying to go to our ISP, turned around and went out the VPN! He had a setting on the firewall for the one IP, but not the other.
I had forgotten that it went through the vpn.
My network manager figured out what was going on when he looked at the logs because he saw it trying to go to our ISP, turned around and went out the VPN! He had a setting on the firewall for the one IP, but not the other.
I had forgotten that it went through the vpn.
distributed equally
ASKER