Windows 2016 DNS not forwarding various domain names

Does anyone know why this is happening and how to fix it?

I have Windows DNS server configured on Server 2016.
Everything seems to be working aside from a couple of random public sites are not resolving.

Forwarders are set to 8.8.8.8, 8.8.4.4 and 208.67.222.222

I tried different configurations for DNS settings on the primary NIC assigned to the DNS server. None are 100% fucntional

Initially it was:
DNS1: 127.0.0.1
DNS2: none

Test 1
DNS1: 127.0.0.1
DNS2: 8.8.8.8

Test2
DNS1: 8.8.8.8
DNS2: 127.0.0.1


below is nslookup output from domain computers as well as from the server:

From command prompt on domain controller:

C:\Users\Administrator>nslookup www.logmein.com
Server:  localhost
Address:  127.0.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to localhost timed-out

C:\Users\Administrator>nslookup www.google.com
Server:  localhost
Address:  127.0.0.1

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400a:808::2004
          172.217.3.164


From command prompt on domain computer:

C:\Users\%username%>nslookup www.logmein.com
Server:  host.domain.local
Address:  10.14.3.10

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to host.domain.local timed-out

C:\Users\%username%>nslookup www.google.com
Server:  host.domain.local
Address:  10.14.3.10

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400a:808::2004
          172.217.7.132
David ZacharczykNetwork & Systems EngineerAsked:
Who is Participating?
 
David ZacharczykConnect With a Mentor Network & Systems EngineerAuthor Commented:
I figured it out.

As it turns out, there was an outbound firewall rule that was blocking dns requests to logmein.com.  I added an exception for it and it's working now.

Windows was working as expected. :)
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Do a ping to the forwarders, you don't need to set a secondary DNS in the cards since it's internal and if you put 8.8.8.8 google doesn't know a thing about your internal infrastructure I have told this almost daily to clients.

You need to make sure that the DNS port is open and you can do the forwarders from the GUI of DNS in windows server.
And of course after each change you need to clear the DNS cache by running ipconfig /flushdns, elsewhere you will get any behavior.
0
 
Jose Gabriel Ortega CCEO J0rt3g4 Consulting ServicesCommented:
Just delete the question.
0
 
David ZacharczykNetwork & Systems EngineerAuthor Commented:
I figured it out before any other users responded.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.