Announcement

Collapse
No announcement yet.

Secondary DNS lookups failing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secondary DNS lookups failing

    Hi experts,

    Hopefully this is something obvious. We have a secondary Windows 2008 DNS server - the primary is a Windows 2003 box.

    Primary all seems happy - all names and records resolve correctly.

    If i use nslookup to test the secondary, the resolution fails most queries.

    The zones have transferred correctly, records created on the primary correctly appear on the secondary etc. The zones are not AD integrated, just standard primary and secondary.

    Here is an example of what happens:

    If i use nslookup to query the primary:

    server DNS1
    set type=all
    bathspa.ac.uk

    ****All output is correct - I get a complete listing of NS, MX records etc for the bathspa.ac.uk zone****

    If i use nslookup on the secondary:

    server DNS2
    set type=all
    bathspa.ac.uk

    (root) nameserver = c.root-servers.net
    (root) nameserver = d.root-servers.net
    (root) nameserver = e.root-servers.net
    (root) nameserver = f.root-servers.net
    (root) nameserver = g.root-servers.net
    (root) nameserver = h.root-servers.net
    (root) nameserver = i.root-servers.net
    (root) nameserver = j.root-servers.net
    (root) nameserver = k.root-servers.net
    (root) nameserver = l.root-servers.net
    (root) nameserver = m.root-servers.net
    (root) nameserver = a.root-servers.net
    (root) nameserver = b.root-servers.net
    c.root-servers.net internet address = 192.33.4.12
    d.root-servers.net internet address = 128.8.10.90
    e.root-servers.net internet address = 192.203.230.10

    I get the root name servers in response.

    I ran a packet trace on the connection and you can see a variety of DNS suffixes being tried against DNS2, until the point when the DNS server responds with the root name servers, for example, the first query comes through as:

    bathspa.ac.uk.bathspa.ac.uk
    bathspa.ac.uk.ac.uk
    bathspa.ac.uk.uk

    etc.

    Now, my original thinking was that this must be something to do with the DNS Suffix search list, or something along those lines.

    If i simply query "bathspa" using nslookup on DNS2, then the DNS server appends the .ac.uk for me and correctly resolves the records.

    Can anyone shed any light on what I may be missing? Hoepfully this post isn't too confusing! Any thoughts or information would be much appreciated,

    Many thanks

    Jonathan
    MCSA/MCSE 2000
    MCSA/MCSE 2003
    CCNA

    I love pies.

  • #2
    Re: Secondary DNS lookups failing

    Hi,

    Are you using root hints and not forwarders? Can't you just add some DNS forwarders into the system?

    Ste
    Steven Roberts
    IT Mercenary

    MCITP:EA|MCTS|MCSE 2003 (Messaging and Security)|MCSA 2003 (Messaging and Security)|MCP|Prince2 Practitioner

    Don't forget to click on the Yin-Yang icon to leave reputation points if you think my advice has been worthwhile!

    Comment


    • #3
      Re: Secondary DNS lookups failing

      Hi,

      Forgot to mention - these boxes have recursion disabled. They are external servers that only get used to query the domain from the outside and provide resolution for our internet based services and MX records etc.

      My understanding is that this disables the use of forwarders too,

      Many thanks

      Jonathan
      MCSA/MCSE 2000
      MCSA/MCSE 2003
      CCNA

      I love pies.

      Comment


      • #4
        Re: Secondary DNS lookups failing

        IS bathspa.ac.uk the zone that these servers host?

        As far as the suffixes that are being appended to the DNS qury, that's a function of the DNS client on the machine you're running nslookup from. If you're running nslookup from DNS2 then that's a function of the DNS client on DNS2 and shouldn't have any bearing on the DNS server component. It sounds to me like DNS2 doesn't know that it's authoratative for the zones it is hosting. Do you have NS and A records for DNS2 in the zone?

        The reason DNS2 gives you the list of root hint servers is because it's configured to not perform recursion (which is what you want) and it doesn't know that it's authoratative for the zone you're querying. This is all perfectly normal for a non-recursive DNS server... for domains that it's not authoratative for.

        Comment


        • #5
          Re: Secondary DNS lookups failing

          Hi,

          Thanks for the response, yes - it has A and NS records for the Zone, so should be authoritative.

          We have tried all the different variations of client configuration with regards to DNS suffix as you say, but still only ever get root hints.

          This is the first Windows 2008 Server that we have used to host DNS on, is there any fundamental differences between 2003 and 2008 that I should be aware of?

          We have managed to get it all set up in our DR LAN now, so hopefully we can experiment and find out whats going on,

          Many thanks

          Jonathan
          MCSA/MCSE 2000
          MCSA/MCSE 2003
          CCNA

          I love pies.

          Comment


          • #6
            Re: Secondary DNS lookups failing

            Just for info - this is now solved.

            A rebuild of the server and re-install of DNS has fixed the issue. Not entirely sure of root cause on this one, but all is ok now.

            Cheers

            Jonathan
            MCSA/MCSE 2000
            MCSA/MCSE 2003
            CCNA

            I love pies.

            Comment

            Working...
            X