Announcement

Collapse
No announcement yet.

Failure to query external domain names with Windows 2008 R2 DNS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Failure to query external domain names with Windows 2008 R2 DNS

    Hello all,
    I recently took over the role of administering a small network, consisting of a single Win2K8 server configured as a DC/DNS and several member servers and clients machines.

    The problem I'm experiencing is that no machine can successfuly resolve external domain names (by pinging the name) but pinging external IPs work fine which means this is not a routing problem.

    The DNS server was originally configured with OpenDNS as forwarders. My attempt to use other DNS servers instead didn't help. Removing the forwarders altogether in an attempt to use the root hints didn't help either.

    The DC is correctly configured to its own IP for a DNS server in TCP/IP settings.
    Other machines are also configured to use the DC's IP as DNS.

    The whole network is behind a pfSense firewall, which is also configured to forward DNS queries to OpenDNS's servers using dnsmasq.

    The strange thing is that if a machine is configured to query the pfSense's DNS the query succeeds, leaving me with the impression that this is merely a misconfiguration of the DNS.


    I would appreciate any help in helping me resolve this matter and will gladly provide more information.


    Thanks,

    Itay

  • #2
    Re: Failure to query external domain names with Windows 2008 R2 DNS

    Is there a root zone on the server (*). If there is you need to delete it. Is the "disable recursion" option enabled on the server? If so, you need to disable it.

    Comment


    • #3
      Re: Failure to query external domain names with Windows 2008 R2 DNS

      Originally posted by joeqwerty View Post
      Is there a root zone on the server (*). If there is you need to delete it. Is the "disable recursion" option enabled on the server? If so, you need to disable it.
      Joe,

      There is no root zone on the DNS and the "Disable recursion" option is not ticked, these are among the earliest things I've checked.

      Any other idea?

      Comment


      • #4
        Re: Failure to query external domain names with Windows 2008 R2 DNS

        I would run a packet capture on the DNS server to see what's happening.

        Comment


        • #5
          Re: Failure to query external domain names with Windows 2008 R2 DNS

          I would like to add another piece of info -

          Suspecting that perhaps the pfSense router/firewall is blocking the DNS queries, I disconnected it and connected the network to the internet using a wireless router running DD-WRT firmware. The configuration is simple and the wireless radio was disregarded in this scenario.

          This made little effect, which leads me to believe that the pfSense box isn't the culprit.

          After returning the pfSense box, I did notice the following -

          1. Pinging google.com from any machine that queries my DC's DNS (including on the DC itself) unsurprisingy fails.
          2. Pinging google.com from a machine that queries the router's DNS succeeds.
          3. Pinging google.com again from a machine that queries the DC's DNS suceeds!
          4. from then on, I can reach google.com from any machine without trouble. I can repeat the steps above with different domain names and get the same confusing results!


          This is really getting me confused
          I've been trying to resolve this for so many hours now...
          Last edited by itayst; 16th July 2011, 21:19. Reason: typo

          Comment


          • #6
            Re: Failure to query external domain names with Windows 2008 R2 DNS

            Is 3 a different machine to 2? (presume it is from 4)

            How about putting in the router as a forwarder for the DC?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Failure to query external domain names with Windows 2008 R2 DNS

              Originally posted by Ossian View Post
              Is 3 a different machine to 2? (presume it is from 4)

              How about putting in the router as a forwarder for the DC?
              Yes, I've connected a seperate machine (from step 3) which is not a member of the domain and configured to use the router as a DNS. It can successfuly resolve any name queries. Also, after using this machine to query a name, I can successfuly query the same name even in machines where the queries previously failed (it's like the query is cached somewhere, for a while).

              Strangely enough, using the router as a forwarder for the DC's DNS doesn't produce any noticable change!

              I really don't know what's going on...
              Last edited by itayst; 17th July 2011, 08:39. Reason: revised for clarification

              Comment


              • #8
                Re: Failure to query external domain names with Windows 2008 R2 DNS

                Did you try using an external DNS as a DNS entry in the network properties of an individual machine. If all of a sudden you can hit external sites, it may be helpful to know then that the firewall or the router is not an issue. If then pointing to your own DNS things start mis-behaving, you may want to make sure that you have a roots.hint file accessible to your DNS (This is a file that hosts the mail DNS root servers). If it is still a problem, it could be the gateway that you are using.

                Hope that this helps.

                Comment

                Working...
                X