No announcement yet.

Misconfigured DNS server drops the subsequent DNS query for IPv4

  • Filter
  • Time
  • Show
Clear All
new posts

  • Misconfigured DNS server drops the subsequent DNS query for IPv4


    I'm new to the board (first post) and have an interesting problem that I think I've isolated but can't seem to solve.

    My problem is described by this paragraph I've found in several places online:
    "If the DNS server does not support IPv6, the name query fails. The querying node then sends a request to resolve the name to a set of IPv4 addresses (a request for A records). The misconfigured DNS server drops the subsequent DNS query for IPv4 addresses and the entire name resolution attempt fails, resulting in impaired network connectivity for the requesting node."

    I cannot find any information to "properly configure the subsequent DNS query for IPv4 addresses". I attempted the "dnscmd /config /enableednsprobes 0" fix mentioned in thread "DNS issues/external lookups with new Windows 2008 R2 dc's" on this board but that did not resolve the issue.

    My set up is that I have AD Integrated DNS running on Windows 2008 R2. I do not have IPv6 enabled on any of my hosts or servers. My DNS will resolve subsequent queries for A records held in my zone, however it will not for a delegate zone that I point to.

    Partial DNS Config: (zone: myzone.local)
    portal_login CNAME login.portal.myzone.local
    port1 A
    port2 A
    port-resolv A
    portal NS port-resolv.myzone.local

    port-resolv is running a load balancer application which resolves login to port1 or port2 depending on load.

    From a WinXP host running Putty or SSH Secure Shell I can SSH directly to portal_login and it works perfectly.

    From a Linux host (I've tried RHEL 4.2, 5.4, and 6.0) I get the following:
    -ping portal_login: returns perfect... translates to port1 or port2 and gets the address
    -nslookup portal_login: returns perfect... shows the translation through the two canonical names and returns with a name of port1 or port2 (.myzone.local) with the corresponding IP.
    -ssh portal_login: this is where it breaks. It returns: ssh: portal_login: Name or service not known.

    I started up tcpdump on the linux host and observed that when I ping or nslookup only a A request is sent, which is promptly responded to with a PTR response and proper resolution.

    However, when I ssh an AAAA request is sent first, then an A request and now there is no response.

    If I ssh to a hostname with an A record directly in my zone (like port1) then the same AAAA then A requests are sent but the server responds with the IP.

    Again, this only happens to hosts that are served by the Delegated Domain, and only on the linux hosts that send an IPv6 request first. Any help isolating and solving this is greatly appreciated.

  • #2
    Re: Misconfigured DNS server drops the subsequent DNS query for IPv4

    Moved to DNS forum for better response
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **