Announcement

Collapse
No announcement yet.

dns concerns

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • dns concerns

    the environment is a single sbs 2008 server.
    it's running AD Integrated DNS.
    It has two forwarders configured, to the ISP's servers.

    "internet fails" - by this they mean, they can't browse, but ping to ip addresses works.

    on investigation, it turns out the server itself is not forwarding requests to the relevant forwarders. it has "use root hints" ticked as well

    my question here is, shouldn't it fall over to second, and third, and fourth, etc, forwarders?
    and if that fails, forward over to the root.hints ?


    on the server itself, I tried running nslookup and changed the server to 8.8.8.8
    which also failed to provide me with any dns results.. just says server timed out.

    we eventually reset the modem, but I',m at a loss as to why this would work? Traffic is passing normally, it seems like it just suddenly decided to drop dns traffic.. ?


    any hints ?
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

  • #2
    Re: dns concerns

    As fas as I know, if the first forwarder is still contactable and just the DNS service is down for whatever reason, that it won't. Perhaps not applicable to your situation.

    Comment


    • #3
      Re: dns concerns

      Hello,

      On the "Forwarders" tab, if you hit the "Edit" button the server will test the connections to each forwarder.

      I just tried this on my system and got a green circle (with a tick inside) for each forwarder.

      Also on the same screen is a value for the "Timeout", mine is set to "3 Seconds".


      Regards,
      Stephen

      PS, "Root Hints" is also ticked on my system.

      Comment


      • #4
        Re: dns concerns

        when we were experiencing the problem, clicking edit failed to resolve the forwarders
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: dns concerns

          Personally I never use forwarders, I've had too many ISPs change their IPs at short notice causing issues to trust them.

          Make sure you have the MaxCacheTTL value set as well if you switch to root hints only.
          BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
          sigpic
          Cruachan's Blog

          Comment


          • #6
            Re: dns concerns

            yep, updating the maxttlcache was one thing I found and did quickly.

            I've also done a complete factory reset on the modem, and reconfigured it all.
            it's starting to become an ongoing hassle for the company now..
            sick of just resetting the modem
            i did find a rogue dhcp server though, and they had another adsl modem, running a separate connetion, that wasn't being routed to.

            so i added that to the draytek as well, to come up on failure of wan2..

            so hopefully I'll sort it one way or the other.
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: dns concerns

              Have you tried dumping a cheapo TP-Link modem on to eliminate the modem as the possible problem?
              Is this a dedicated xDSL line or is it sharing a fax with it? Thinking a faulty filter.
              Does it "time out" and lose DNS at regular intervals or is it just spasmodic?
              Does it start to happen at a certain time each day? Thinking employee connects laptop that has VMs running on it.

              Just read first post again.
              Originally posted by tehcamel
              on the server itself, I tried running nslookup and changed the server to 8.8.8.8
              which also failed to provide me with any dns results.. just says server timed out.
              That seems less like a DNS issue than it does a connectivity issue. What are the phone line/optic fibre connection like? eg: Does it fail after it rains? With the old dialup connections Telstra could do a MOLDS (spelling?) test to check the quality of the signal. On that note, can you check the signal/line noise on the modem.
              (Just read last post again so belay the TP-Link suggestion)

              Damn, back to the first post and read again. Really must get those new glasses.
              You can ping an external IP but are unable to resolve FQDNs. Sort of rules out my connectivity conspiracy but what are the ping times like? Normal or on the high side?

              Does it resolve DNS to internal Domain Names? eg >ping -a [internal IP] . >ping workstation (with firewall turned off)
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Re: dns concerns

                Wow, this sounds frighteningly like an issue I had two and a half years ago. I blogged about it on my old blog. Here's my first post about it that was proven to be wrong. My second post explained the ultimate solution, however.

                It turned out that the gateway (a LinkSys RV082 - may it be tormented forever) was in some way delaying or mangling DNS requests that the server sent out. The server was in no way looking to the RV082 for any kind of guidance. There was no dependency chain that they gateway was a part of. It was merely passing packets. However, it just didn't like the idea of keeping DNS traffic unmolested.

                I swapped the RV082 out for a SonicWall TZ180 and all was well. BTW, this wasn't purely cargo-cult systems administration. I really did try to track down the exact problem. I created a ticket with Microsoft, had a tech work on the server with me, captured data streams, analyzed it... the whole nine yards.

                List out each device that puts its mits on your packets and then consider if it could be tampering with it in some way. Likely it's a gateway device; router or modem.
                Wesley David
                LinkedIn | Careers 2.0
                -------------------------------
                Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                Vendor Neutral Certifications: CWNA
                Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                Comment


                • #9
                  Re: dns concerns

                  the only device it could be, is a Zyxel modem.
                  However, since this is the only device on the market that seems to support Bonded ADSL2, it's kind of stuck.

                  there aren't any other devices on the line - these are two dedicated ADSL lines. there's no filter in the way, but there shouldn't need to.

                  like wesley, I took any other servers and routers out of the equation, by going directly to 8.8.8.8

                  ping times are mostly perfectly normal - in the region of 30ms. what the isp have told me though, is that it seems to happen more during the day while people are in the office. Over th weekend, and cup day, it was perfectly fine.

                  that could be though, that people aren't in the office, so don't notice the dns going shonky and then coming good by itself.


                  There's a lot of fairly average posting around the traps about the zyxel modem..
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment

                  Working...
                  X