Server 2008 DNS resolution problems.
Results 1 to 8 of 8

Thread: Server 2008 DNS resolution problems.

  1. #1
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778

    Server 2008 DNS resolution problems.

    I'm encountering a strange issue with DNS resolution on my two DNS servers, I also have confirmation of atleast one other domain that is having this issue.

    I'm running 2 DNS server, 2008 and 2008r2 in a domain. I run the DNS servers with root hints, has i don't like relying on anyone else, the fact that my ISP has flaky DNS servers does not help. The unrelated domain that is having the problem is also running server 2008 with roothints

    I'm encountering a few domains that simply will not resolve. Two examples are:

    www.cogeco.ca
    www.rogers.com

    I found a few others, but did not document them.

    I started up a BINDS server to test with (to see if DNS was being blocked by the ISP or destination) and BINDS is able to resolve without a problem. Also tested was a DNS server on windows 2003 and it was able to resolve without an issue.

    As a work-around, I'm setting Conditional Forwarders in the DNS for these domains and forwarding them to my BINDS server. However this is a very manual process and relies on reports from the users.

    Can anyone confirm this problem, recreate it or have a fix for it?
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  2. #2
    Registered User
    Join Date
    Feb 2008
    Location
    Fairmont, WV
    Posts
    5
    When name resolution is provided by root hints, Windows Server 2008 DNS may fail to resolve queries for names in certain top-level domains. When this happens, the problem will continue until the DNS Server cache is cleared or the DNS Server service is restarted. The problem can be seen with domains like .co.uk, .cn, and .br, but is not limited to these domains.

    When the problem is happening, an nslookup command issued for an affected name will return the error "server failed". A network trace will show that the DNS server does not send any traffic for such a request to the Internet. No events related to a problem are reported in the DNS Event Log.

    This problem does not happen if DNS Server is configured to use forwarders for Internet name resolution instead of root hints.

    To resolve the issue and continue using root hints, change the MaxCacheTTL registry value to 2 days or greater.

    Warning: Serious problems might occur if you modify the registry incorrectly by using Registry Editor or another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

    1. Start Registry Editor (regedit.exe).

    2. Locate the following registry key:

    3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DNS\Parameters

    4. On the Edit menu, click New, click DWORD (32-bit) Value, and then add the following value:
    Value: MaxCacheTTL
    Data Type: DWORD
    Data value: 0x2A300 (172800 seconds in decimal, or 2 days)


    5. Click OK.

    6. Quit Registry Editor.

    7. Restart the DNS Server service.

    http://support.microsoft.com/kb/968372

    Think this worked for me, but may have also been just restarting DNS that did it as that's worked previously. Time will tell.

  3. #3
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    No go on this fix, What's happening is that it's not a server fail, but a timeout. I guess i could use wireshark to try and troubleshoot it, but i'll need to do that when it's very very quiet..
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  4. #4
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Solution found.

    Looks like the issue is specific to 2008 R2 and has to do with how r2 deals with DNS queuries. I used the solution from the following URL.


    http://weblogs.asp.net/owscott/archi...ns-issues.aspx
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  5. #5
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    That's interesting. I'm scheduled to do my first Server 2008 deployment in another month or so (pending construction), so I'm trying to keep up any "gotcha's" I can find beforehand.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

  6. #6
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Quote Originally Posted by slgrieb View Post
    That's interesting. I'm scheduled to do my first Server 2008 deployment in another month or so (pending construction), so I'm trying to keep up any "gotcha's" I can find beforehand.
    Part of the theory is that the Firewall might have a role to play in the matter. Myself and Kedrin (who is also experiencing this problem) are going to do some more tests to see if that's the case.

    I'm behind a SonicWall and he's using a BSD firewall.
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

  7. #7
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    The client I'm doing my deployment for is (unfortunately in my opinion) using Perimeter eSecurity services instead of SonicWall. One of the few arguments I've lost with their board of directors. Based on my experience, this is going to magnify any small problems to large proportions.

    Of course, one of the bad things about working in a small market is not getting enough hands on time with server OS's. Companies around here that are large enough to need servers mostly have in-house staff. For the mid-range that would benefit by running their organization on a server, it can be a tough sell.
    Yes, Mr. Death... I'll play you a game! But not CHESS !!! BAH... FOOEY! My game is...
    WIFFLEBALL!

  8. #8
    Chat Operator Matridom's Avatar
    Join Date
    Jan 2002
    Location
    Ontario, Canada
    Posts
    3,778
    Quote Originally Posted by slgrieb View Post
    The client I'm doing my deployment for is (unfortunately in my opinion) using Perimeter eSecurity services instead of SonicWall. One of the few arguments I've lost with their board of directors. Based on my experience, this is going to magnify any small problems to large proportions.

    Of course, one of the bad things about working in a small market is not getting enough hands on time with server OS's. Companies around here that are large enough to need servers mostly have in-house staff. For the mid-range that would benefit by running their organization on a server, it can be a tough sell.
    Where i work, we are *just* big enough to have 1 on staff network admin and employee support person
    <Ferrit> Take 1 live chicken, cut the head off, dance around doing the hokey pokey and chanting: GO AWAY BAD VIRUS, GO AWAY BAD VIRUS
    -----------------------
    Windows 7 Pro x64
    Asus P5QL Deluxe
    Intel Q6600
    nVidia 8800 GTS 320
    6 gigs of Ram
    2x60 gig OCZ Vertex SSD (raid 0)
    WD Black 750 gig
    Antec Tri power 750 Watt PSU
    Lots of fans

Similar Threads

  1. Active Directory
    By hobgrom in forum Windows NT/2000
    Replies: 2
    Last Post: March 4th, 2006, 05:53 AM
  2. DNS Woes
    By gazzak in forum Tech-To-Tech
    Replies: 14
    Last Post: November 10th, 2005, 03:12 AM
  3. Replies: 1
    Last Post: January 14th, 2002, 06:47 PM
  4. Login problems on a server upgraded to Win2000
    By GHSTECH in forum Tech-To-Tech
    Replies: 0
    Last Post: November 16th, 2001, 08:28 AM
  5. Diamond V770 resolution problems
    By Quasited in forum Video Adapter/Monitor Drivers
    Replies: 1
    Last Post: October 7th, 1999, 07:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •