Windows 2003 DNS forwarder

Guest · Nov 29, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

I have setup a DNS forwarder but I cannot get it to resolve.

Here is the debug output for a query to www.google.com

15:39:07 0E0 PACKET UDP Rcv 10.1.1.4 0007 Q [0001 D NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:07 0E0 PACKET UDP Snd 202.12.27.33 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:09 0E0 PACKET UDP Rcv 10.1.1.4 0008 Q [0001 D NOERROR]
(3)www(6)google(3)com(0)

15:39:09 0E0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:11 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:13 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:19 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:19 5A0 PACKET UDP Snd 202.12.27.33 3838 Q [0000 NOERROR]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000 NOERROR]
(3)www(6)google(3)com(0)

15:39:23 5A0 PACKET UDP Snd 10.1.1.4 0007 R Q [8281 DR SERVFAIL]
(3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)

15:39:25 5A0 PACKET UDP Snd 10.1.1.4 0008 R Q [8281 DR SERVFAIL]
(3)www(6)google(3)com(0)

It tries to go out through several root servers but no data is returned from
the query.

The DNS server is setup with all defaults.

The server NIC is visible on the network and setup with a gateway that our
Windows 2000 DNS forwarders use with no issues.

Any help is greatly appreciated.

TIA

Charles

Guest · Nov 29, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

dnscmd /enableednsprobes 0

restart dns. try again

--

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Charles Blair" <charles_blair@hotmail.com> wrote in message
news:eMLAQ$m1EHA.3468@TK2MSFTNGP14.phx.gbl...
> I have setup a DNS forwarder but I cannot get it to resolve.
>
> Here is the debug output for a query to www.google.com
>
>
> 15:39:07 0E0 PACKET UDP Rcv 10.1.1.4 0007 Q [0001 D NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:07 0E0 PACKET UDP Snd 202.12.27.33 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:09 0E0 PACKET UDP Rcv 10.1.1.4 0008 Q [0001 D NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:09 0E0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:11 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:13 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000 NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:19 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:19 5A0 PACKET UDP Snd 202.12.27.33 3838 Q [0000 NOERROR]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000 NOERROR]

> (3)www(6)google(3)com(0)
>
> 15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000 NOERROR]
> (3)www(6)google(3)com(0)
>
> 15:39:23 5A0 PACKET UDP Snd 10.1.1.4 0007 R Q [8281 DR SERVFAIL]
> (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
>
> 15:39:25 5A0 PACKET UDP Snd 10.1.1.4 0008 R Q [8281 DR SERVFAIL]
> (3)www(6)google(3)com(0)
>
>
> It tries to go out through several root servers but no data is returned
from
> the query.
>
> The DNS server is setup with all defaults.
>
> The server NIC is visible on the network and setup with a gateway that our
> Windows 2000 DNS forwarders use with no issues.
>
> Any help is greatly appreciated.
>
> TIA
>
> Charles
>
>

Guest · Nov 30, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

/enablednsprobes is not a valid command line switch for dnscmd

I can browse from the server, so I know I have internet connectivity.

There is no filter or firewall that is blocking this server.

All my Windows 2000 DNS forwarders are functioning with no issues.

Any other ideas?

Thanks.

Charles

"Deji Akomolafe" <noemail@akomolafe.dotcom> wrote in message
news:eI2Zafn1EHA.3596@TK2MSFTNGP12.phx.gbl...
> dnscmd /enableednsprobes 0
>
> restart dns. try again
>
> --
>
>
> Sincerely,
>
> Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
> Microsoft MVP - Directory Services
> www.readymaids.com - we know IT
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> "Charles Blair" <charles_blair@hotmail.com> wrote in message
> news:eMLAQ$m1EHA.3468@TK2MSFTNGP14.phx.gbl...
> > I have setup a DNS forwarder but I cannot get it to resolve.
> >
> > Here is the debug output for a query to www.google.com
> >
> >
> > 15:39:07 0E0 PACKET UDP Rcv 10.1.1.4 0007 Q [0001 D
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:07 0E0 PACKET UDP Snd 202.12.27.33 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:09 0E0 PACKET UDP Rcv 10.1.1.4 0008 Q [0001 D
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:09 0E0 PACKET UDP Snd 192.228.79.201 1840 Q [0000
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:11 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:13 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:15 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:17 5A0 PACKET UDP Snd 192.228.79.201 1840 Q [0000
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:19 5A0 PACKET UDP Snd 192.228.79.201 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:19 5A0 PACKET UDP Snd 202.12.27.33 3838 Q [0000
NOERROR]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000
NOERROR]
>
> > (3)www(6)google(3)com(0)
> >
> > 15:39:21 5A0 PACKET UDP Snd 202.12.27.33 1840 Q [0000
NOERROR]
> > (3)www(6)google(3)com(0)
> >
> > 15:39:23 5A0 PACKET UDP Snd 10.1.1.4 0007 R Q [8281 DR
SERVFAIL]
> > (3)www(6)google(3)com(6)MYDOMAIN(3)COM(0)
> >
> > 15:39:25 5A0 PACKET UDP Snd 10.1.1.4 0008 R Q [8281 DR
SERVFAIL]
> > (3)www(6)google(3)com(0)
> >
> >
> > It tries to go out through several root servers but no data is returned
> from
> > the query.
> >
> > The DNS server is setup with all defaults.
> >
> > The server NIC is visible on the network and setup with a gateway that
our
> > Windows 2000 DNS forwarders use with no issues.
> >
> > Any help is greatly appreciated.
> >
> > TIA
> >
> > Charles
> >
> >
>
>

Guest · Nov 30, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23M9rSSv1EHA.4072@TK2MSFTNGP10.phx.gbl,
Charles Blair <charles_blair@hotmail.com> commented
Then Kevin replied below:
> /enablednsprobes is not a valid command line switch for
> dnscmd
>
> I can browse from the server, so I know I have internet
> connectivity.
>
> There is no filter or firewall that is blocking this
> server.
>
> All my Windows 2000 DNS forwarders are functioning with
> no issues.
>
> Any other ideas?

So you don't have a Pix firewall?

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Guest · Nov 30, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

Yes ... I have a PIX firewall, which with this information, I did a search
on google and found the resolution to the problem.

Also, the dnscmd command is /Config /EnableEDnsProbes 0 which is what threw
me off on the previous post.

Everything is working great now.

Thanks for your help Kevin and Dèjì.

Charles

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OamxaZv1EHA.3120@TK2MSFTNGP12.phx.gbl...
> In news:%23M9rSSv1EHA.4072@TK2MSFTNGP10.phx.gbl,
> Charles Blair <charles_blair@hotmail.com> commented
> Then Kevin replied below:
> > /enablednsprobes is not a valid command line switch for
> > dnscmd
> >
> > I can browse from the server, so I know I have internet
> > connectivity.
> >
> > There is no filter or firewall that is blocking this
> > server.
> >
> > All my Windows 2000 DNS forwarders are functioning with
> > no issues.
> >
> > Any other ideas?
>
> So you don't have a Pix firewall?
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Guest · Nov 30, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:expBd%23v1EHA.4004@tk2msftngp13.phx.gbl,
Charles Blair <charles_blair@hotmail.com> commented
Then Kevin replied below:
> Yes ... I have a PIX firewall, which with this
> information, I did a search on google and found the
> resolution to the problem.
>
> Also, the dnscmd command is /Config /EnableEDnsProbes 0
> which is what threw me off on the previous post.
>
> Everything is working great now.

You should have fixed the Pix to allow UDP packets up to the MTU of the
link, that was the proper fix. Disabling EDNS is only a workaround to the
real fix. Your DNS server is more efficient if it can use EDNS because when
it has to use UDP packets of 512 bytes some packets will be truncated and
data lost. It will then have to make the query again using TCP which
requires more overhead to set up the connection.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Guest · Dec 1, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

What you said is mostly correct, Kevin. However, there are still a lot of
routers out there that do not understand EDNS, so letting your DNS talk EDNS
is a sure way to ensure that it will not be able to talk to many other
devices out there. I just find it easier to slow down and let the rest catch
up a little

--

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OGb8uEw1EHA.2196@TK2MSFTNGP14.phx.gbl...
> In news:expBd%23v1EHA.4004@tk2msftngp13.phx.gbl,
> Charles Blair <charles_blair@hotmail.com> commented
> Then Kevin replied below:
> > Yes ... I have a PIX firewall, which with this
> > information, I did a search on google and found the
> > resolution to the problem.
> >
> > Also, the dnscmd command is /Config /EnableEDnsProbes 0
> > which is what threw me off on the previous post.
> >
> > Everything is working great now.
>
> You should have fixed the Pix to allow UDP packets up to the MTU of the
> link, that was the proper fix. Disabling EDNS is only a workaround to the
> real fix. Your DNS server is more efficient if it can use EDNS because
when
> it has to use UDP packets of 512 bytes some packets will be truncated and
> data lost. It will then have to make the query again using TCP which
> requires more overhead to set up the connection.
>
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Guest · Dec 1, 2004

Archived from groups: microsoft.public.win2000.dns (More info?)

My bad, Charles. I typed that in a hurry. I should learn not to do that
"often"

--

Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Charles Blair" <charles_blair@hotmail.com> wrote in message
news:expBd#v1EHA.4004@tk2msftngp13.phx.gbl...
> Yes ... I have a PIX firewall, which with this information, I did a search
> on google and found the resolution to the problem.
>
> Also, the dnscmd command is /Config /EnableEDnsProbes 0 which is what
threw
> me off on the previous post.
>
> Everything is working great now.
>
> Thanks for your help Kevin and Dèjì.
>
> Charles
>
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:OamxaZv1EHA.3120@TK2MSFTNGP12.phx.gbl...
> > In news:%23M9rSSv1EHA.4072@TK2MSFTNGP10.phx.gbl,
> > Charles Blair <charles_blair@hotmail.com> commented
> > Then Kevin replied below:
> > > /enablednsprobes is not a valid command line switch for
> > > dnscmd
> > >
> > > I can browse from the server, so I know I have internet
> > > connectivity.
> > >
> > > There is no filter or firewall that is blocking this
> > > server.
> > >
> > > All my Windows 2000 DNS forwarders are functioning with
> > > no issues.
> > >
> > > Any other ideas?
> >
> > So you don't have a Pix firewall?
> >
> >
> >
> > --
> > Best regards,
> > Kevin D4 Dad Goodknecht Sr. [MVP]
> > Hope This Helps
> > ===================================
> > When responding to posts, please "Reply to Group"
> > via your newsreader so that others may learn and
> > benefit from your issue, to respond directly to
> > me remove the nospam. from my email address.
> > ===================================
> > http://www.lonestaramerica.com/
> > ===================================
> > Use Outlook Express?... Get OE_Quotefix:
> > It will strip signature out and more
> > http://home.in.tum.de/~jain/software/oe-quotefix/
> > ===================================
> > Keep a back up of your OE settings and folders
> > with OEBackup:
> > http://www.oehelp.com/OEBackup/Default.aspx
> > ===================================
> >
> >
>
>

Search

Windows 2003 DNS forwarder

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

TRENDING THREADS

Latest posts

Moderators online

Share this page