A reply for Herb Martin - from earlier post - DNS stops re..

Archived from groups: microsoft.public.win2000.dns (More info?)

Herb Martin wrote:

> "Steve Grosz" <boise_bound@hotmail.com> wrote in message
> news:OQ5pGgmAFHA.2804@TK2MSFTNGP15.phx.gbl...
>
>> I am running a DNS server on a P4 2.8g HT machine, which is also running
>> IIS.
>>
>> Several times throughout the day, if I try to get to one of the domains
>> I'm hosting, I get a DNS error, saying that the domain can't be found.
>>
>> At that time if I do a tracert to the domain, it fails.
>
>
>
> The above implies that your IP is broken unless you
> are merely saying that tracert never resolves the name
> -- and thus never even starts the trace.


That is what happens, the name doesn't resolve, and the trace won't begin.

>
>
>> If I wait about 5 minutes and do another tracert, the domain is found.
>
>
>
> Do you have a mix of INTERNAL and EXTERNAL (or other)
> DNS servers listed on the clients or on any forwarders at the
> servers?
>
> (Don't do that. Internal clients get internal only, forwarders
> [usually] get external only.)
>

I do have a forwarder to my ISP DNS servers so if anything isn't found
internally it should try at the ISP DNS servers.

>
>> I'll check the DNS logs for errors, and there are none.
>>
>> Any ideas why this is occuring? This is on a Win2003 server.
>
>
>
> What happens when you use NSLookup to try specific and
> individual DNS servers, e.g.,
>
> nslookup server.domain.com 192.168.10.1
> nslookup server.domain.com 192.168.10.2
>
> (Assuming that .1 is DNS1 and .2 is DNS2)


What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's) is:

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.161.x.x

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


>
> IGNORE any initial error in NSlookup relating to not finding
> the NAME of the DNS SERVER. All you care about is if
> the actual question you ask gets answered.
>
>
> DNS for AD
> 1) Dynamic for the zone supporting AD
> 2) All internal DNS clients NIC\IP properties must specify SOLELY
> that internal, dynamic DNS server (set.)
> 3) DCs and even DNS servers are DNS clients too -- see #2
>
> Restart NetLogon on any DC if you change any of the above that
> affects a DC and/or use:
>
> nltest /dsregdns /server:DC-ServerNameGoesHere
>
> Ensure that DNS zones/domains are fully replicated to all DNS
> servers for that (internal) zone/domain.
>
> Also useful may be running DCDiag on each DC, sending the
> output to a text file, and searching for FAIL, ERROR, WARN.
>
> Single Lable domain zone names are a problem Google:
> [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
>

I'm not using AD with DNS, just DNS server itself.

Steve
5 answers Last reply
More about reply herb martin earlier post stops
  1. Archived from groups: microsoft.public.win2000.dns (More info?)

    If I didn't respond to a thread, then it was unintentional,
    but sometimes they get lost in OE.

    "Steve Grosz" <boise_bound@hotmail.com> wrote in message
    news:ered0VNBFHA.3576@TK2MSFTNGP11.phx.gbl...
    > Herb Martin wrote:
    >
    > > "Steve Grosz" <boise_bound@hotmail.com> wrote in message
    > > news:OQ5pGgmAFHA.2804@TK2MSFTNGP15.phx.gbl...
    > >
    > >> I am running a DNS server on a P4 2.8g HT machine, which is also
    running
    > >> IIS.
    > >>
    > >> Several times throughout the day, if I try to get to one of the
    domains
    > >> I'm hosting, I get a DNS error, saying that the domain can't be found.
    > >>
    > >> At that time if I do a tracert to the domain, it fails.
    > >
    > > The above implies that your IP is broken unless you
    > > are merely saying that tracert never resolves the name
    > > -- and thus never even starts the trace.
    >
    > That is what happens, the name doesn't resolve, and the trace won't begin.

    Then it is name resolution. DNS mostly.

    Tracert itself is not failing, the name resolution is failing.

    > >> If I wait about 5 minutes and do another tracert, the domain is found.

    [I did respond to this before, so maybe the message
    was lost.]

    Sounds like a DNS server resolving LATE, so it gets
    into cache and then is available later, but not this time
    due to timeouts.

    > > Do you have a mix of INTERNAL and EXTERNAL (or other)
    > > DNS servers listed on the clients or on any forwarders at the
    > > servers?
    > >
    > > (Don't do that. Internal clients get internal only, forwarders
    > > [usually] get external only.)
    >
    > I do have a forwarder to my ISP DNS servers so if anything isn't found
    > internally it should try at the ISP DNS servers.

    That is not a "Mix" on the client -- that IS WHAT you should
    have for resolving both internal and external names.

    What we are looking for is (one or both of):

    1) Clients with both Internal and External ON THE NIC
    2) DNS servers with a mix of Int/Ext in the Forwarders

    That "usually" worries me -- if you have an Internal DNS
    server with a MIX on the Forwarder list then it will give
    unpredictable results (perhaps) or late results (perhaps.)

    > >> I'll check the DNS logs for errors, and there are none.
    > >> Any ideas why this is occuring? This is on a Win2003 server.
    > >
    > >
    > > What happens when you use NSLookup to try specific and
    > > individual DNS servers, e.g.,
    > >
    > > nslookup server.domain.com 192.168.10.1
    > > nslookup server.domain.com 192.168.10.2
    > >
    > > (Assuming that .1 is DNS1 and .2 is DNS2)
    >
    >
    > What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's)
    is:

    What if you try various DNS servers? Several internal,
    and the ISP directly?

    > DNS request timed out.
    > timeout was 2 seconds.
    > Server: UnKnown
    > Address: 209.161.x.x

    IGNORE any initial error in NSlookup relating to not finding

    > DNS request timed out.
    > timeout was 2 seconds.
    > DNS request timed out.
    > timeout was 2 seconds.
    >
    IGNORE any initial error in NSlookup relating to not finding


    > > IGNORE any initial error in NSlookup relating to not finding
    > > the NAME of the DNS SERVER. All you care about is if
    > > the actual question you ask gets answered.

    What we care about is does it go on and RESOLVE.


    > >
    > > DNS for AD
    > > 1) Dynamic for the zone supporting AD
    > > 2) All internal DNS clients NIC\IP properties must specify SOLELY
    > > that internal, dynamic DNS server (set.)
    > > 3) DCs and even DNS servers are DNS clients too -- see #2
    > >
    > > Restart NetLogon on any DC if you change any of the above that
    > > affects a DC and/or use:
    > >
    > > nltest /dsregdns /server:DC-ServerNameGoesHere
    > >
    > > Ensure that DNS zones/domains are fully replicated to all DNS
    > > servers for that (internal) zone/domain.
    > >
    > > Also useful may be running DCDiag on each DC, sending the
    > > output to a text file, and searching for FAIL, ERROR, WARN.
    > >
    > > Single Lable domain zone names are a problem Google:
    > > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
    > >
    >
    > I'm not using AD with DNS, just DNS server itself.

    Do you have any ZONES internally?

    If not, you could actually do some mixing.

    Why do you run DNS internally?
    (I can think of some good reasons but without Internal
    zones they are not as numerous.)

    > Steve
    >
  2. Archived from groups: microsoft.public.win2000.dns (More info?)

    Herb,

    Ok, here are some more answers to your questions! :)

    >
    >
    >> > Do you have a mix of INTERNAL and EXTERNAL (or other)
    >> > DNS servers listed on the clients or on any forwarders at the
    >> > servers?
    >> >
    >> > (Don't do that. Internal clients get internal only, forwarders
    >> > [usually] get external only.)
    >>
    >>I do have a forwarder to my ISP DNS servers so if anything isn't found
    >>internally it should try at the ISP DNS servers.
    >
    >
    > That is not a "Mix" on the client -- that IS WHAT you should
    > have for resolving both internal and external names.
    >
    > What we are looking for is (one or both of):
    >
    > 1) Clients with both Internal and External ON THE NIC
    > 2) DNS servers with a mix of Int/Ext in the Forwarders
    >
    > That "usually" worries me -- if you have an Internal DNS
    > server with a MIX on the Forwarder list then it will give
    > unpredictable results (perhaps) or late results (perhaps.)

    What I have is my WAP doing DHCP, and for the DNS server I have it
    handing out the IP of my internal DNS server only, no external DNS is
    listed.

    >
    >
    >> >> I'll check the DNS logs for errors, and there are none.
    >> >> Any ideas why this is occuring? This is on a Win2003 server.
    >> >
    >> >
    >> > What happens when you use NSLookup to try specific and
    >> > individual DNS servers, e.g.,
    >> >
    >> > nslookup server.domain.com 192.168.10.1
    >> > nslookup server.domain.com 192.168.10.2
    >> >
    >> > (Assuming that .1 is DNS1 and .2 is DNS2)
    >>
    >>
    >>What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's)
    >
    > is:
    >
    > What if you try various DNS servers? Several internal,
    > and the ISP directly?
    >
    >
    >>DNS request timed out.
    >> timeout was 2 seconds.
    >>Server: UnKnown
    >>Address: 209.161.x.x
    >
    >
    > IGNORE any initial error in NSlookup relating to not finding
    >
    >
    >>DNS request timed out.
    >> timeout was 2 seconds.
    >>DNS request timed out.
    >> timeout was 2 seconds.
    >>
    >
    > IGNORE any initial error in NSlookup relating to not finding
    >
    >
    >
    >> > IGNORE any initial error in NSlookup relating to not finding
    >> > the NAME of the DNS SERVER. All you care about is if
    >> > the actual question you ask gets answered.
    >
    >
    > What we care about is does it go on and RESOLVE.

    I may be having problems from within a corporate firewall, and other
    systems, because it never resolves.

    >
    >
    >
    >> >
    >> > DNS for AD
    >> > 1) Dynamic for the zone supporting AD
    >> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
    >> > that internal, dynamic DNS server (set.)
    >> > 3) DCs and even DNS servers are DNS clients too -- see #2
    >> >
    >> > Restart NetLogon on any DC if you change any of the above that
    >> > affects a DC and/or use:
    >> >
    >> > nltest /dsregdns /server:DC-ServerNameGoesHere
    >> >
    >> > Ensure that DNS zones/domains are fully replicated to all DNS
    >> > servers for that (internal) zone/domain.
    >> >
    >> > Also useful may be running DCDiag on each DC, sending the
    >> > output to a text file, and searching for FAIL, ERROR, WARN.
    >> >
    >> > Single Lable domain zone names are a problem Google:
    >> > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
    >> >
    >>
    >>I'm not using AD with DNS, just DNS server itself.
    >
    >
    > Do you have any ZONES internally?
    > If not, you could actually do some mixing.

    If I'm remembering correctly, no, there are no zones set up.

    >
    > Why do you run DNS internally?
    > (I can think of some good reasons but without Internal
    > zones they are not as numerous.)

    I run DNS because I host a couple of separate domains, for email and web
    hosting.

    Steve
  3. Archived from groups: microsoft.public.win2000.dns (More info?)

    > > Why do you run DNS internally?
    > > (I can think of some good reasons but without Internal
    > > zones they are not as numerous.)
    >

    Do NONE of the NSlookup commands ever give
    back anything (useful)?

    Including the ones where you specify a ISP DNS
    server?

    > I run DNS because I host a couple of separate domains, for email and web
    > hosting.
    >

    That still doesn't explain why you run internal
    DNS (might be good reasons) if you don't have
    any INTERNAL zones?

    You need to use NSLookup or a similar tool
    and figure out WHERE the resolution is breaking
    down...move to that server and try the same from
    there.


    --
    Herb Martin


    "Steve Grosz" <boise_bound@hotmail.com> wrote in message
    news:#tgnGNOBFHA.1392@tk2msftngp13.phx.gbl...
    > Herb,
    >
    > Ok, here are some more answers to your questions! :)
    >
    > >
    > >
    > >> > Do you have a mix of INTERNAL and EXTERNAL (or other)
    > >> > DNS servers listed on the clients or on any forwarders at the
    > >> > servers?
    > >> >
    > >> > (Don't do that. Internal clients get internal only, forwarders
    > >> > [usually] get external only.)
    > >>
    > >>I do have a forwarder to my ISP DNS servers so if anything isn't found
    > >>internally it should try at the ISP DNS servers.
    > >
    > >
    > > That is not a "Mix" on the client -- that IS WHAT you should
    > > have for resolving both internal and external names.
    > >
    > > What we are looking for is (one or both of):
    > >
    > > 1) Clients with both Internal and External ON THE NIC
    > > 2) DNS servers with a mix of Int/Ext in the Forwarders
    > >
    > > That "usually" worries me -- if you have an Internal DNS
    > > server with a MIX on the Forwarder list then it will give
    > > unpredictable results (perhaps) or late results (perhaps.)
    >
    > What I have is my WAP doing DHCP, and for the DNS server I have it
    > handing out the IP of my internal DNS server only, no external DNS is
    > listed.
    >
    > >
    > >
    > >> >> I'll check the DNS logs for errors, and there are none.
    > >> >> Any ideas why this is occuring? This is on a Win2003 server.
    > >> >
    > >> >
    > >> > What happens when you use NSLookup to try specific and
    > >> > individual DNS servers, e.g.,
    > >> >
    > >> > nslookup server.domain.com 192.168.10.1
    > >> > nslookup server.domain.com 192.168.10.2
    > >> >
    > >> > (Assuming that .1 is DNS1 and .2 is DNS2)
    > >>
    > >>
    > >>What I get if I try nslookup ns1.domain.com 192.168.10.1 (using my IP's)
    > >
    > > is:
    > >
    > > What if you try various DNS servers? Several internal,
    > > and the ISP directly?
    > >
    > >
    > >>DNS request timed out.
    > >> timeout was 2 seconds.
    > >>Server: UnKnown
    > >>Address: 209.161.x.x
    > >
    > >
    > > IGNORE any initial error in NSlookup relating to not finding
    > >
    > >
    > >>DNS request timed out.
    > >> timeout was 2 seconds.
    > >>DNS request timed out.
    > >> timeout was 2 seconds.
    > >>
    > >
    > > IGNORE any initial error in NSlookup relating to not finding
    > >
    > >
    > >
    > >> > IGNORE any initial error in NSlookup relating to not finding
    > >> > the NAME of the DNS SERVER. All you care about is if
    > >> > the actual question you ask gets answered.
    > >
    > >
    > > What we care about is does it go on and RESOLVE.
    >
    > I may be having problems from within a corporate firewall, and other
    > systems, because it never resolves.
    >
    > >
    > >
    > >
    > >> >
    > >> > DNS for AD
    > >> > 1) Dynamic for the zone supporting AD
    > >> > 2) All internal DNS clients NIC\IP properties must specify SOLELY
    > >> > that internal, dynamic DNS server (set.)
    > >> > 3) DCs and even DNS servers are DNS clients too -- see #2
    > >> >
    > >> > Restart NetLogon on any DC if you change any of the above that
    > >> > affects a DC and/or use:
    > >> >
    > >> > nltest /dsregdns /server:DC-ServerNameGoesHere
    > >> >
    > >> > Ensure that DNS zones/domains are fully replicated to all DNS
    > >> > servers for that (internal) zone/domain.
    > >> >
    > >> > Also useful may be running DCDiag on each DC, sending the
    > >> > output to a text file, and searching for FAIL, ERROR, WARN.
    > >> >
    > >> > Single Lable domain zone names are a problem Google:
    > >> > [ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
    > >> >
    > >>
    > >>I'm not using AD with DNS, just DNS server itself.
    > >
    > >
    > > Do you have any ZONES internally?
    > > If not, you could actually do some mixing.
    >
    > If I'm remembering correctly, no, there are no zones set up.
    >
    > >
    > > Why do you run DNS internally?
    > > (I can think of some good reasons but without Internal
    > > zones they are not as numerous.)
    >
    > I run DNS because I host a couple of separate domains, for email and web
    > hosting.
    >
    > Steve
  4. Archived from groups: microsoft.public.win2000.dns (More info?)

    Ok, what I did was log onto the server, and ran the nslookup command,
    what I got was:
    Server: 209-161-4-74.sgrosz.d1.boi.fiberpipe.net
    Address: 209.161.4.74

    Name: ns1.computicle.com
    Address: 209.161.4.74

    But does that help at all in this problem?

    Steve


    Herb Martin wrote:
    >>>Why do you run DNS internally?
    >>>(I can think of some good reasons but without Internal
    >>>zones they are not as numerous.)
    >>
    >
    > Do NONE of the NSlookup commands ever give
    > back anything (useful)?
    >
    > Including the ones where you specify a ISP DNS
    > server?
    >
    >
    >>I run DNS because I host a couple of separate domains, for email and web
    >>hosting.
    >>
    >
    >
    > That still doesn't explain why you run internal
    > DNS (might be good reasons) if you don't have
    > any INTERNAL zones?
    >
    > You need to use NSLookup or a similar tool
    > and figure out WHERE the resolution is breaking
    > down...move to that server and try the same from
    > there.
    >
    >
  5. Archived from groups: microsoft.public.win2000.dns (More info?)

    "Steve Grosz" <boise_bound@hotmail.com> wrote in message
    news:OLC$ZsOBFHA.2196@TK2MSFTNGP14.phx.gbl...
    > Ok, what I did was log onto the server, and ran the nslookup command,
    > what I got was:
    > Server: 209-161-4-74.sgrosz.d1.boi.fiberpipe.net
    > Address: 209.161.4.74
    >
    > Name: ns1.computicle.com
    > Address: 209.161.4.74
    >
    > But does that help at all in this problem?
    >

    It won't help you JUST to see it work, but it might if you
    can pinpoint WHEN or WHERE it fails and works by
    contrast.

    So, it might if you perform the same action from
    a client experiencing the problem, and SPECIFY
    that IP of the DNS server the client is using (check
    with IPConfig /all if you don't know), then working
    through each DNS server that might be involved.

    You might also play with the timeout value to see if
    one of them works, but works slowly:

    nslookup SOMEWHERE ip.of.a.DNSServer

    ....and...

    nslookup -time=10 SOMEWHERE ip.of.a.DNSServer

    time=10 or 5 or whatever to see where the delays are.


    --
    Herb Martin


    "Steve Grosz" <boise_bound@hotmail.com> wrote in message
    news:OLC$ZsOBFHA.2196@TK2MSFTNGP14.phx.gbl...
    > Ok, what I did was log onto the server, and ran the nslookup command,
    > what I got was:
    > Server: 209-161-4-74.sgrosz.d1.boi.fiberpipe.net
    > Address: 209.161.4.74
    >
    > Name: ns1.computicle.com
    > Address: 209.161.4.74
    >
    > But does that help at all in this problem?
    >
    > Steve
    >
    >
    > Herb Martin wrote:
    > >>>Why do you run DNS internally?
    > >>>(I can think of some good reasons but without Internal
    > >>>zones they are not as numerous.)
    > >>
    > >
    > > Do NONE of the NSlookup commands ever give
    > > back anything (useful)?
    > >
    > > Including the ones where you specify a ISP DNS
    > > server?
    > >
    > >
    > >>I run DNS because I host a couple of separate domains, for email and web
    > >>hosting.
    > >>
    > >
    > >
    > > That still doesn't explain why you run internal
    > > DNS (might be good reasons) if you don't have
    > > any INTERNAL zones?
    > >
    > > You need to use NSLookup or a similar tool
    > > and figure out WHERE the resolution is breaking
    > > down...move to that server and try the same from
    > > there.
    > >
    > >
Ask a new question

Read More

Internet Service Providers DNS Windows