DNS issues with parent company

[Murugs]

Hello Gurus

We have a mpls line with our parent company. The ERP application what our company uses needs to connect to the server in the parent company. We are running into some DNS issues.

My company setup:
we have a DNS server and DHCP server in place. IP address 192.168.72.x
The IP address of parent company is 172.17..
In our DNS we have added a forwarder to the DNS server of the parent company. Our clients can ping the erpserver by IP but not by hostname.
below is an example.

C:\WINNT>ping erpserver.myparentcompany.com
Ping request could not find host erpserver.myparentcompany.com. Please check the name
and try again.

C:\WINNT>nslookup erpserver.myparentcompany.com
Server: mycompany.com
Address: 192.168.72.20

DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: erpserver.myparentcompany.com
Address: 172.17.10.41

Where might be the problem. I am able to do a nslookup.

A user called me yesterday and said his ERP is not connecting. I go to his PC and do a ipconfig /renew..it worked...sometimes it doesn't..then few times I do ipconfig /flushdns and it works.

There are a few other servers in the parent company which, I am able to ping sometimes with no problem..sometimes I am not able to ping. Sometimes ping to one server work and sometimes one server doesnt work. I ran the DNSlint tool and it came out with no warnings or errors. I am confused on this and I have tried all DNS troubleshooting steps.

Murugappan

 

[Cstorms]

do you have any stale records related to this particular server? maybe check the zones to verify? could this also be something to do with your DHCP server not doling out the right addresses for your DNS servers or maybe you have multiple DHCP servers that are responding to requests for address?

Cory

 

[elgrandeperro]

It seems to work but flakey. I use a network sniffer or extra logging on your DNS server to see if it gets a response on the forwards. My guess is that the UDP packets from your DNS server to the other server are being lost, but are bringing the line up (MPLS does not imply any transport, I assume it must be some serial link.) So the line comes up, and after that it works, times out, etc.

I would make your DNS server a secondary for myparentcompany.com and take a zone transfer. Since it is TCP based, you will not have this UDP loss and it will work much more quickly.

 

[Murugs]

Thanks for the replies guys. Ipconfig /renew seems to work always.

Cstorms - I checked the zones and it seems ok. Also I have only one DHCP server.

elgrandeperro - can you help me with the network sniffer and also on your second response on making my DNS a secondary and a zone transfer. I have not done this.

 

[elgrandeperro]

What type of DNS server and what platform are you running?

Sniffers you can use:
Linux has tcpdump
Solaris has snoop
Windows has wireshark

You can run it from your DNS server, and see the traffic to the forwarded DNS server. Of course, it would be best to test with error occurring, something that might not be easily accomplished. What you need to look for is your server sending a request (port 53) to the forwarded DNS server and see no response back.

Another test I would do:

Run a continuous ping to the forward DNS server or anything on the remote network. If you see no DNS problems (and the pings are working during that time frame) then the problem is the line, because the ping keeps the line up. If you see a DNS problem or the ping fails, you might have another networking issue.

As far as ipconfig /renew fixing the problem, that might be due to it trying to update the remote (I'll assume) AD with the renewal, which would again generate packets that would "fix" the link.

Try the continuous ping test.

If it works (indicating link failure) then you have something to complain about even though the solution might be for you to be a secondary.

 

[lhuegele]

DNS forwarders have never worked well for us. We prefer to set-up a zone transfer and actually have a secondary zone for your parent company sitting on your local DNS server that will keep itself up to date whenever things change in that ZONE. This way your local DNS can answer all the DNS requests sent to it instead of it having to forward those requests elsewhere.

Good luck,

 

[Murugs]

I downloaded wireshark and am trying to learn and use it.
Also I did a ping to the DNS server of the parent company and it never failed. It was all successful indicating that I have a good connection.

I tried the secondary zone and it came with an error saying the zone is locked - Guess I have to contact my parent company about this.

 

[elgrandeperro]

Yes, the parent probably restricts zone transfers by ip. You need to get them to allow this for you.

What I meant was to use "ping -a -i 30 IP" ( I think in windows it might be "ping -t IP" and just let it run.

What I am saying is to see if anyone else has a DNS issue or does the constant packet flow make everyones connections stable.

 

[SimonDavies]

Of course a dirty fix could be to use the login script to add the entry to a hosts file and use it that way. Yes it's dirty but it would resolve it.

SimonD.

The real world is not about exam scores, it's about ability.

 

[elgrandeperro]

You might also want to get the reverse records too. Slowness in reverse lookups often slow down a machine, especially when it logs by host name.

 

[Murugs]

Thanks for the answer guys..I have requested my parent company for permission on adding a secondary zone. I will post back my findings and the solution definitely.

Murugs