DNS Issues

[mofusjtf]

I just recently installed a W2k3R2 server. The roles is serves are AD, DNS, DHCP and File & Print. About once a week I have to restart DNS. I have disabled EDNS and increased the UDP packet size on my firewall (PIX501) but the issue still exists. I have checked and re-checked the configuration and logs and all appears to be fine. Any ideas?

 

[paella33]

Why do you have to restart?

 

[mofusjtf]

The external DNS stops working. Recursive Fails when I run the test. I use my ISP's DNS servers plus another external DNS server that is not from my ISP. I did this to rule out their DNS servers.

 

[JONxNJxIT]

And simply stopping and restarting the DNS service solves the problem? That's it?

What do you see in the Event Logs on your server? Have you thoroughly searched through them?

So when the DNS is in the error state, you can ping DNS hosts INTERNALLY? What error do you get if you try to ping an external DNS source (yahoo.com)? Does it give you the "cannot find host" message?

And every single machine is affected? Even the server itself?

When did this start happening and for how long now? Was it preceded by any software or hardware upgrades/installations?

Good luck.

 

[mofusjtf]

Yeah, restarting DNS fixes the issue. There are no log entries that indicate any error in DNS. I only see the events that indicate it has been stopped and restarted. Hosts are unkown on external addresses while internally it seems to still work fine.

A quick background: this issue was present on the old W2k server. I installed the new w2k3 R2 server by replicating AD and DNS over to the new server. Then I demoted and removed the old w2k server. The issue seems to have transferred to the new server.

 

[JONxNJxIT]

Hmm. Well, I would install the Windows 2003 Support Tools on that server. And the next time this happens, run the NETDIAG command on the server. Perhaps it will reveal what component of AD isn't working properly.

How large is your network? If it's not too big (i.e. 20 stations or less)... is the idea of re-creating Active Directory out of the question?

However... if you are at that point, I would think that it would be more than worth it to pay the $250 or so to have a Microsoft case opened... Those guys usually know their sh*t and they'll help you resolve the issue.

 

[mofusjtf]

I'll try to the support tools first. Then maybe MS. ARe there any particular switches to run with the netdiag tool?

Re-creating AD is an absolute last resort. But I'm not completely ruling it out.

 

[JONxNJxIT]

Check out this link:

http://www.microsoft.com/technet/pr...serv/reskit/prork/pref_tts_nigx.mspx?mfr=true

This page goes over all the available switches and also a basic summary of each test...

To start out, I don't believe you have to use any switches, just run NETDIAG on the problem DC and take note of what tests fail... You can research it from there.

 

[mofusjtf]

Ok, today I disabled Round Robin DNS. This is a single server install. Second, I ran basic NetDiag and everything passed.

I'll get some more information from my client on the symptons and repost them here. Thanks for the help. Stay tuned.

 

[JONxNJxIT]

Cool. Make sure you also run NETDIAG WHILE the DNS problem is taking place... That may reveal something further... Good luck.

 

[mofusjtf]

It looks like the issue might have been with Round Robin DNS. Both my clients that are experiencing this issue daily have not had to restart their DNS since I disabled Round Robin.