Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Quirks on 2k3 server 1

Status
Not open for further replies.

jbl4me

MIS
Aug 19, 2003
67
US
Hello,
I have a windows 2003 domain with about 10 client PCs. For some reason I have been having alot of issues with DNS. When the clients use an external DNS ip, the internet works great, and the LAN shares work so-so. When I set the server as the DNS, the LAN works perfect, however the clients are not able to access certain webpages. For example they can go to and but NOT and
This happens on the clients that have the server as primary DNS and ISP as secondary DNS, as well as on the server, which only has itself as DNS.

Thanks
Will
 
Thanks for your help, for the most part all the sites are working now after appying that fix, however, some clients are still complaing about not being able to access msn.com. I know the obvious answer is just avoid msn but I fell that this could come up again later. Any tips?

Thanks
Will
 
Also note that some times msn loads, other times it hangs at connecting to {msn ip here}. So it resolves an IP...
 
Perhaps the site is cached. I know your crying your eye out because the bosses can't get to MSN.<grin>

Still can't believe how many suffer from this Windows 2003 issue.


........................................
Chernobyl disaster..a must see pictorial
 
Yes you got it, boss cant get to msn, and is wondering why...Do you think this could be a client side issue? Or is it still an issue with the server? What can I do to clear the cache?

Thanks
 
In the DNs mmc, set the advanced check mark under the "view" pull down. Delete the "cached lookups", under the DNS server. The wks may still have cached data, but that won't be for long.



........................................
Chernobyl disaster..a must see pictorial
 
Hmm...still hanging up on msn, i set a group policy to set all homepages to so hopefully it will be ok. I just wish i knew what was causing this.

Thanks
Will
 
Tracert shows your being blocked at your firewall/router for MSN,with the assumption 192.168.1.1 is the firewall

Pathping is better, as it also shows packet loss, and it starts at you network card, not the first router.

Aside from that, the IP address you use will not get you to MSN, as there is redirection at the last a server it hits, I tried it on my machine.

........................................
Chernobyl disaster..a must see pictorial
 
Ps...
Do not use google as a site to pathping to, they have routers which fragment packets at their site servers. Yahoo is good.

........................................
Chernobyl disaster..a must see pictorial
 
Try allowing longer DNS packets. Here's the PIX command for it.

fixup protocol dns maximum-length 1500

Somehow this was the fix for our internal DNS server, which was not resolving some requests to sites with long DNS records. Microsoft's site is actually the one that recommended this setting. I wish I could remember the article #.
 
We don't have a PIX or any firewall, just a basic NAT device.

:S
 
you could also add a local host record on the workstation with msn.com ip google "adding a local host recorded" that would bypass and dns look up for the spefic web page
 
Ps

Notice,the IP gets out on mine, my IPs are xxxed to conceal


C:\Documents and Settings\PCM>tracert 65.54.152.120

Tracing route to 65.54.152.120 over a maximum of 30 hops


1 6 ms 9 ms 7 ms 10.50.xxx.xxx, changed
2 6 ms 7 ms 8 ms 24.164.xxx.xxxx
3 8 ms 6 ms 7 ms pos1-0-nycmnya-rtr2.nyc.rr.com [24.29.100.113]
4 6 ms 7 ms 7 ms pos2-0-nycmnya-rtr1.nyc.rr.com [24.29.101.254]
5 102 ms 104 ms 105 ms so-6-1.car2.Weehawken1.Level3.net [63.208.104.5]
6 109 ms 221 ms 103 ms ge-7-0-0.mp1.Weehawken1.Level3.net [4.68.125.137]
7 176 ms 175 ms 174 ms so-1-0-0.mp2.Seattle1.Level3.net [209.247.10.133]
8 176 ms 168 ms 164 ms ge-11-2.hsa1.Seattle1.Level3.net [4.68.105.166]

........................................
Chernobyl disaster..a must see pictorial
 
I'm pretty sure this is the article I found that fixed our problem. I went on to the Cisco site from a link in this article to get the fixup statement that I used.



We were having problems that sounded exactly like your problems. For all you know, your NAT device falls under the 'cause 2' part of the problem.
 
compuveg, read my first post and Will's response; EnableEDnsProbes has was already taken care of.
At this point it is not a case of DNS query failure, but blocking at the internal firewall, as a tracet to 65.54.152.120 never gets beyond 192.168.1.1

........................................
Chernobyl disaster..a must see pictorial
 
Sorry for overlooking that. Looking at the thread, and the screenshot at


I would have to say that either the firewall itself, or the router on the other side, doesn't know where to send the packets for that destination. However, I went to Central Ops and couldn't tracert to that address, either, despite the fact that it got a return from the service scan part of the test. (
I didn't think it was a DNS problem, as your machine properly resolved both domain names.

If your firewall has a facility for pinging or doing tracerts, I would try logging into it and seeing if you can get to the destination addresses (such as 65.54.152.120)

What happens if you do a 'telnet 65.54.152.120 80', then hit <CR> a couple of times? (Eliminating the possibility your ISP is one of the hubs where MSN starts blocking pings)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top