Strange DNS issue

[rb819]

Hello, I am on a small business network using Win2k3 server. The PDC is also the DNS server. It passes all dcdiag and dnsdiag tests.

The issue we are having is that for some reason client computers constantly cannot connect to certain sites. The biggest offender is download.microsoft.com, but really many download sites as well as most applications that have an 'online installer' where it fetches the install files. It is very intermittent so we are unsure what could be causing it. Large files have a very small chance of actually completing. We usually clear the DNS cache in the DNS snap in on the server as well as run an ipconfig /flushdns on the client. this sometimes work but is not reliable, and many times sitting there spamming refresh will also eventually find the connection.

What puzzled me at first was that i figured if the download started but the connection was somehow reset midway, i figured the DNS had resolved to an IP at that point so it couldn't have been a DNS issue. How i can confirm it is in fact a DNS issue is that I can change the DNS settings on a workstation to the Google public DNS, for example, or any other public DNS server and be able to connect and download windows updates and files without issue. The only issue with this solution is you lose access to all local host names and we have some shared folders.

Any idea what might be causing our local DNS server to act this way? Any tips or suggestions would be greatly appreciated. Thanks in advance for all helpful replies.

 

[kmills]

rb819,
I assume all of your client computers are configured to get DNS from your DNS server. But, where is the DNS server getting its DNS? Do you have it pointed to some public DNS or to the root dns servers? Look in the properties of DNS on the DNS servers. Look at the forwarder tab.

Kmills

 

[rb819]

Hello Kmills, thanks for the reply!

Looking at the Forwarders tab on our DNS server in the DNS snap in, none are listed. Under 'Root Hints', "a"-"m".root-servers.net. are listed. Should we add anything under Forwarders? thanks again for your help thus far and I look forward to your reply!

rb819

 

[kmills]

rb819,

On that forwarders page, is there anything in the DNS domains box?
Is the "Do not use recursion for this domain" box checked or unchecked?

kmills

 

[rb819]

I am very grateful again for your reply kmills.

Under 'DNS Domain' it says 'All other DNS domains'.

'Do not use recursion for this domain' box is not checked.

'Number of seconds before forward queries time out' is set to 5.

The 'Selected domains forwarder IP address list' is empty.

Thanks again!
rb819

 

[karlisi]

Fill in forwarders list. Typically you can put your ISP's DNS servers addresses there. Perhaps it will not resolve your problem, but can make name resolution faster and perhaps more reliable.

Little explanation. Now your DNS server resolves by itself all DNS requests from workstations. After adding forwarders it will pass all DNS requests, except for your local domain names, to ISP's DNS servers.

===
Karlis
ECDL; MCSA

 

[GrimR]

remember to run net stop dns and net start dns when you make changes, just to speed up the process.
You could also clear the cache on the server
cmd /k dnscmd /clearcache

And I take it DHCP has DNS servers listed.

MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[rb819]

Thanks for all the replies. I have added our ISP's DNS servers as forwarders and have cleared the cache as well as stop/start the DNS server. I have also flushed the local DNS cache on a few PC's to test it out. We are still experiencing, for example, windows updates that never finish downloading. Can anyone think of another reason this might be happening? Thanks again for your time and insight, it is much appreciated.