Windows 2000 DNS Stops Resolving Domains Not In The Cache

[Bluecrack]

I've been managing a Windows 2000 DNS setup for several years now. In the past 6 months we have run into problems where the DNS server periodically stops resolving new domains. More specifically, anything in the cache will still be resolve when I client does a lookup. However, if the domain does not exist in the cache, it will not be resolved.

Nslookup simply generates a "Request Timed Out" message on the new domain. It does not appear to happen at any set interval or on any group of domains. At some point it just stops resolving requests for anything not in the cache.

Clearing the Windows 2000 DNS Cache seems to fix the problem. Has anyone seen this before? Is there perhaps a problems with the size of the cache?

 

[GlenJohnson]

Did you look into your event logs and see what's shown up? When it stops resolving, what happens when you tracert to a site that won't resolve to see where it's stopped at.

Glen A. Johnson
"I find television very educating. Every time somebody turns on the set, I go into the other room and read a book."
Groucho Marx
Tek-Tips in Chicago IL

 

[Bluecrack]

Thanks for the reply. There is nothing in the eventlog outside of normal zone transfers. Traceroute works just fine. Restarting DNS fixes the problem, but that's not exactly a robust solution.

The server is setup to use root hints and seems to just start ignoring the root hints.

 

[GlenJohnson]

How is your dns setup. Using itself as only name resolver, or do you have others being used?

Glen A. Johnson
"I find television very educating. Every time somebody turns on the set, I go into the other room and read a book."
Groucho Marx
Tek-Tips in Chicago IL

 

[Bluecrack]

I'm not sure I understand the question. The DNS server is setup with our domains and it uses root hints to get to the root servers. It does not use forwarders.

 

[GlenJohnson]

Why aren't you using forwarders? You're dns servers should point to themselves first, then forwarders second. All clients point to local dns server. Just curious. Good luck.

Glen A. Johnson
"I find television very educating. Every time somebody turns on the set, I go into the other room and read a book."
Groucho Marx
Tek-Tips in Chicago IL

 

[Bluecrack]

There are a number of reasons we don't use forwarders. Mostly historical. At the time we setup everything we didn't have an upstream server to which we could forward requests. The servers were also our main DNS servers so root hints seemed to be the way to go. I also think, root hints is the default upgrade option.

Anyway, the clients all use these DNS servers and the DNS servers query are responsible for looking up the requests for non authoritative domains. The problem seems to be that the servers just stop doing that at some point. I suspect in the end this will take a call to Microsoft to figure out. Then again, maybe we'll finally move to Bind.

Thanks for your help and I'll let you know what happens.

 

[Serbtastic]

Try changing the order of the root hint servers. Post results.

 

[stuke]

Are you on the Internet, and if so where does the default gateway/ alternate dns servers point. I'm just thinking that if you have an isp that continuously changes its ns ip address and you have the servers default gateway pointed out to the Internet then after consulting your DNS server it might be trying to ask your isp's name server for the address, but cant do it because they have changed their dns ip address!
ISP's are bye in large chancers and provide little information to their clients.

Let me know if that suggestion was any use. Sometimes the shots in the dark hit.