none
DNS Querry

    Question

  • Simple query and recursive query both fail consistently. Periodically some domains won't resolve without www and sometimes they will only resolve without www.  Where do I start?  Last servers were windows 2000 systems and I never had any problems.  I scrapped it and built a new 2012 server and am having these problems.  I use my new server for primary DNS and Gandi for secondary.  What info do I need to post?  Here is an ipconfig to start with.

    Microsoft Windows [Version 6.3.9600]
    (c) 2013 Microsoft Corporation. All rights reserved.
    
    C:\Windows\system32>ipconfig /all
    
    Windows IP Configuration
    
       Host Name . . . . . . . . . . . . : spitfire
       Primary Dns Suffix  . . . . . . . : localnetplus.info
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : localnetplus.info
    
    Ethernet adapter Ethernet 2:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
    n #2
       Physical Address. . . . . . . . . : 74-D0-2B-9A-E3-DE
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    Ethernet adapter Ethernet:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
    n
       Physical Address. . . . . . . . . : 74-D0-2B-9A-E3-DF
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::cd2f:c5cc:24ab:7021%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 50.126.193.78(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 50.126.193.73
       DHCPv6 IAID . . . . . . . . . . . : 208982059
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-1E-C0-CC-74-D0-2B-9A-E3-DF
    
       DNS Servers . . . . . . . . . . . : 50.126.193.78
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    Tunnel adapter isatap.{F0FB0B63-A3CE-42F3-ADE5-7954028DAABC}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter isatap.{D9D00706-14AE-4FC5-91BC-FDEA6D5EFB01}:
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    
    Tunnel adapter 6TO4 Adapter:
    
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:327e:c14e::327e:c14e(Preferred)
       Default Gateway . . . . . . . . . : 2002:c058:6301::1
                                           2002:c058:6301::c058:6301
       DHCPv6 IAID . . . . . . . . . . . : 486539264
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-1E-C0-CC-74-D0-2B-9A-E3-DF
    
       DNS Servers . . . . . . . . . . . : 50.126.193.78
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    C:\Windows\system32>

    Sunday, July 13, 2014 1:53 AM

All replies

  • Hello,

    is "spitfire" a domain controller?

    Why does it run with DHCP? A server should alwys use a fixed ip address instead. Unused NICs please disable.

    It seems also that you use your public ip range fir the servers directly, which should always be prevented. Instead a firewall should provide connections to servers that really need internet access.

    And a DC should NEVER be connected directly to the internet. A network should look as:

    internet > routerWANport > routerLANport > switch > all domain machines with PRIVATE ip range

    If you have access to connect to the websites create in your internal DNS server an A record named "www" without the quotes and point it to the web server ip address, this should solve the access problems.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, July 14, 2014 7:15 AM
  • Spitfire is a domain controller but it's primary roll is as a web server for multiple domains and an e-mail server.  It has 2 nic's, and one is not in use and I have disable it now.  All web sites have A record for www pointing to the web server IP address.
    Monday, July 14, 2014 1:55 PM
  • Here is an export of the main domain "localnetplus.info" and one of the secondary domains "bsrw.org".  All secondary domains are basically setup in a similar manner to the second list.

    Name Type Data Timestamp
    _msdcs
    _sites
    _tcp
    _udp
    DomainDnsZones
    ForestDnsZones
    (same as parent folder) Start of Authority (SOA) [235], spitfire.localnetplus.info., hostmaster.localnetplus.info. static
    (same as parent folder) Name Server (NS) ns6.gandi.net. static
    (same as parent folder) Name Server (NS) spitfire.localnetplus.info. static
    (same as parent folder) Host (A) 50.126.193.78 ?7/?12/?2014 21:00:00
    (same as parent folder) Mail Exchanger (MX) [10]  spamwall.localnetplus.com. static
    (same as parent folder) IPv6 Host (AAAA) 2002:327e:c14e:0000:0000:0000:327e:c14e ?7/?12/?2014 21:00:00
    ftp Host (A) 50.126.193.78 static
    mail Host (A) 50.126.193.78 static
    spitfire Host (A) 50.126.193.78 static
    spitfire IPv6 Host (AAAA) 2002:327e:c14e:0000:0000:0000:327e:c14e static
    www Host (A) 50.126.193.78 static

    And one of the secondary domains

    Name	Type	Data	Timestamp
    (same as parent folder)	Start of Authority (SOA)	[11], spitfire.localnetplus.info., hostmaster.localnetplus.info.	static
    (same as parent folder)	Name Server (NS)	spitfire.localnetplus.info.	static
    (same as parent folder)	Name Server (NS)	ns6.gandi.net.	static
    (same as parent folder)	Host (A)	50.126.193.78	static
    (same as parent folder)	Mail Exchanger (MX)	[10]  spamwall.localnetplus.com.	static
    www	Host (A)	50.126.193.78	static
    

    Monday, July 14, 2014 2:03 PM
  • Hello,

    a DC is a DC is a DC and FOR SURE NOT A WEB OR MAIL SERVER!!!!!

    A DC relies highly on correct DNS Settings, which is a mess if multiple Websites are running on it.

    What about the open questions?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Wednesday, July 16, 2014 6:38 PM
  • I don't know what you mean by "open questions".

    For the last 12 years I ran three windows 2000 servers. Each was a domain controller and a dns server. One ran mail and the other ran web and the 3rd was capable of web or mail.  I never had a problem with it then and it is the only way I know how to do it.

    Thursday, July 17, 2014 1:12 AM
  • What I believe Meinolf is saying  (correct me if I'm wrong, Meinolf), is that with it being a DC, you can only use itself for DNS. I'm not sure what a "Gandi" is, and a quick search said it's some sort of domain registrar and I assume it's that. IF it is, and you are in an AD environment, apparently since it's a DC, then you can't use the Gandi's IP as a DNS address on any NIC, other than a forwarder.  And I'm assuming you are based on your original post.

    As for the Windows 2012 DNS failing queries, are there CNAMES involved?

    Can you post some nslookups when the failures occur and the specific domain names with and without the '"ww." please?


    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 21, 2014 2:25 AM
  • Hi,

    Installing Exchange or IIS on a domain controller is not recommended.

    For detailed information, please view the link below,

    Installing Exchange on a domain controller is not recommended

    http://technet.microsoft.com/en-us/library/ms.exch.setupreadiness.warninginstallexchangerolesondomaincontroller(v=exchg.150).aspx

    Microsoft Exchange Server on domain controllers

    http://blogs.technet.com/b/omers/archive/2011/04/11/microsoft-exchange-server-on-domain-controller.aspx

    Should IIS be installed on Domain Controller

    http://blogs.technet.com/b/abizerh/archive/2009/07/16/should-iis-be-installed-on-domain-controller.aspx

    Hope this helps.



    Steven Lee

    TechNet Community Support


    Monday, July 21, 2014 2:47 AM
    Moderator