none
Windows 2008 R2 DNS returning wrong IP

    Question

  • He have three DNS server in our AD environment.

    2 in one datacenter

    1 in another datacenter

    All three are setup with the exact same forwarders in the exact same order.

    When we try to do an NSLookup using our three DNS servers as the server to use, for the site uat2.budgettruck.com, we get the following results:

     - the two DNS servers in one datacenter return the correct IP of 148.9.81.2 (the correct externally accessible IP)

    -  the one lone DNS server in our other datacenter returns 10.6.192.16 (the incorrect IP. This is a private IP)

    We have cleared the DNS Server Cache, we have tested each forwarder we have configured thinking one of them had an incorrect value, we have verified the owner of the domain budgettruck.com has the correct entries in their DNS zone.

    We are at a loss as to why this one out of three dns servers is returning the wrong ip.

    It seems like the DNS server has something set that states overwrite the returned IP address if the site being looked up is one a 5 sites. Yes, we have 5 sites that all return the same IP address. Everything else appears fine. That is why it seems like there is an override switch somewhere for lack of a better  term to use.

    I would also add that using any of the web based NSLOOKUP tools returns the correct value. That just seems to scream there is something wierd about this one particualr DNS server.


    • Edited by MACohoon Friday, July 12, 2013 6:44 PM
    • Moved by Santosh BhandarkarMVP Saturday, July 13, 2013 7:48 AM moved from Server General forum
    Friday, July 12, 2013 4:19 PM

Answers

  • Are the three DNS servers, domain controllers? If not, can you describe their relationship with each other, such as is one a Master, and the other two hosting a secondary copy?

    What forwarder are you using? Change it to 4.2.2.3 and give that a shot.

    Is there anything at that datacenter intercepting DNS lookups?

    Is it possible that the budgettruck.com zone is being hosted by a company in that datacenter and the zone is hosted internally and/or the forwarder itself is in that datacenter and it's a BIND server with the View option so to return an internal IP rather than an external IP?

    Note - there is no "switch" that turns on or off or an overwrite. Let's try changing the forwarders for starters.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 15, 2013 3:37 AM
  • try for forwards

    8.8.8.8

    8.8.4.4

    4.2.2.1 to 4.2.2.6

    the first 2 are google public dns servers, rest are level3

    DNS security has been slow to be adopted. Many servers live in data centers where they have been setup some 10 years ago and have been in use ever since.

    In my forwards, I started with 4.2.2.6 and worked backwards, seems to work faster than the other way.

    Unfortunately I cannot export my forwards list from Server 2012



    I agree for the security end of it, but as for EDNS0, that's been around since 1998 or so.

    As for the advantages of EDNS0, for anyone that doesn't know what it is, it allows UDP query packets sizes to 4096. It makes it more efficient for queries. Originally, UDP query packets were limited to 512 bytes, and if the response qwas greater than 512, it would switch up to TCP. So that introduces a bit of a lag. EDNS0 overcomes that. It's been part of Windows since Windows 2000. Google and OpenDNS have not adopted it yet.

    -

    As for your Forwarders list, I assume you only have two forwarders? Otherwise if there are more, the client side resolver on the client that originally queried it, may time out before the DNS server gets to the third or fourth entry. That's why I only have two. I have more info on this, if interested in reading about it.

    This blog discusses:
    WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
    Client side resolution process chart.
    The DNS Client Side Resolver algorithm.
    If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
    DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
    Client side resolution process chart
    Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM  1764  1
    http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx

    DNS Clients and Timeouts (Part 1 & Part 2), karammasri [MSFT] Dec 2011 6:18 AM
    http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
    http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx

    -

    Cheers!

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 15, 2013 2:11 PM

All replies

  • You probably need to create a fresh install DNS server for the problematic one.



    Corsair Carbide 300R with window & Corsair TX850V2 70A@12V

    Asus M5A99FX PRO R2.0 CFX/SLI & AMD Phenom II 965 C3 Black Edition @ 4.0 GHz & G.SKILL RipjawsX DDR3-2133 8 GB 

    GTX 260 SLI 216 core (GT200 Tesla) & Asus PA238QR IPS LED HDMI DP 1080p

    ST2000DM001 & Windows 7 x64 Enterprise

    Microsoft Wireless Desktop 2000 & Wacom Bamboo CHT470M

    Place your rig specifics into your signature like I have, makes it 100x easier to understand!


    Hardcore Games, Legendary is the Only Way to Play

    Saturday, July 13, 2013 4:43 AM
  • Are the three DNS servers, domain controllers? If not, can you describe their relationship with each other, such as is one a Master, and the other two hosting a secondary copy?

    What forwarder are you using? Change it to 4.2.2.3 and give that a shot.

    Is there anything at that datacenter intercepting DNS lookups?

    Is it possible that the budgettruck.com zone is being hosted by a company in that datacenter and the zone is hosted internally and/or the forwarder itself is in that datacenter and it's a BIND server with the View option so to return an internal IP rather than an external IP?

    Note - there is no "switch" that turns on or off or an overwrite. Let's try changing the forwarders for starters.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 15, 2013 3:37 AM
  • try for forwards

    8.8.8.8

    8.8.4.4

    4.2.2.1 to 4.2.2.6

    the first 2 are google public dns servers, rest are level3



    Corsair Carbide 300R with window & Corsair TX850V2 70A@12V

    Asus M5A99FX PRO R2.0 CFX/SLI & AMD Phenom II 965 C3 Black Edition @ 4.0 GHz & G.SKILL RipjawsX DDR3-2133 8 GB 

    GTX 260 SLI 216 core (GT200 Tesla) & Asus PA238QR IPS LED HDMI DP 1080p

    ST2000DM001 & Windows 7 x64 Enterprise

    Microsoft Wireless Desktop 2000 & Wacom Bamboo CHT470M

    Place your rig specifics into your signature like I have, makes it 100x easier to understand!


    Hardcore Games, Legendary is the Only Way to Play

    Monday, July 15, 2013 4:08 AM
  • Corsair Carbide 300R with window & Corsair TX850V2 70A@12V

    Asus M5A99FX PRO R2.0 CFX/SLI & AMD Phenom II 965 C3 Black Edition @ 4.0 GHz & G.SKILL RipjawsX DDR3-2133 8 GB 

    GTX 260 SLI 216 core (GT200 Tesla) & Asus PA238QR IPS LED HDMI DP 1080p

    ST2000DM001 & Windows 7 x64 Enterprise

    Microsoft Wireless Desktop 2000 & Wacom Bamboo CHT470M

    Place your rig specifics into your signature like I have, makes it 100x easier to understand!


    Hardcore Games, Legendary is the Only Way to Play

    Off Topic but couldn't restrict myself from replying !

    @ Vegan Fanatic,

    No disrespect here but are we on a Games Forum ? Your Signature looks really odd to me ! That too, you are a MVP !!!

    Adding your certifications, blog links and even your accomplishments are worth mentioning. Your comp specs in signature doesn't add any value !!!

    Would you mind changing your forum signature to something decent ?


    Thanks ! Jayawardhane

    Monday, July 15, 2013 4:31 AM
  • try for forwards

    8.8.8.8

    8.8.4.4

    4.2.2.1 to 4.2.2.6

    the first 2 are google public dns servers, rest are level3

    FYI about Google's DNS - they do not support EDNS0. I don't usually recommend them because that can skew results.

    Level3 do support EDNS0, which was why I suggested to try 4.2.2.3 for starters, but anyone of them will work. I think 4.2.2.2 is overworked, since many people on the internet know that one pretty well.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 15, 2013 5:57 AM
  • try for forwards

    8.8.8.8

    8.8.4.4

    4.2.2.1 to 4.2.2.6

    the first 2 are google public dns servers, rest are level3

    FYI about Google's DNS - they do not support EDNS0. I don't usually recommend them because that can skew results.

    Level3 do support EDNS0, which was why I suggested to try 4.2.2.3 for starters, but anyone of them will work. I think 4.2.2.2 is overworked, since many people on the internet know that one pretty well.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn

    DNS security has been slow to be adopted. Many servers live in data centers where they have been setup some 10 years ago and have been in use ever since.

    In my forwards, I started with 4.2.2.6 and worked backwards, seems to work faster than the other way.

    Unfortunately I cannot export my forwards list from Server 2012



    Corsair Carbide 300R with window & Corsair TX850V2 70A@12V

    Asus M5A99FX PRO R2.0 CFX/SLI & AMD Phenom II 965 C3 Black Edition @ 4.0 GHz & G.SKILL RipjawsX DDR3-2133 8 GB 

    GTX 260 SLI 216 core (GT200 Tesla) & Asus PA238QR IPS LED HDMI DP 1080p

    ST2000DM001 & Windows 7 x64 Enterprise

    Microsoft Wireless Desktop 2000 & Wacom Bamboo CHT470M

    Place your rig specifics into your signature like I have, makes it 100x easier to understand!


    Hardcore Games, Legendary is the Only Way to Play

    Monday, July 15, 2013 1:30 PM
  • try for forwards

    8.8.8.8

    8.8.4.4

    4.2.2.1 to 4.2.2.6

    the first 2 are google public dns servers, rest are level3

    DNS security has been slow to be adopted. Many servers live in data centers where they have been setup some 10 years ago and have been in use ever since.

    In my forwards, I started with 4.2.2.6 and worked backwards, seems to work faster than the other way.

    Unfortunately I cannot export my forwards list from Server 2012



    I agree for the security end of it, but as for EDNS0, that's been around since 1998 or so.

    As for the advantages of EDNS0, for anyone that doesn't know what it is, it allows UDP query packets sizes to 4096. It makes it more efficient for queries. Originally, UDP query packets were limited to 512 bytes, and if the response qwas greater than 512, it would switch up to TCP. So that introduces a bit of a lag. EDNS0 overcomes that. It's been part of Windows since Windows 2000. Google and OpenDNS have not adopted it yet.

    -

    As for your Forwarders list, I assume you only have two forwarders? Otherwise if there are more, the client side resolver on the client that originally queried it, may time out before the DNS server gets to the third or fourth entry. That's why I only have two. I have more info on this, if interested in reading about it.

    This blog discusses:
    WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB). Troubleshooting the browser service.
    Client side resolution process chart.
    The DNS Client Side Resolver algorithm.
    If one DC or DNS goes down, does a client logon to another DC or use the other DNS server in the NIC?
    DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders or more than one IP in the NIC's DNS list)
    Client side resolution process chart
    Published by Ace Fekay, MCT, MVP DS on Nov 29, 2009 at 10:28 PM  1764  1
    http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-logon-to-another-dc-and-dns-forwarders-algorithm.aspx

    DNS Clients and Timeouts (Part 1 & Part 2), karammasri [MSFT] Dec 2011 6:18 AM
    http://blogs.technet.com/b/stdqry/archive/2011/12/02/dns-clients-and-timeouts-part-1.aspx
    http://blogs.technet.com/b/stdqry/archive/2011/12/15/dns-clients-and-timeouts-part-2.aspx

    -

    Cheers!

    -


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Monday, July 15, 2013 2:11 PM