none
2012 DNS servers in a DMZ getting "No such name" and "Invalid Checksum errors"

    Question

  • I have two 2012 servers with DNS installed. They are in a workgroup. All A records are set up correctly. Reverse zones populated correctly. When I use the DNS server itself running NSOOKUP from a command prompt, all the records I created resolve correctly from either server. Recursive queries work also.

    The point of these servers is to resolve the public IP addresses for different sites owned by this organization from the internet. When using a computer on the internet and specifying these DNS servers as the look up (L) servers in NSLOOKUP, wire shark shows the DNS server responding to a request. The response from the DNS states "No such Name" and "invalid checksums".

    This is in a VMWARE 5.1 environment. I also have IPV6 disabled in the registry.

    I have one of the best network engineers I have ever seen working on this with me. We are simply running out of answers here. 

    Thursday, June 27, 2013 12:02 AM

Answers

  • Hi Timotht,

    Based on my experience, the issue might be caused by port configurations of the firewall. Please follow the article below to check the port settings on the firewall.

    Service overview and network port requirements for Windows

    http://support.microsoft.com/kb/832017

    Besides, please let me know if you resolve the name with FQDN or Netbios name.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Monday, July 01, 2013 9:48 AM

All replies

  • Hi Timotht,


    Thank you for your question.


    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.


    Thank you for your understanding and support.


    Jeremy Wu
    TechNet Community Support

    Friday, June 28, 2013 8:12 AM
    Moderator
  • Hi Timotht,

    Based on my experience, the issue might be caused by port configurations of the firewall. Please follow the article below to check the port settings on the firewall.

    Service overview and network port requirements for Windows

    http://support.microsoft.com/kb/832017

    Besides, please let me know if you resolve the name with FQDN or Netbios name.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Monday, July 01, 2013 9:48 AM
  • Hi Timotht,

    If you need further assistance, please let me know. Thanks.

    Best regards,

    Alex Du


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Tuesday, July 16, 2013 10:13 AM
  • Please verify if the servers in the DMZ are able to resolve public DNS servers.

    I would check the traffic( wireshark / netmon, because both tools has advance parsers ) between

    Server <--> router

    Router <---> destination client

    and vice versa

    Also would check for intrusion ? .

    Please upload the .cap/ pcap file along with the IP address information for assistance.

    Monday, August 05, 2013 10:44 AM
    Moderator