none
Server 2008 not forwarding some DNS requests

    Question

  • I have some public DNS servers that host a few domains name for my work. Lets call the domain in question myworkops.com. (note that this is different from my internal domain so there is no split-horizion DNS)

    We also run multiple internal windows AD integrated DNS servers for our internal stuff.

    From the Internet I never have any issues resolving myworkops.com or any of its subdomains. Requests hit my external servers and they always get a response, no problems.

    But from internal servers which use Windows DNS i get intermittent problems resolving the subdomains of myworkops.com.

    myworkops.com will always resolve, but the subdomains of proxy.myworkops.com and repo.myworkops.com will sometimes resolve and sometimes not resolve.

    When they don't resolve wireshark captures on the Windows DNS server show "Standard query response 0xe86f No such name."

    The windows server are set with forwards of 8.8.8.8, 8.8.4.4 and 61.88.88.88
    On the clients when I do a nslookup for the subdomains I just get 'non-existent domain.'

    Restarting the DNS service on the AD servers fixed the issue but it always comes back within a few minutes.

    If a do a nslookup and set the server to be my public name servers then it always responds.

    Any thoughts here? I'm at a bit of a loss.


    Tuesday, March 19, 2013 9:26 PM

Answers

  • Hi Rodger,

    Thanks for the output.

    It would appear that you're up against something configuration-orientated here, not latency (either network or that caused by having too many DNS forwarders). That said, I've never come across an active refusal like this, so I'm not sure where along the chain the issue is actually occurring.

    Are there any warnings or errors in that server's DNS Server event log? (Under Applications and Services Logs).

    As a side note, each name query has an IPv4 lookup (the type = A part) and an IPv6 lookup (type = AAAA), so from a logical perspective, there is just the one refusal.

    Cheers,
    Lain

    Wednesday, March 20, 2013 8:09 AM

All replies

  • Hi Rodger,

    Intermittent DNS issues can be a nuisance to troubleshoot, especially if they're occurring at the ISP level - I know that from experience. Trying to spot very small (measured in seconds) disruptions to service can be trying.

    That said, when you're in this boat, nslookup is your best friend when used in conjunction with the -debug switch and while providing a specific server to resolve the query on.

    Have you tried something like:

    nslookup -debug proxy.myworkops.com <IP-or-FQDN of your suspect Windows server and/or forwarder>

    You'd have to keep running this periodically, as you'd ideally be looking to capture a successful response as well as a failure.

    One of the tricky things is that if you server captures a failure (not you from the client, from the server to the forwarder), that failure will live for a short while (as a TTL), meaning a very short "outage" can be made to appear much longer. This is the reason for using the DNS server IP as the final parameter, as you can switch that between the problem server and the upstream forwarder in an effort to see where the problem may be kicking in.

    The only suggestion I'd also offer at this early stage is that from a performance perspective, I'd make sure you're using your ISP's DNS servers ahead of the root DNS servers you're using in 8.8.8.8 and 8.8.4.4.

    Cheers,
    Lain

    Tuesday, March 19, 2013 11:05 PM
  • Here is the output from the debug command when it is not working.  There lots of query refused messages....  seems very weird.

    This is run directly from one of the DNS servers.

    C:\Windows\system32>nslookup -debug proxy.myworkops.com
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 1, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
            1.26.12.10.in-addr.arpa, type = PTR, class = IN
        ANSWERS:
        ->  1.26.12.10.in-addr.arpa
            name = mydnshost.mydomain.local
            ttl = 1200 (20 mins)

    ------------
    Server:  mydnshost.mydomain.local
    Address:  10.12.26.1

    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            proxy.myworkops.com.mydomain.local, type = A, class = IN
        AUTHORITY RECORDS:
        ->  mydomain.local
            ttl = 3600 (1 hour)
            primary name server = mydnshost.mydomain.local
            responsible mail addr = hostmaster.mydomain.local
            serial  = 10552
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 3, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            proxy.myworkops.com.mydomain.local, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  mydomain.local
            ttl = 3600 (1 hour)
            primary name server = mydnshost.mydomain.local
            responsible mail addr = hostmaster.mydomain.local
            serial  = 10552
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 4, rcode = REFUSED
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            proxy.myworkops.com, type = A, class = IN

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 5, rcode = REFUSED
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            proxy.myworkops.com, type = AAAA, class = IN

    ------------
    *** mydnshost.mydomain.local can't find proxy.myworkops.com: Query refused

    Wednesday, March 20, 2013 4:12 AM
  • Hi Rodger,

    Thanks for the output.

    It would appear that you're up against something configuration-orientated here, not latency (either network or that caused by having too many DNS forwarders). That said, I've never come across an active refusal like this, so I'm not sure where along the chain the issue is actually occurring.

    Are there any warnings or errors in that server's DNS Server event log? (Under Applications and Services Logs).

    As a side note, each name query has an IPv4 lookup (the type = A part) and an IPv6 lookup (type = AAAA), so from a logical perspective, there is just the one refusal.

    Cheers,
    Lain

    Wednesday, March 20, 2013 8:09 AM