none
Randomly DNS server is failing to resolve hostnames

    Question

  • I have <g class="gr_ gr_202 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar multiReplace" data-gr-id="202" id="202">a SBS2011</g> where at random times its logging a ServerFail message in the DNS logs. I'm seeing the same for my forwarder IP - 1.1.1.1.  When this is logged, all internet traffic fail to resolve. This is happening numerous times during the day. Appreciate the feedback

    B9C PACKET  000000000B9C7E90 UDP Snd 192.168.34.89    0d94 R U [02a8      SERVFAIL] SOA    (6)_msdcs(3)<g class="gr_ gr_1008 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="1008" id="1008">mydomain</g>(5)local(0)
    UDP response info at 000000000B9C7E90
      Socket = 356
      Remote addr 192.168.34.89 port 54369
      Time Query=715907, Queued=0, Expire=0
      Buf length = 0x0fa0 (4000)
      Msg length = 0x0068 (104)
      Message:
        XID       0x0d94
        Flags     0xa802
          QR        1 (RESPONSE)
          OPCODE    5 (UPDATE)
          AA        0
          TC        0
          RD        0
          RA        0
          Z         0
          CD        0
          AD        0
          RCODE     2 (SERVFAIL)
        ZCOUNT    1
        PRECOUNT  0
        UPCOUNT   1
        ARCOUNT   0
        ZONE SECTION:
        Offset = 0x000c, RR count = 0
        Name      "(6)_msdcs(3)mydomain(5)local(0)"
          ZTYPE   SOA (6)
          ZCLASS  1
        PREREQUISITE SECTION:
          empty
        UPDATE SECTION:
        Offset = 0x0022, RR count = 0
        Name      "(5)_ldap(4)_tcp(2)gc(6)_msdcs(3)mydomain(5)local(0)"
          TYPE   SRV  (33)
          CLASS  1
          TTL    600
          DLEN   28
          DATA   Priority     = 0
    Weight       = 100
    Port         = 3268
    Target host (10)myserver(3)mydomain(5)local(0)
        ADDITIONAL SECTION:
          empty


    C2C PACKET  0000000004964600 UDP Rcv 1.1.1.1         8c01 R Q [8281   DR SERVFAIL] PTR    (1)4(2)82(3)138(2)40(7)in-addr(4)arpa(0)
    UDP response info at 0000000004964600
      Socket = 4740
      Remote addr 1.1.1.1, port 53
      Time Query=715908, Queued=0, Expire=0
      Buf length = 0x0fa0 (4000)
      Msg length = 0x002a (42)
      Message:
        XID       0x8c01
        Flags     0x8182
          QR        1 (RESPONSE)
          OPCODE    0 (QUERY)
          AA        0
          TC        0
          RD        1
          RA        1
          Z         0
          CD        0
          AD        0
          RCODE     2 (SERVFAIL)
        QCOUNT    1
        ACOUNT    0
        NSCOUNT   0
        ARCOUNT   0
        QUESTION SECTION:
        Offset = 0x000c, RR count = 0
        Name      "(1)4(2)82(3)138(2)40(7)in-addr(4)arpa(0)"
          QTYPE   PTR (12)
          QCLASS  1
        ANSWER SECTION:
          empty
        AUTHORITY SECTION:
          empty
        ADDITIONAL SECTION:
          empty

    Wednesday, May 9, 2018 2:31 PM

Answers

  • Hi,

    How are things going on? Was the issue resolved?

    Please let me know if you would like further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MicrosoftMD Friday, May 18, 2018 12:54 PM
    Thursday, May 17, 2018 8:00 AM

All replies

  • Hi,

    Thanks for your question.

    From the message, we only get the information that there’s no DNS record that matches your query. Furthermore, from the first response packet, it seems that it could update SRV records to DNS server. It means that DC can communicate with DNS server. I guess the problem is that the forwarder can’t resolve external name. Make sure the forwarder can communicate with the primary DNS and it could access to Internet.

    For testing purpose, you may add another forwarder, example public DNS to see if it could be of help.

    Due to lack of information about this issue, we can first follow these threads for common DNS troubleshooting.

    https://technet.microsoft.com/en-us/library/bb962024.aspx

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc959340(v=technet.10)

    Meanwhile, please check the event viewer for more error message so that we could find more clue.

    In addition, here is a link talked about DNS logging and diagnostics, it may be helpful.

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800669(v=ws.11)

    Hope above information can help you.

    Highly appreciate your successive effort and time. If you have any questions and concerns, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Thursday, May 10, 2018 3:58 AM
  • Thanks for your response. Tried using google public DNS as the forwarder but the issue persists. I capture a packet trace on the DNS server, filter on DNS communication and notice that when we are in the state all communication from and to the DNS server has this response "

    Standard query response 0x7959 No such name SRV _kerberos-master._udp. mydomain.LOCAL SOA myserver.mydomain.local

    I know this may not be much, hoping the message error syntax might shed some light on the actual issue.

    Thursday, May 10, 2018 7:27 AM
  • Hi,

    Thanks for your reply.

    Can you resolve internal name from the DNS server? And Active Diretory works correctly?

    Please type the following steps to see if it could resolve this no SRV response.

    1)Type the command "net stop netlogon"  & "net start netlogon" 

    2)Restart DNS service on the DNS server MMC.

    3)Type the command "dcdiag /test:dns" ro check AD and DNS works well.

    4)Do copy from on the Root hints tab of the DNS server properties, pointing a public DNS server.

    5)Please type "nslookup -d2 <internet name>" on one client or DNS server to trace the query process. You could post the result.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Saturday, May 12, 2018 5:35 AM
  • This issue occurs at random times. All seems to be OK now so I would expect the test results to show no error. The chance of the issue occurring increases as the user base increase. Typically I would have <50 users on a day to day basis. Occasionally I would have >400. It's guarantee to occur when the user bases is >400.

    ====DNS TEST=====

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = myserver
       * Identified AD Forest. 
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\myserver
          Starting test: Connectivity
             ......................... myserver passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\myserver

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... myserver passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : mydomain

       Running enterprise tests on : mydomain.local
          Starting test: DNS
             Test results for domain controllers:

                DC: myserver.mydomain.local
                Domain: mydomain.local


                   TEST: Dynamic update (Dyn)
                      Warning: Failed to delete the test record dcdiag-test-record in zone mydomain.local

                   myserver                   PASS PASS PASS PASS WARN PASS n/a  
             ......................... mydomain.local passed test DNS

    C:\temp>nslookup -d2 google.com
    ------------
    SendRequest(), len 43
        HEADER:
            opcode = QUERY, id = 1, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            34.34.168.192.in-addr.arpa, type = PTR, class = IN

    ------------
    ------------
    Got answer (77 bytes):
        HEADER:
            opcode = QUERY, id = 1, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
            34.34.168.192.in-addr.arpa, type = PTR, class = IN
        ANSWERS:
        ->  34.34.168.192.in-addr.arpa
            type = PTR, class = IN, dlen = 22
            name = myserver.mydomain.local
            ttl = 1200 (20 mins)

    ------------
    Server:  myserver.mydomain.local
    Address:  192.168.34.34

    ------------
    SendRequest(), len 38
        HEADER:
            opcode = QUERY, id = 2, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com.mydomain.local, type = A, class = IN

    ------------
    ------------
    Got answer (105 bytes):
        HEADER:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            google.com.mydomain.local, type = A, class = IN
        AUTHORITY RECORDS:
        ->  mydomain.local
            type = SOA, class = IN, dlen = 46
            ttl = 3600 (1 hour)
            primary name server = myserver.mydomain.local
            responsible mail addr = hostmaster.mydomain.local
            serial  = 87623
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 38
        HEADER:
            opcode = QUERY, id = 3, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com.mydomain.local, type = AAAA, class = IN

    ------------
    ------------
    Got answer (105 bytes):
        HEADER:
            opcode = QUERY, id = 3, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            google.com.mydomain.local, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  mydomain.local
            type = SOA, class = IN, dlen = 46
            ttl = 3600 (1 hour)
            primary name server = myserver.mydomain.local
            responsible mail addr = hostmaster.mydomain.local
            serial  = 87623
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    SendRequest(), len 28
        HEADER:
            opcode = QUERY, id = 4, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com, type = A, class = IN

    ------------
    ------------
    Got answer (44 bytes):
        HEADER:
            opcode = QUERY, id = 4, rcode = NOERROR
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com, type = A, class = IN
        ANSWERS:
        ->  google.com
            type = A, class = IN, dlen = 4
            internet address = 172.217.15.78
            ttl = 82 (1 min 22 secs)

    ------------
    Non-authoritative answer:
    ------------
    SendRequest(), len 28
        HEADER:
            opcode = QUERY, id = 5, rcode = NOERROR
            header flags:  query, want recursion
            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com, type = AAAA, class = IN

    ------------
    ------------
    Got answer (56 bytes):
        HEADER:
            opcode = QUERY, id = 5, rcode = NOERROR
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
            google.com, type = AAAA, class = IN
        ANSWERS:
        ->  google.com
            type = AAAA, class = IN, dlen = 16
            AAAA IPv6 address = 2607:f8b0:4004:810::200e
            ttl = 110 (1 min 50 secs)

    ------------
    Name:    google.com
    Addresses:  2607:f8b0:4004:810::200e
              172.217.15.78

                                                                                           

    • Edited by MicrosoftMD Saturday, May 12, 2018 12:05 PM
    Saturday, May 12, 2018 11:57 AM
  • Hi,

    Thanks for your reply.

    It shows that the DNS is fine and DC test passed. Traditionally, it will not be related to user base.

    Please also monitor the event viewer for any error message so that we could find more clue when the issue reproduces.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Tuesday, May 15, 2018 2:48 PM
  • Hi,

    How are things going on? Was the issue resolved?

    Please let me know if you would like further assistance.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by MicrosoftMD Friday, May 18, 2018 12:54 PM
    Thursday, May 17, 2018 8:00 AM