none
DNS NSLookout timed out twice before resolving on client PC but on the DC, it resolved without time-out RRS feed

  • Question

  • Hi All,

    having an issue with the NSlookup. 

    For client PC, first two lookup always time out before getting an ip. However, on the DC, it does not have any timeout when looking up for the same address. 

    Anyone can shed any light?

    On Client PC -->

    C:\>nslookup companyABC.com
    Server:  nyoDC1.companyABC.com
    Address:  xx.xxx.xxx.xxx

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Name:    companyABC.com
    Addresses:  xx.xxx.xxx.xxx

    xx.xxx.xxx.xxx

    xx.xxx.xxx.xxx

    On DC (nyoDC1)-->

    C:\>nslookup company.com
    Server:  nyoDC1.company.com

    C:\>nslookup companyABC.com
    Server:  localhost
    Address:  ::1

    Name:    companyABC.com

    Addresses:  xx.xxx.xxx.xxx

    xx.xxx.xxx.xxx

    xx.xxx.xxx.xxx

    • Changed type wdwdwad Sunday, May 22, 2016 11:39 AM
    Sunday, May 22, 2016 11:38 AM

Answers

  • Hi wdwdwad,

    Yes, you're debug shows the client's checking for the authority records for each configured domain suffix, which is expected behaviour.

    If you try running the same nslookup command but with a trailing period after the domain name - which is technically the correct format of a fully qualified domain name, you should find the alternate search domains specified are in fact not searched at all. You'll likely also find that the failed lookups (timeouts) will also disappear, as the final authority record indicates the hostname lookup ultimately succeeded.

    You might want to check from the client that it can actually reach the nominated DNS servers (indicated in the nslookup -debug results) for the dev domains as the timeouts indicate they're not responding for one reason or another. As a side note, while it could just be the product of the search-and-replace you've done, it does look like you have the same development domain listed twice as a search order suffix.

    In any case, if the FQDN format (again, this includes the trailing period) resolves straight away then you don't have any serious issues. That said, the DNS configuration is rather messy:

    1. The DNS servers should never feature the loopback addresses as DNS server entries (taken from the server ipconfig). Remove the 127.0.0.1 and ::1 entries from the IPv4 and IPv6 DNS settings respectively.
    2. There's not much value in using more than two or three DNS server IPs in the IPv4 configuration as the time taken to iterate through each means most client application requests will have given up well before the server has returned all results, meaning you're generating extra load for no good reason. Ideally, cut it down to pointing to itself and one other domain controller.

    Cheers,
    Lain

    Thursday, May 26, 2016 6:26 AM

All replies

  • Hi,

    Some more diagnostic information might prove useful, though if you're going to blank the IP addresses out (unless they're public IP addresses, I'm not sure what you're hoping to gain from doing that), that's going to leave us in the dark.

    The output from the following would help:

    1. "ipconfig /all" from both the client and the server.
    2. "dnslookup -debug companyABC.com" from the client.

    Also:

    1. What operating systems are we talking about on the server and client sides?
    2. Have you checked that TCP port 53 and UDP port 53 are open on the domain controller?
    3. Have you ensured that you have created the reverse lookup zones for the server IPv4 and IPv6 zones?

    One indicator that perhaps not all is set up as it should be is the local result from the domain controller, as once the dcpromo has ended, one of the first things that should be done is to change the loopback reference (127.0.0.1 and ::1) to the actual IPv4 and IPv6 addresses.

    Also, if you're not going to set up IPv6 in a usable manner (at least with site-local address if not public) then you're better off disabling it. If your domain controller has a GUI, unbind the IPv6 protocol from the network interface. If you're running Server Core then you have a few options, some easier than others depending on the Windows Server version.

    If the domain controller is running Server 2012 R2 Service Core then you can use the Get-NetAdapterBinding and Set-NetAdapterBinding to check and disable the IPv6 binding - which is the best option. If you're running a prior version then it starts getting ugly. You can still unbind IPv6 if you know what you're doing with regedit but most people will elect to choose one of the options covered in this KB article (i.e. either prioritise the IPv4 traffic or straight up disable IPv6).

    Cheers,
    Lain

    Sunday, May 22, 2016 1:59 PM
  • On your DC, please remove ::1 from being your IPv6 DNS server and make the IP settings automatically configure for IPv6.

    For the troubleshooting of your issue, please refer to this thread about similar one where you can find good suggestions: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f8da7378-db99-4e25-a8f9-c6103dd809d4/nslookup-dns-request-timed-out-timeout-was-2-seconds-cant-find-server-name-for-address?forum=winserverDS


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, May 22, 2016 5:18 PM
  • Hi wdwdwad,

    This kb may help:

    "DNS Request Timed Out" Error Message When You Start Nslookup From a Command Line

    https://support.microsoft.com/en-us/kb/242906

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 23, 2016 5:32 AM
  • hihi

    Thanks for the reply:

    OS for client is WIn 7.

    OS for server is 2012 R2.

    How do I know if reverse lookup zones for IPv4 and v6 are created?

    client.ipconfig
    =========================

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : ClientPC1
       Primary Dns Suffix  . . . . . . . : companyABC.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : companyABC.com
                                           dev.domain1
                                           dev.domain1

    Wireless LAN adapter Wireless Network Connection 3:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : nyc.rr.com
       Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6250 AGN
       Physical Address. . . . . . . . . : 64-80-99-76-DB-C0
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Local Area Connection 4:

       Connection-specific DNS Suffix  . : companyABC.com
       Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection #4
       Physical Address. . . . . . . . . : B8-CA-3A-D8-28-5D
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.224.3.180(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Saturday, April 23, 2016 2:35:56 PM
       Lease Expires . . . . . . . . . . : Sunday, May 29, 2016 3:06:40 PM
       Default Gateway . . . . . . . . . : 10.224.3.1
       DHCP Server . . . . . . . . . . . : 10.224.33.26
       DNS Servers . . . . . . . . . . . : 10.224.33.211
                                           10.224.33.21
       Primary WINS Server . . . . . . . : 10.224.33.212
       Secondary WINS Server . . . . . . : 10.224.33.22
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection* 11:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Citrix Virtual Adapter
       Physical Address. . . . . . . . . : 02-50-F2-00-00-01
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    client.nslookup
    =========================
    nslookup companyABC.com
    Server:  DCServer1.companyABC.com
    Address:  10.224.33.211

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Name:    companyABC.com
    Addresses:  10.88.164.236
              10.224.33.211
              10.224.46.11
              10.88.85.53
              10.225.41.31
              10.225.41.80
              10.225.46.11
              10.1.46.11
              10.88.168.227
              10.224.33.21
              10.99.2.222
              10.88.172.234
              10.88.33.146
              10.88.62.234
              10.88.33.136
              10.63.2.10
              10.200.4.233
              10.200.4.232
              10.1.20.102
              10.2.20.26


    client.NSlookupDebug
    =========================
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 1, rcode = NOERROR
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 1,  authority records = 0,  additional = 0

        QUESTIONS:
    211.33.224.10.in-addr.arpa, type = PTR, class = IN
        ANSWERS:
        ->  211.33.224.10.in-addr.arpa
    name = DCServer1.companyABC.com
    ttl = 1200 (20 mins)

    ------------
    Server:  DCServer1.companyABC.com
    Address:  10.224.33.211

    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 2, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.companyABC.com, type = A, class = IN
        AUTHORITY RECORDS:
        ->  companyABC.com
    ttl = 3600 (1 hour)
    primary name server = DCServer1.companyABC.com
    responsible mail addr = admin
    serial  = 3661565
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 900 (15 mins)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 3, rcode = NXDOMAIN
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.companyABC.com, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  companyABC.com
    ttl = 3600 (1 hour)
    primary name server = DCServer1.companyABC.com
    responsible mail addr = admin
    serial  = 3661565
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 900 (15 mins)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 4, rcode = NXDOMAIN
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.dev.domain1, type = A, class = IN
        AUTHORITY RECORDS:
        ->  dev.domain1
    ttl = 38 (38 secs)
    primary name server = testServer1.dev.domain1
    responsible mail addr = hostmaster
    serial  = 46177
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 5, rcode = NXDOMAIN
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.dev.domain1, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  dev.domain1
    ttl = 38 (38 secs)
    primary name server = testServer1.dev.domain1
    responsible mail addr = hostmaster
    serial  = 46177
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 6, rcode = NXDOMAIN
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.dev.domain1, type = A, class = IN
        AUTHORITY RECORDS:
        ->  (root)
    ttl = 38 (38 secs)
    primary name server = a.root-servers.net
    responsible mail addr = nstld.verisign-grs.com
    serial  = 2016052400
    refresh = 1800 (30 mins)
    retry   = 900 (15 mins)
    expire  = 604800 (7 days)
    default TTL = 86400 (1 day)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 7, rcode = NXDOMAIN
    header flags:  response, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com.dev.domain1, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  (root)
    ttl = 38 (38 secs)
    primary name server = a.root-servers.net
    responsible mail addr = nstld.verisign-grs.com
    serial  = 2016052400
    refresh = 1800 (30 mins)
    retry   = 900 (15 mins)
    expire  = 604800 (7 days)
    default TTL = 86400 (1 day)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 8, rcode = NOERROR
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 20,  authority records = 0,  additional = 0

        QUESTIONS:
    companyABC.com, type = A, class = IN
        ANSWERS:
        ->  companyABC.com
    internet address = 10.200.4.233
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.200.4.232
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.1.20.102
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.2.20.26
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.164.236
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.224.33.211
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.224.46.11
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.85.53
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.225.41.31
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.225.41.80
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.225.46.11
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.1.46.11
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.168.227
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.224.33.21
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.99.2.222
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.172.234
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.33.146
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.62.234
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.88.33.136
    ttl = 600 (10 mins)
        ->  companyABC.com
    internet address = 10.63.2.10
    ttl = 600 (10 mins)

    ------------
    ------------
    Got answer:
        HEADER:
    opcode = QUERY, id = 9, rcode = NOERROR
    header flags:  response, auth. answer, want recursion, recursion avail.
    questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
    companyABC.com, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  companyABC.com
    ttl = 3600 (1 hour)
    primary name server = DCServer1.companyABC.com
    responsible mail addr = admin
    serial  = 3661565
    refresh = 900 (15 mins)
    retry   = 600 (10 mins)
    expire  = 86400 (1 day)
    default TTL = 900 (15 mins)

    ------------
    Name:    companyABC.com
    Addresses:  10.200.4.233
     10.200.4.232
     10.1.20.102
     10.2.20.26
     10.88.164.236
     10.224.33.211
     10.224.46.11
     10.88.85.53
     10.225.41.31
     10.225.41.80
     10.225.46.11
     10.1.46.11
     10.88.168.227
     10.224.33.21
     10.99.2.222
     10.88.172.234
     10.88.33.146
     10.88.62.234
     10.88.33.136
     10.63.2.10

    server.ipconfig
    =========================
    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCServer1
       Primary Dns Suffix  . . . . . . . : companyABC.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : sin.companyABC.com
                                           companyABC.com

    Ethernet adapter Ethernet0:

       Connection-specific DNS Suffix  . : companyABC.com
       Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
       Physical Address. . . . . . . . . : 00-50-56-89-2A-75
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::e532:d4c3:e196:855%14(Preferred) 
       IPv4 Address. . . . . . . . . . . : 10.224.33.211(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.224.33.1
       DHCPv6 IAID . . . . . . . . . . . : 352342102
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-D2-47-1F-00-50-56-89-2A-75
       DNS Servers . . . . . . . . . . . : ::1
                                           10.224.33.211
                                           10.224.33.21
                                           10.88.33.136
                                           10.63.2.10
                                           10.88.33.146
                                           127.0.0.1
       Primary WINS Server . . . . . . . : 10.224.33.212
       Secondary WINS Server . . . . . . : 10.224.33.22
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.companyABC.com:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : companyABC.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    server.nslookup
    =========================
    Server:  localhost
    Address:  ::1

    Name:    companyABC.com
    Addresses:  10.88.62.234
     10.88.33.136
     10.63.2.10
     10.200.4.233
     10.200.4.232
     10.1.20.102
     10.2.20.26
     10.88.164.236
     10.224.33.211
     10.224.46.11
     10.88.85.53
     10.225.41.31
     10.225.41.80
     10.225.46.11
     10.1.46.11
     10.88.168.227
     10.224.33.21
     10.99.2.222
     10.88.172.234
     10.88.33.146







    • Edited by wdwdwad Tuesday, May 24, 2016 10:28 AM
    Tuesday, May 24, 2016 10:16 AM
  • Hi Lain

    I have furnished new info in my earlier post. 

    Any idea from the NSlookup debug?

    /wd

    Thursday, May 26, 2016 5:35 AM
  • Hi wdwdwad,

    Yes, you're debug shows the client's checking for the authority records for each configured domain suffix, which is expected behaviour.

    If you try running the same nslookup command but with a trailing period after the domain name - which is technically the correct format of a fully qualified domain name, you should find the alternate search domains specified are in fact not searched at all. You'll likely also find that the failed lookups (timeouts) will also disappear, as the final authority record indicates the hostname lookup ultimately succeeded.

    You might want to check from the client that it can actually reach the nominated DNS servers (indicated in the nslookup -debug results) for the dev domains as the timeouts indicate they're not responding for one reason or another. As a side note, while it could just be the product of the search-and-replace you've done, it does look like you have the same development domain listed twice as a search order suffix.

    In any case, if the FQDN format (again, this includes the trailing period) resolves straight away then you don't have any serious issues. That said, the DNS configuration is rather messy:

    1. The DNS servers should never feature the loopback addresses as DNS server entries (taken from the server ipconfig). Remove the 127.0.0.1 and ::1 entries from the IPv4 and IPv6 DNS settings respectively.
    2. There's not much value in using more than two or three DNS server IPs in the IPv4 configuration as the time taken to iterate through each means most client application requests will have given up well before the server has returned all results, meaning you're generating extra load for no good reason. Ideally, cut it down to pointing to itself and one other domain controller.

    Cheers,
    Lain

    Thursday, May 26, 2016 6:26 AM