none
Windows DNS is not functioning correctly RRS feed

  • Question

  • We currently have two DNS servers in our network, There is one Physical system and one hyper-V server running DNS. We have a total of 87 End users, the Domain controllers are Windows 2012R2 and are minimal spec'd at 12 cores Xenon, with 32GB DDR3 Registered memory and a Raid 5 SSD array.. The Virtual is on an All flash array with about half the cores, and memory.. 

    The issue is simply.. 

    I can't get certain websites to work directly.. i am not really sure why.. 

    For instance, i launch a browser, go to https://accounts.level3.com and it tells me the page cannot be displayed.. 

    However if i go to www.level3.com it works fine, then i can click on the logon page link on the home page, and it will load accounts.level3.com fine.. But i can't go directly to it.. i have changed my desktop DNS from pointing to our internal DNS server to googles open DNS and it works fine, so i know it is our DNS server.. The DNS server has forwarders set on the same addresses and they fail on the Windows DNS server.. 

    Settings: 

    DNS - Running Forwarders, not Root hints.. 

    Round robin is enabled

    Netmask ordering is enabled

    Secure Cache against pollution is enabled

    DNSSEC Validation is enabled for remote responses. 

    Firewall - 
    I have policies setup on my corp network to allow all DNS traffic to the two DNS servers through the firewall, and have static routes setup to the external DNS servers, and that seems to function fine, as i can see the traffic, for the requests of DNS. 

    The only thing i can think is that it is from Over utilization of the network, as we have people in our office who think having 200 tabs each browser open as acceptable.. Though i don't know that this would cause that kind of issue.. 

    Desktops - These systems do not run DHCP, they are all set to use static addresses, and statically assigned DNS to the two DNS servers, there are logon scripts to clear browser history on reboot, as well as flush DNS. 

    Any help, or direction would be helpful.. 


    Rob


    Thursday, March 22, 2018 2:24 PM

All replies

  • Hi,

    Thanks for your question.

    I am experiencing the same issue as yours while browsing the site https://accounts.level3.com on my network. I can access to https://www.level3.com , but I can’t find the logon button on its home page. So I suspect the issue may caused by level3 web site or the web server. If it isn't the reason, may I know more information about this issue? 

    Highly appreciate your effort and time. If you have any questions and concerns, please feel free to let me know.

    Wish you have a wonderful weekend!

    Best regards, 

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 23, 2018 7:10 AM
  • Michael, 

    Oddly enough if you change your desktop settings, go into your network adapter, and change the Primary and secondary DNS to use an external source, do a ipconfig /flushdns, and try the site again, it will work fine, so there is something about the DNS settings on a Microsoft DNS server that doesn't translate these sites correctly.. 

    I can confirm that this issue does not exist in Windows 2000 Advanced Server running DNS, so it appears to just be in 2008R2 - 2016 DNS services. (I haven't tested 2003 or 2003R2 or 2008) 


    Rob

    Friday, March 23, 2018 8:26 PM
  • I went to SSL LABS, https://www.ssllabs.com/ssltest/. I put in accounts.level3.com. I get "Unable to resolve domain name". 
               
    Friday, March 23, 2018 8:53 PM
  • Worked for me... at https://www.ssllabs.com/ssltest/

    Miscellaneous
    Test date Tue, 27 Mar 2018 12:20:00 UTC
    Test duration 98.51 seconds
    HTTP status code 200
    HTTP server signature -
    Server hostname ssoidcext.Level3.com

    Miscellaneous
    Test date Tue, 27 Mar 2018 12:20:00 UTC
    Test duration 98.51 seconds
    HTTP status code 200
    HTTP server signature -
    Server hostname ssoidcext.Level3.com


    Rob

    Tuesday, March 27, 2018 12:22 PM
  • Hi,

    I went to the site: (https://account.level3.com/login) . It seems working properly now.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 28, 2018 1:29 AM
  • Hi,

    How are things going on? Was your issue resolved?

    Please let us know if you would like further assistance.

    Wish you have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 30, 2018 11:32 AM
  • Hi,

    How are things going on? Was your issue resolved?

    Please let us know if you would like further assistance.

    Wish you have a nice day!

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, April 2, 2018 1:18 PM
  • Michael, 

    It is intermittent, i have looked at DNSStuff.com to see if it is an Our issue, or a Them issue, but i can actually replicate this on multiple sites.. it's not just this one site i used as an example.. I am trying to figure out how to troubleshoot this internally, as there are no error logs anywhere generated when the site fails.. Is there a way to turn on additional logging on my DNS server to see why these issues are occuring? 

    I can see the traffic in my firewall.. 

    But that's not really helpful on this.. as that looks to be working.. 


    Rob

    Monday, April 2, 2018 1:23 PM