none
Issues with local DNS RRS feed

  • Question

  • Hi,

       We have a problem recently. Cname records created in our local DNS are not working quite often. It's highly unstable. Client pc's can resolve the cnames certain times and after few minutes they are not able to resolve. Once they logoff and login again everything looks to be working fine.

     We are facing this issue after installing an FSSO (Single sign on) agent on the domain controller. This agent is part of our newly acquired firewall. Basically this agent collects user logon information from AD and sends it to Firewall

    Already restarted DNS service, created new CName record. Still issue persist. There are no issues with resolving A record for the same server. Struck with this for past two days. Any help will be very much appreciated. 

    Server: Small business server 2008

    FSSO client is from Fortigate 


    Wednesday, February 17, 2016 8:10 AM

Answers

  • Issue Resolved :

       Issue was with our Firewall and DNS configuration . We had the local DNS specified as DNS server on the firewall box and also somehow we had entered google DNS as a secondary dns source in our DHCP .

    Cleared all this confusion . On the firewall specified our ISP's DNS servers . In our local DHCP server removed Google dns .    

    • Marked as answer by Khan_SOCPA Monday, February 29, 2016 7:41 AM
    Monday, February 29, 2016 7:41 AM

All replies

  • Strange that it only seems to affect CNAME records. Try this when a client can't resolve a CNAME:

    # nslookup

    > set type=any

    > cnamerecord.domain.com

    What response do you get?  Your DNS server is either going to time out or respond with some sort of information that should help.

    Thursday, February 18, 2016 12:59 AM
  • Hi Khan,

              

                 >>We are facing this issue after installing an FSSO (Single sign on) agent on the domain controller.

                  Since it happened after you installed FSSO.Please stop the service of FSSO on the DNS server,or uninstall it,then test again,do they work approprite?

                  In addtion,please contact the vendor or techsurpport of Fortigate for more information.

     

      Best Regards,

    Cartman


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 18, 2016 5:48 AM
  • Hi Ryan, 

      Whats more strange is anytime i do NSlookup its successful . Normally what happens is Ping doesn't work , Nslookup works , i release/renew my ip config again everything starts working . 

    Thursday, February 18, 2016 8:24 AM
  • Hi Cartman Shen ,  

                   Unfortunately i can't stop the Fsso agent as my Firewall is solely dependent on this . Yes i have already raised a ticket with Fortigate support team . Hoping to get an answer from any possible source :-) 

    Thursday, February 18, 2016 8:29 AM
  • Issue Resolved :

       Issue was with our Firewall and DNS configuration . We had the local DNS specified as DNS server on the firewall box and also somehow we had entered google DNS as a secondary dns source in our DHCP .

    Cleared all this confusion . On the firewall specified our ISP's DNS servers . In our local DHCP server removed Google dns .    

    • Marked as answer by Khan_SOCPA Monday, February 29, 2016 7:41 AM
    Monday, February 29, 2016 7:41 AM