Win2003 DNS server woes...

Hi, Ive been pulling my hair out on this one for some time now... Ive got my own domains registered, and pointing to my own DNS server which runs on Windows 2003 (also domain controller etc).

I have a local domain for the windows DC (highrez.local) and an external domain (zone file) setup without AD integration for my public facing DNS names (highrez.co.uk etc).

The single NIC has 4 IP's associated with it, two local (10.10.0.xxx) and two public (213.208.99.xxx) and is set to answer on all IP's which it does when its all working... The server is also a RRAS VPN server and IIS web server etc...

Initially, all works fine, the server responds and fowards local client requests via the use of forwarders (and/or root hints if I disable the forwarders)....

UNTIL at some random point, it will just stop working , The interlan domain members can not resolve names, the server can not resolve names, DNS quesries from external sources time out etc - I can telnet to port 53 - it accests the connections but thats about all (dunno if it should respond in any other way)!

NSLookup connects but firstly says it cant find the server name for 10.10.0.1 (I have got reverse ptr's setup - and it dosnt say that when alls working) and then timeouts when I request a FQDN or a local (i.e. www) lookup. - I get the same results from the server or clients, for internal names and or external names.

Restarting the Win2k3 DNS service fixes the problem for a period, then after a seemingly random time it all goes wrong again and requires another service restart.

Ive already tried re-installing the server, it seemed to work for a couple of weeks but then had the same problem - just timeouts until the server is restarted

I've done loads of web searches but havnt come up with a solution (or really with anyone having simular problems)..

Does anyone have any thoughts on what may be wrong here? The concerning thing is that a DNS service restart fixes it (as does a reboot of course) but only for a short time.

The DNS console "monitoring" reports FAIL on simple and recursion tests, no events are logged and after the restart the monitor reports PASS for both simple and recursive tests....

I'm about to give up and schedule a DNS server restart every 10 minutes or so - but that is not the answer - I must have missed something stupid?!

Thanks for any pointers,
Phil

Does your event logs have anything to say about it?

Hi Phillip,

I can almost guarantee you the problem is that you have default gateways setup pointing to internal routers. Check all four of your NICs using Network Connections and make sure that none of them are pointing to 10.10.0.1 (or whatever your internal default gateway is). You should only have 1 default gateway, and since you've got external IPs, it should only be set on those addresses, and only to the external default gateway. The behavior you're describing is exactly the symptom of misconfigured gateways. Don't worry, things will still work correctly internally. Hope this helps keep your hair in!

Regards,
Alan Graham

WOW i have exactly the same problem, on 2 server on the same site, the gateways aren't the problem.

-BaC

BaC,

If it is not your default gateway then it is your subnet mask. I bet you're running a 10.x.x.x internal network, aren't you? Change the subnet masks of your DNS server's 10.x.x.x NICs to 255.255.255.0 instead of 255.0.0.0. If for some reason your internal NICs are setup for DHCP change them to static and set the subnet mask correctly.

Regards,
Alan

Well I just started this job here, so still getting used to the network. I just looked about a bit, it's a remote site with an admin on site. I just noticed he has the subneting wrong... All the routers are configured with b class mask, yet he has everthing there set as c class. Must be the issue, thanks for your help. I tried changing one server to c class 255.255.255.0 24 bit and I am still having the issue. I am not sure why this guy has a c class set, I'm not sure why they are using a b class anyway, Any other ideas or should I convert the whole network to c class?

Thanks for your help

-BaC

Hi BaC,

At this point all I can say is I've had this issue myself (about a year ago), I've seen it before from other people, and not once has it been an actual DNS problem. It has always been a network configuration issue. When I encountered it I spent about three hours closely checking and correcting configuration issues and the problem went away. If its not the internal subnet mask, perhaps it's on the external masks. You should make sure those are correct, and try stopping and restarting the DNS server after everything is up to spec.

The theory behind what is happening is that at some random point your DNS server tries to make a DNS lookup, it finds it is unable to process the request over its default gateway, and then searches for a different path using the routing table based on the subnet mask. Perhaps doing "ROUTE PRINT > good" when it is working correctly and then ROUTE PRINT > bad when it messed up and compare the two files will shed some light.

Regards,
Alan