|
|
Hi,
I have DNS running on a SBS 2003 server. When we first go to a web site, the
lookup fails, if we hit refresh it works fine. I'm not sure on the timeing
of the lookups, but it will fail again after a bit of time (an hour or so).
I've looked at the debugging log and I can see a "servfail" but no good
reason why it should happen.
Thanks,
Dave
Server IP Config:
Windows IP Configuration
Host Name . . . . . . . . . . . . : igate2
Primary Dns Suffix . . . . . . . : pawtucket.majorelectricsupply.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pawtucket.majorelectricsupply.local
majorelectricsupply.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
Physical Address. . . . . . . . . : 00-0E-0C-5B-0E-87
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.6.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.6.1
DNS Servers . . . . . . . . . . . : 192.168.6.101
Primary WINS Server . . . . . . . : 192.168.6.101
Client IP Config:
Windows IP Configuration
Host Name . . . . . . . . . . . . : DEC2006
Primary Dns Suffix . . . . . . . : pawtucket.majorelectricsupply.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : pawtucket.majorelectricsupply.local
majorelectricsupply.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : pawtucket.majorelectricsupply.local
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
Controller
Physical Address. . . . . . . . . : 00-14-22-45-F7-40
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.6.22
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.6.1
DHCP Server . . . . . . . . . . . : 192.168.6.101
DNS Servers . . . . . . . . . . . : 192.168.6.101
Primary WINS Server . . . . . . . : 192.168.6.101
Lease Obtained. . . . . . . . . . : Thursday, April 26, 2007 11:10:25 PM
Lease Expires . . . . . . . . . . : Friday, April 27, 2007 11:10:25 PM
|
|
Hello Dave,
Have you configured a forwarder at the DNS server to your ISP's DNS?
Best regards
Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
[Quoted Text] > Hi,
>
> I have DNS running on a SBS 2003 server. When we first go to a web
> site, the lookup fails, if we hit refresh it works fine. I'm not sure
> on the timeing of the lookups, but it will fail again after a bit of
> time (an hour or so).
>
> I've looked at the debugging log and I can see a "servfail" but no
> good reason why it should happen.
>
> Thanks,
> Dave
> Server IP Config:
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : igate2
> Primary Dns Suffix . . . . . . . :
> pawtucket.majorelectricsupply.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . :
> pawtucket.majorelectricsupply.local
> majorelectricsupply.local
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/100 S Server
> Adapter
> Physical Address. . . . . . . . . : 00-0E-0C-5B-0E-87
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.6.101
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.6.1
> DNS Servers . . . . . . . . . . . : 192.168.6.101
> Primary WINS Server . . . . . . . : 192.168.6.101
> Client IP Config:
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : DEC2006
> Primary Dns Suffix . . . . . . . :
> pawtucket.majorelectricsupply.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . :
> pawtucket.majorelectricsupply.local
> majorelectricsupply.local
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> pawtucket.majorelectricsupply.local
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
> Physical Address. . . . . . . . . : 00-14-22-45-F7-40
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.6.22
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.6.1
> DHCP Server . . . . . . . . . . . : 192.168.6.101
> DNS Servers . . . . . . . . . . . : 192.168.6.101
> Primary WINS Server . . . . . . . : 192.168.6.101
> Lease Obtained. . . . . . . . . . : Thursday, April 26, 2007
> 11:10:25 PM
> Lease Expires . . . . . . . . . . : Friday, April 27, 2007 11:10:25
> PM
|
|
Read inline please.
In news:e6KDuEMiHHA.1388[ at ]TK2MSFTNGP05.phx.gbl,
Dave DeCoursey <mis[ at ]majorelectricsup.com> typed:
[Quoted Text] > Hi,
>
> I have DNS running on a SBS 2003 server. When we first go to a web
> site, the lookup fails, if we hit refresh it works fine. I'm not sure
> on the timeing of the lookups, but it will fail again after a bit of
> time (an hour or so).
>
> I've looked at the debugging log and I can see a "servfail" but no
> good reason why it should happen.
Is the DC/DNS behind a firewall?
828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Thanks for the repsonse,
Yes, I have all of my forwarders defined.
Thanks,
Dave
"Myweb" <meiweb[ at ]gmx.de> wrote in message
news:ff16fb662482b8c957b76039b3e3[ at ]msnews.microsoft.com...
[Quoted Text] > Hello Dave,
>
> Have you configured a forwarder at the DNS server to your ISP's DNS?
>
> Best regards
>
> Myweb
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>> Hi,
>>
>> I have DNS running on a SBS 2003 server. When we first go to a web
>> site, the lookup fails, if we hit refresh it works fine. I'm not sure
>> on the timeing of the lookups, but it will fail again after a bit of
>> time (an hour or so).
>>
>> I've looked at the debugging log and I can see a "servfail" but no
>> good reason why it should happen.
>>
>> Thanks,
>> Dave
>> Server IP Config:
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : igate2
>> Primary Dns Suffix . . . . . . . :
>> pawtucket.majorelectricsupply.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . :
>> pawtucket.majorelectricsupply.local
>> majorelectricsupply.local
>> Ethernet adapter Server Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Intel(R) PRO/100 S Server
>> Adapter
>> Physical Address. . . . . . . . . : 00-0E-0C-5B-0E-87
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.6.101
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.6.1
>> DNS Servers . . . . . . . . . . . : 192.168.6.101
>> Primary WINS Server . . . . . . . : 192.168.6.101
>> Client IP Config:
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : DEC2006
>> Primary Dns Suffix . . . . . . . :
>> pawtucket.majorelectricsupply.local
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : No
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . :
>> pawtucket.majorelectricsupply.local
>> majorelectricsupply.local
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . :
>> pawtucket.majorelectricsupply.local
>> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
>> Controller
>> Physical Address. . . . . . . . . : 00-14-22-45-F7-40
>> DHCP Enabled. . . . . . . . . . . : Yes
>> Autoconfiguration Enabled . . . . : Yes
>> IP Address. . . . . . . . . . . . : 192.168.6.22
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>> Default Gateway . . . . . . . . . : 192.168.6.1
>> DHCP Server . . . . . . . . . . . : 192.168.6.101
>> DNS Servers . . . . . . . . . . . : 192.168.6.101
>> Primary WINS Server . . . . . . . : 192.168.6.101
>> Lease Obtained. . . . . . . . . . : Thursday, April 26, 2007
>> 11:10:25 PM
>> Lease Expires . . . . . . . . . . : Friday, April 27, 2007 11:10:25
>> PM
>
>
|
|
Thanks Kevin,
I've looked into this (caused me to rework my firewall). This doesn't appear
to be the problem (I had the problem with only a NAT firewall). My new
firewall, a Juniper NS5GT is supposed to work fine with the larger packets.
Thanks,
Dave
"Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> wrote in message
news:uVMSnBfiHHA.872[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > Read inline please. > > In news:e6KDuEMiHHA.1388[ at ]TK2MSFTNGP05.phx.gbl, > Dave DeCoursey <mis[ at ]majorelectricsup.com> typed: >> Hi, >> >> I have DNS running on a SBS 2003 server. When we first go to a web >> site, the lookup fails, if we hit refresh it works fine. I'm not sure >> on the timeing of the lookups, but it will fail again after a bit of >> time (an hour or so). >> >> I've looked at the debugging log and I can see a "servfail" but no >> good reason why it should happen. > > Is the DC/DNS behind a firewall? > 828263 - DNS query responses do not travel through a firewall in Windows > Server 2003: > http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP> > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728> =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > >
|
|
OK, after much searching and playing, I finally found a couple of posts that
said to remove the forwarders so that we go straight to root hints. Is this
a good idea? (Why not?) It appears that it might be working.
Thanks,
Dave
"Dave DeCoursey" <mis[ at ]majorelectricsup.com> wrote in message
news:e6KDuEMiHHA.1388[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Hi,
>
> I have DNS running on a SBS 2003 server. When we first go to a web site,
> the lookup fails, if we hit refresh it works fine. I'm not sure on the
> timeing of the lookups, but it will fail again after a bit of time (an
> hour or so).
>
> I've looked at the debugging log and I can see a "servfail" but no good
> reason why it should happen.
>
> Thanks,
> Dave
>
> Server IP Config:
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : igate2
> Primary Dns Suffix . . . . . . . : pawtucket.majorelectricsupply.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : pawtucket.majorelectricsupply.local
> majorelectricsupply.local
>
> Ethernet adapter Server Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/100 S Server Adapter
> Physical Address. . . . . . . . . : 00-0E-0C-5B-0E-87
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.6.101
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.6.1
> DNS Servers . . . . . . . . . . . : 192.168.6.101
> Primary WINS Server . . . . . . . : 192.168.6.101
>
>
> Client IP Config:
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : DEC2006
> Primary Dns Suffix . . . . . . . : pawtucket.majorelectricsupply.local
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : pawtucket.majorelectricsupply.local
> majorelectricsupply.local
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : pawtucket.majorelectricsupply.local
> Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit
> Controller
> Physical Address. . . . . . . . . : 00-14-22-45-F7-40
> DHCP Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 192.168.6.22
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 192.168.6.1
> DHCP Server . . . . . . . . . . . : 192.168.6.101
> DNS Servers . . . . . . . . . . . : 192.168.6.101
> Primary WINS Server . . . . . . . : 192.168.6.101
> Lease Obtained. . . . . . . . . . : Thursday, April 26, 2007 11:10:25 PM
> Lease Expires . . . . . . . . . . : Friday, April 27, 2007 11:10:25 PM
>
|
|
Read inline please.
In news:OLTmR5inHHA.4516[ at ]TK2MSFTNGP05.phx.gbl,
Dave DeCoursey <mis[ at ]majorelectricsup.com> typed:
[Quoted Text] > OK, after much searching and playing, I finally found a couple of
> posts that said to remove the forwarders so that we go straight to
> root hints. Is this a good idea?
If it works, yes.
Using a Forwarder, especially if it is not a trusted forwarder, can cause a
single point of failure, and could be a security risk.
If your firewall supports DNS proxying, use the firewall as your forwarder,
I would not use an outside service provider for a forwarder. I'd rather use
Root Hints because then in order for someone to hijack your DNS, they would
have to hijack an Authoritative server. If you use a Forwarder, if the
forwarder gets hijacked, so does yours. It is a lot more difficult to hijack
a DNS server that resolves names from the root because most of the DNS
servers it comes into contact with can only answer authoritatively.
(Why not?) It appears that it might
> be working.
The main reason to use a forwarder in the first place would be to take
advantage of previously cached records resolved by the forwarder. Another
reason for using a forwarder would be to reduce the number of IP addresses,
your DNS server would have to visit to find the answer to query.
However, if the forwarder itself is overloaded and slow, or if it has a
corrupted answer in its cache, it directly affects the performance of your
DNS server.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Thanks for the great response Kevin, you answered what I really needed to
know.
Thanks,
Dave
"Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> wrote in message
news:%23ly4yysnHHA.3264[ at ]TK2MSFTNGP04.phx.gbl...
[Quoted Text] > Read inline please. > > In news:OLTmR5inHHA.4516[ at ]TK2MSFTNGP05.phx.gbl, > Dave DeCoursey <mis[ at ]majorelectricsup.com> typed: >> OK, after much searching and playing, I finally found a couple of >> posts that said to remove the forwarders so that we go straight to >> root hints. Is this a good idea? > If it works, yes. > > Using a Forwarder, especially if it is not a trusted forwarder, can cause > a > single point of failure, and could be a security risk. > > If your firewall supports DNS proxying, use the firewall as your > forwarder, > I would not use an outside service provider for a forwarder. I'd rather > use > Root Hints because then in order for someone to hijack your DNS, they > would > have to hijack an Authoritative server. If you use a Forwarder, if the > forwarder gets hijacked, so does yours. It is a lot more difficult to > hijack > a DNS server that resolves names from the root because most of the DNS > servers it comes into contact with can only answer authoritatively. > > (Why not?) It appears that it might >> be working. > The main reason to use a forwarder in the first place would be to take > advantage of previously cached records resolved by the forwarder. Another > reason for using a forwarder would be to reduce the number of IP > addresses, > your DNS server would have to visit to find the answer to query. > However, if the forwarder itself is overloaded and slow, or if it has a > corrupted answer in its cache, it directly affects the performance of your > DNS server. > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > >
|
|
|