|
|
Hi
Everything worked fine for years and now I got this strange problem. We have
2 DNS servers for our domain. Both are forwarding the unresolved requests to
our internet gateway server. This server also runs a dns server but doesn't
have zones defined and only forwards everything to our ISP-DNSes. (By the
way, all servers are 2003 R2 SP2).
Now the problem is, that this gateway-dns server stops resolving, but
doesn't crash. The server is still responding (mmc console)... but it only
resolves the names again after a restart of the service. I also don't get
any event logged... so, I don't know what to do now. Is this a known problem
because of an update or so? Why do I have this problem only with 1 of our
total 5 dns servers? Could this be an attack from outside?
Oh, yes... I forgot... this server also runs RRAS (it's our gateway, so it
has multiple NICs, but DNS is only bound to one IP).
thank you for infos about this
MR - Rudolf Meier
|
|
Read inline please.
In news:%234rh2O$jHHA.3760[ at ]TK2MSFTNGP02.phx.gbl,
Rudolf Meier <meiru[ at ]gmx.net> typed:
[Quoted Text] > Hi
>
> Everything worked fine for years and now I got this strange problem.
> We have 2 DNS servers for our domain. Both are forwarding the
> unresolved requests to our internet gateway server. This server also
> runs a dns server but doesn't have zones defined and only forwards
> everything to our ISP-DNSes. (By the way, all servers are 2003 R2
> SP2).
> Now the problem is, that this gateway-dns server stops resolving, but
> doesn't crash. The server is still responding (mmc console)... but it
> only resolves the names again after a restart of the service. I also
> don't get any event logged... so, I don't know what to do now. Is
> this a known problem because of an update or so?
Never heard of any updates doing this.
Why do I have this problem only with 1 of our total 5 dns servers?
Now I'm confused, you have 2 DNS server or 5?
How is Forwarding configured on the server that quits?
Could this be an attack from outside?
I have seen cases when a DNS server gets hyjacked by getting its cache
corrupted with a Root Server record that has a wildcard entry in it, there
by resolving all queries to one web site.
If it happens again run these nslookup commands against it:
nslookup -qtype=ns .
nslookup -qtype=soa .
Don't miss the "." in the lookup
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Hi
[Quoted Text] > Never heard of any updates doing this.
>
> Why do I have this problem only with 1 of our total 5 dns servers?
> Now I'm confused, you have 2 DNS server or 5?
2 for our AD-Domain and 3 others. 1 is on our internet gateway and 2 others
on seperate servers.
So... involved in this resolution are only 2 servers, but we have in total
5. :-)
> How is Forwarding configured on the server that quits?
.... *hmm* I'd say normal. It has two IPs as forward servers but no own zones
on it.
> Could this be an attack from outside?
> I have seen cases when a DNS server gets hyjacked by getting its cache
> corrupted with a Root Server record that has a wildcard entry in it, there
> by resolving all queries to one web site.
> If it happens again run these nslookup commands against it:
> nslookup -qtype=ns .
> nslookup -qtype=soa .
>
> Don't miss the "." in the lookup
OK, I'll try that... thanks.
By the way... it only happened 3 times up to now... and we had about 1 week
between those events.
MR - Rudolf Meier
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> Send IM: http://www.icq.com/people/webmsg.php?to=296095728
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
|
|
Read inline please.
In news:OSPTlsZkHHA.5048[ at ]TK2MSFTNGP04.phx.gbl,
Rudolf Meier <meiru[ at ]gmx.net> typed:
[Quoted Text] >> How is Forwarding configured on the server that quits?
>
> ... *hmm* I'd say normal. It has two IPs as forward servers but no
> own zones on it.
My meaning was what servers is it forwarding to.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Good Morning everyone,
I'm subscribing to the same issue and I can add more "strange": behaviors
for my 2 different DNS servers:
1.in the last couple of weeks I'm having a problem with a DNS server on a
Windows 2000 Server (DC, DHCP) behind a PIX 515 firewall
2.2-4 times a day all the users are complaininf they can't browse the
internet; I checked all the Windows logs but nothing.The DNS server is up
and running but doesn't answer to any external queries (just internal). Once
I restarted the DNS server everything is working again.
3. the same config I have in 2 different locations (same DC same FW a
different ISP for each).
There is any way to see/troubleshoot this issue?
Thanks in advance,
Gabriel Sirbu
"Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> wrote in message
news:efHghockHHA.2552[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Read inline please. > > In news:OSPTlsZkHHA.5048[ at ]TK2MSFTNGP04.phx.gbl, > Rudolf Meier <meiru[ at ]gmx.net> typed: > >>> How is Forwarding configured on the server that quits? >> >> ... *hmm* I'd say normal. It has two IPs as forward servers but no >> own zones on it. > > My meaning was what servers is it forwarding to. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728> =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > >
|
|
Hi
[Quoted Text] > I'm subscribing to the same issue and I can add more "strange": behaviors
> for my 2 different DNS servers:
>
> 1.in the last couple of weeks I'm having a problem with a DNS server on a
> Windows 2000 Server (DC, DHCP) behind a PIX 515 firewall
> 2.2-4 times a day all the users are complaininf they can't browse the
> internet; I checked all the Windows logs but nothing.The DNS server is up
> and running but doesn't answer to any external queries (just internal).
> Once I restarted the DNS server everything is working again.
> 3. the same config I have in 2 different locations (same DC same FW a
> different ISP for each).
>
> There is any way to see/troubleshoot this issue?
That's exactely what I have too... but to me it seems to be a problem that
"does not exist". :-(
MR - Rudolf Meier
|
|
Read inline please.
In news:OjFJhnvlHHA.4772[ at ]TK2MSFTNGP05.phx.gbl,
Gabriel Sirbu <gabonescu[ at ]hotmail.com> typed:
[Quoted Text] > Good Morning everyone,
>
>
> I'm subscribing to the same issue and I can add more "strange":
> behaviors for my 2 different DNS servers:
>
> 1.in the last couple of weeks I'm having a problem with a DNS server
> on a Windows 2000 Server (DC, DHCP) behind a PIX 515 firewall
> 2.2-4 times a day all the users are complaininf they can't browse the
> internet; I checked all the Windows logs but nothing.The DNS server
> is up and running but doesn't answer to any external queries (just
> internal). Once I restarted the DNS server everything is working
> again.
> 3. the same config I have in 2 different locations (same DC same FW a
> different ISP for each).
Try clearing the DNS server cache, instead of restarting DNS. You might even
look at the DNS server cache, (in advanced view) to see if the proper root
servers are in the cache. You should also check on the Advanced tab to see
if secure against cache polution is checked.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Hi ,
I already did waht you say (see Microsoft KB 316341,
http://support.microsoft.com/kb/316341/en-us)
Everythink worked OK but after 4 days, the DNS stops responding.
The only way I can make the the users to browse the internet is to put my
ISP's DNS as second DNS server in DHCP.
The SOA I have in the cache is a.root-servers.net ( should I see more than
one?).
The secure against cache polution is checked on my DNS.
Thanks for your input!
Gabriel
"Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> wrote in message
news:%23tF7Om%23lHHA.2272[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Read inline please. > > In news:OjFJhnvlHHA.4772[ at ]TK2MSFTNGP05.phx.gbl, > Gabriel Sirbu <gabonescu[ at ]hotmail.com> typed: >> Good Morning everyone, >> >> >> I'm subscribing to the same issue and I can add more "strange": >> behaviors for my 2 different DNS servers: >> >> 1.in the last couple of weeks I'm having a problem with a DNS server >> on a Windows 2000 Server (DC, DHCP) behind a PIX 515 firewall >> 2.2-4 times a day all the users are complaininf they can't browse the >> internet; I checked all the Windows logs but nothing.The DNS server >> is up and running but doesn't answer to any external queries (just >> internal). Once I restarted the DNS server everything is working >> again. >> 3. the same config I have in 2 different locations (same DC same FW a >> different ISP for each). > > Try clearing the DNS server cache, instead of restarting DNS. You might > even > look at the DNS server cache, (in advanced view) to see if the proper root > servers are in the cache. You should also check on the Advanced tab to see > if secure against cache polution is checked. > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > Send IM: http://www.icq.com/people/webmsg.php?to=296095728> =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > >
|
|
Read inline please.
In news:OvkAyYJnHHA.3460[ at ]TK2MSFTNGP04.phx.gbl,
Gabriel Sirbu <gabonescu[ at ]hotmail.com> typed:
[Quoted Text] > The only way I can make the the users to browse the internet is to
> put my ISP's DNS as second DNS server in DHCP.
Don't do this, you'll be causing many more issues than you resolve. You
would be asking your ISP's DNS to resolve internal records, which it cannot
do.
> The SOA I have in the cache is a.root-servers.net ( should I see more
> than one?).
Did you reload the root hints as noted in the article?
Are all root hints resolved to the proper IP addresses?
Is there a rule in the PIX firewall that allows the DNS server to connect to
every IP address on the internet on ports 53 TCP and UDP?
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
Hi Kevin,
I reloaded the root hints and I am able to resolve all name-to-IP address
for root DNS correctly.
The PIX is able to contact let traffic on this port with no problem.
The only thing which is implored is the fact that the DNS now is "crashing"
once a week.
Thanks,
Gabriel
"Kevin D. Goodknecht Sr. [MVP]" <admin[ at ]nospam.WFTX.US> wrote in message
news:ebbeVZbnHHA.596[ at ]TK2MSFTNGP06.phx.gbl...
[Quoted Text] > Read inline please. > > In news:OvkAyYJnHHA.3460[ at ]TK2MSFTNGP04.phx.gbl, > Gabriel Sirbu <gabonescu[ at ]hotmail.com> typed: > >> The only way I can make the the users to browse the internet is to >> put my ISP's DNS as second DNS server in DHCP. > Don't do this, you'll be causing many more issues than you resolve. You > would be asking your ISP's DNS to resolve internal records, which it > cannot > do. > >> The SOA I have in the cache is a.root-servers.net ( should I see more >> than one?). > Did you reload the root hints as noted in the article? > Are all root hints resolved to the proper IP addresses? > > Is there a rule in the PIX firewall that allows the DNS server to connect > to > every IP address on the internet on ports 53 TCP and UDP? > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This Helps > > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/> http://support.wftx.us/> http://message.wftx.us/> =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/> =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oehelp.com/OEBackup/Default.aspx> =================================== > >
|
|
Read inline please.
In news:ePmhs2hnHHA.4772[ at ]TK2MSFTNGP05.phx.gbl,
Gabriel Sirbu <gabonescu[ at ]hotmail.com> typed:
[Quoted Text] > Hi Kevin,
>
>
>
> I reloaded the root hints and I am able to resolve all name-to-IP
> address for root DNS correctly.
>
> The PIX is able to contact let traffic on this port with no problem.
>
> The only thing which is implored is the fact that the DNS now is
> "crashing" once a week.
If clearing the server cache gets them resolving again, the server isn't
crashing, it is likely being hijacked. Which is more likely caused by a
forwarder. I asked you what forwarders were configured, I got this
non-response, which doesn't answer the question.
>> How is Forwarding configured on the server that quits?
>
> ... *hmm* I'd say normal. It has two IPs as forward servers but no
> own zones on it.
Forwarders are totally optional, and can cause a single point of failure. If
the forwarder fails or is hijacked, it forwards the hijacked records on to
you.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
[Quoted Text] >> Everything worked fine for years and now I got this strange problem.
>> We have 2 DNS servers for our domain. Both are forwarding the
>> unresolved requests to our internet gateway server. This server also
>> runs a dns server but doesn't have zones defined and only forwards
>> everything to our ISP-DNSes. (By the way, all servers are 2003 R2
>> SP2).
>> Now the problem is, that this gateway-dns server stops resolving, but
>> doesn't crash. The server is still responding (mmc console)... but it
>> only resolves the names again after a restart of the service. I also
>> don't get any event logged... so, I don't know what to do now. Is
>> this a known problem because of an update or so?
>
> Never heard of any updates doing this.
>
> Why do I have this problem only with 1 of our total 5 dns servers?
> Now I'm confused, you have 2 DNS server or 5?
> How is Forwarding configured on the server that quits?
>
> Could this be an attack from outside?
> I have seen cases when a DNS server gets hyjacked by getting its cache
> corrupted with a Root Server record that has a wildcard entry in it, there
> by resolving all queries to one web site.
> If it happens again run these nslookup commands against it:
> nslookup -qtype=ns .
> nslookup -qtype=soa .
>
> Don't miss the "." in the lookup
I had this problem again and I did this... but all I got was a timeout when
trying to resolve those things. I think there must be a problem with the dns
itself...
MR
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> Send IM: http://www.icq.com/people/webmsg.php?to=296095728
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
|
|
Read inline please.
In news:OSe9wSopHHA.1244[ at ]TK2MSFTNGP04.phx.gbl,
Rudolf Meier <meiru[ at ]gmx.net> typed:
[Quoted Text] >>> Everything worked fine for years and now I got this strange problem.
>>> We have 2 DNS servers for our domain. Both are forwarding the
>>> unresolved requests to our internet gateway server. This server also
>>> runs a dns server but doesn't have zones defined and only forwards
>>> everything to our ISP-DNSes. (By the way, all servers are 2003 R2
>>> SP2).
>>> Now the problem is, that this gateway-dns server stops resolving,
>>> but doesn't crash. The server is still responding (mmc console)...
>>> but it only resolves the names again after a restart of the
>>> service. I also don't get any event logged... so, I don't know what
>>> to do now. Is
>>> this a known problem because of an update or so?
>>
>> Never heard of any updates doing this.
>>
>> Why do I have this problem only with 1 of our total 5 dns servers?
>> Now I'm confused, you have 2 DNS server or 5?
>> How is Forwarding configured on the server that quits?
>>
>> Could this be an attack from outside?
>> I have seen cases when a DNS server gets hyjacked by getting its
>> cache corrupted with a Root Server record that has a wildcard entry
>> in it, there by resolving all queries to one web site.
>> If it happens again run these nslookup commands against it:
>> nslookup -qtype=ns .
>> nslookup -qtype=soa .
>>
>> Don't miss the "." in the lookup
>
> I had this problem again and I did this... but all I got was a
> timeout when trying to resolve those things. I think there must be a
> problem with the dns itself...
It is a problem when it cannot resolve the Root Name servers, first make
sure you have not created a forwarding loop by forwarding two DNS servers to
each other. Try reloading the Root Hints from the a.root-servers.net, In the
Console on the Root Hints tab, remove all Name servers, click Apply, then
click on the "Copy from Server" button, Enter 198.41.0.4
(a.root-servers.net) and click OK, then OK again, try resolving the root
servers with nslookup again.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|