Win 2k3 DNS Problems
Discussion
Has anyone seen this before? I've searched the web for the last day and found nothing...
Basically the DNS Service is running but cannot resolve anything. I've deleted the DNS Zones and recreated etc and they work for about 10 hours then stop working again.
This all started on Tuesday morning.
Help!
Event ID: 113
The DNS server could not signal the service "NAT". The error was 1168. There may be interoperability problems between the DNS service and this service.
Basically the DNS Service is running but cannot resolve anything. I've deleted the DNS Zones and recreated etc and they work for about 10 hours then stop working again.
This all started on Tuesday morning.
Help!
Event ID: 113
The DNS server could not signal the service "NAT". The error was 1168. There may be interoperability problems between the DNS service and this service.
launch NSlookup from a command prompt.
ls -d your.domain
Should show all the records.
set type=a
yourhosttocheck
just to double check stuff. sometimes there is a silly prob here. Are there any other events in the other logs preceding the problem? I would check back to tuesday in the event log, it might unearth something.
Have you loaded the support tools and run netdiag /fix
Just thinking aloud at the mo, nothing immediately springs to mind
ls -d your.domain
Should show all the records.
set type=a
yourhosttocheck
just to double check stuff. sometimes there is a silly prob here. Are there any other events in the other logs preceding the problem? I would check back to tuesday in the event log, it might unearth something.
Have you loaded the support tools and run netdiag /fix
Just thinking aloud at the mo, nothing immediately springs to mind
BliarOut said:
launch NSlookup from a command prompt.
ls -d your.domain
*** Can't find server name for address 192.168.64.10: Non-existent domain
Default Server: UnKnown
Address: 192.168.64.10
> ls -d ourdomain.local
[UnKnown]
*** Can't list domain ourdomain.local: Query refused
The DNS server refused to transfer the zone ourdomain.local to your com
puter. If this
is incorrect, check the zone transfer security settings for ourdomain.local on the DNS
server at IP address 192.168.64.10.
>
BliarOut said:
Running that from your WS by the sounds of it. (Or DNS is dead at the mo!)try it from the server.
All it will probably reveal is DNS is broken. Do your event logs reach back to Tuesday? They would be the best pointers at the mo.
Only thing on tuesday is...
The DNS server has completed a scavenging cycle but no nodes were visited. Possible causes of this condition include:
1) No zones are configured for scavenging by this server.
2) A scavenging cycle was performed within the last 60 minutes.
3) An error occurred during scavenging.
The next scavenging cycle is scheduled to run in 0 hours.
The event data will contain the error code if there was an error during the scavenging cycle.
guydw said:
Looks like your DNS server is dead ...
the reference to NAT could be a clue I suppose, unless that's a red herring.
how is your network set up ? (routers etc)
It could be that something has changed..
Everytime I recreate the zone's they all function fine for about 10 hours then I start getting phone calls...
The network is a simple single site network with a firewall and router for the broadband.
The only changes before Xmas were that we enforced the firewalls on the client PC's with some exclusions to allow us to use VNC. Previous to that there was lots of spyware on the network.
Can't think of anything else...
Mostly red herrings by the look of it 
www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=DNS&EvtID=113&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2
Your event is informational, not critical.
In what way is DNS dying?
I would look towards installing the support tools from the CD and running netdiag /fix at this stage. It will throw up warnings and errors, but may reveal something.
www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=DNS&EvtID=113&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2
Your event is informational, not critical.
In what way is DNS dying?
I would look towards installing the support tools from the CD and running netdiag /fix at this stage. It will throw up warnings and errors, but may reveal something.
Ahh!!! that's a bit different.
Your 2k3 DNS may well be fine. It depends on how it's setup. Can they still browse the network locally? Is the SBS server their default DNS and are they set to use a web proxy?
When it goes bang, try some pings by name (try it when it works first so you have a baseline) try ping localservername first to check local DNS and then ping www.novell.com (she usually responds) to see if forwarding is working.
Repeat from the server.
Find a known good website's IP address. When the problem occurs, try to access it by IP address instead to see if the problem is DNS or something else.
I think the problem is something other than DNS. Might be worth double checking the LAT table on the SBS box.
Your 2k3 DNS may well be fine. It depends on how it's setup. Can they still browse the network locally? Is the SBS server their default DNS and are they set to use a web proxy?
When it goes bang, try some pings by name (try it when it works first so you have a baseline) try ping localservername first to check local DNS and then ping www.novell.com (she usually responds) to see if forwarding is working.
Repeat from the server.
Find a known good website's IP address. When the problem occurs, try to access it by IP address instead to see if the problem is DNS or something else.
I think the problem is something other than DNS. Might be worth double checking the LAT table on the SBS box.
BliarOut said:
Ahh!!! that's a bit different.
Your 2k3 DNS may well be fine. It depends on how it's setup. Can they still browse the network locally? Is the SBS server their default DNS and are they set to use a web proxy?
When it goes bang, try some pings by name (try it when it works first so you have a baseline) try ping localservername first to check local DNS and then ping www.novell.com (she usually responds) to see if forwarding is working.
Repeat from the server.
Find a known good website's IP address. When the problem occurs, try to access it by IP address instead to see if the problem is DNS or something else.
I think the problem is something other than DNS. Might be worth double checking the LAT table on the SBS box.
Local pings eg to the server etc are working but trying to ping external sites is a bit hit and miss.
If I ping www.pentangle.co.uk I get a response.
If I ping www.google.com first time I got "Could not find host" but now its finding it??? it seems to be very hit and miss...
Sorry to be ignorant but what is a LAT table?
LAT = Local address table. Part of poxy server 
Sounds more like a generic connectivity issue than DNS specifically. Google is busy, so not always going to respond.
What is your upstream connectivity? If it's low bandwidth and you've got scumware about it could be a problem.
Is the server affected the same as the workstations?
Sounds more like a generic connectivity issue than DNS specifically. Google is busy, so not always going to respond.
What is your upstream connectivity? If it's low bandwidth and you've got scumware about it could be a problem.
Is the server affected the same as the workstations?
BliarOut said:
LAT = Local address table. Part of poxy server
Sounds more like a generic connectivity issue than DNS specifically. Google is busy, so not always going to respond.
What is your upstream connectivity? If it's low bandwidth and you've got scumware about it could be a problem.
Is the server affected the same as the workstations?
We don't use a Proxy here.
The server experiences much the same problems as the rest of the PC's. Currently it will ping microsoft.com but I cannot open it in my web browser
Connectivity is a 1mb broadband link (probably less as its through BT but thats apparently none of my business!)
Are you sure you don't use a proxy? It's the default if you let SBS create client machines.
If you can ping MS by name but not browse, DNS is not the problem for sure.
Just double check the proxy thing first to be certain as MS does have a habit of setting things up for you without letting you know.
If you can ping MS by name but not browse, DNS is not the problem for sure.
Just double check the proxy thing first to be certain as MS does have a habit of setting things up for you without letting you know.
Are you using nslookup from a workstation or from the server itself? It's just possible that the client firewall changes you made are blocking the DNS packets (although that wouldn't explain why it works for a few hours).
How about if you connect a different machine outside the firewall and directly to the internet connection. This should be set up to use your ISP's DNS servers. Are you still having ping problems?
Ian A.
How about if you connect a different machine outside the firewall and directly to the internet connection. This should be set up to use your ISP's DNS servers. Are you still having ping problems?
Ian A.
I suppose there could be a problem with port 80 (for example...), is it a hardware firewall ? or maybe software on a PC ?
You could have a resource issue on your firewall, so there could be a cache that fills up, then stops forwarding packets, then if you reset it it starts again ....
I suggest you troubleshoot from the beginning.
Try to browse the internet, if that fails try to ping the domain name and use NSlookup etc, if that fails ping the IP address, and also do a traceroute (tracert). Do all of this whilst it is working so that you can get a baseline, then repeat when it stops. This way you can isolate the issue i.e. if you ping the IP address, but not the FQDN it is a DNS issue.
You may find that your traceroute gets all the way to BT, in which case you need to speak to them.
I suspect that it is not a firewall rules issue, as if it was it would probably never work ...
I guess you are NATing on your ADSL router, or your firewall - you could have an issue with NAT sessions not clearing down so after a while they overwhelm the router ....... maybe there is a timeout session on NAT sessions that can be reduced ?
BT------ADSL ROUTER---FW----LAN
public ip | private IP
|
NAT
Is this your topology ?
You could have a resource issue on your firewall, so there could be a cache that fills up, then stops forwarding packets, then if you reset it it starts again ....
I suggest you troubleshoot from the beginning.
Try to browse the internet, if that fails try to ping the domain name and use NSlookup etc, if that fails ping the IP address, and also do a traceroute (tracert). Do all of this whilst it is working so that you can get a baseline, then repeat when it stops. This way you can isolate the issue i.e. if you ping the IP address, but not the FQDN it is a DNS issue.
You may find that your traceroute gets all the way to BT, in which case you need to speak to them.
I suspect that it is not a firewall rules issue, as if it was it would probably never work ...
I guess you are NATing on your ADSL router, or your firewall - you could have an issue with NAT sessions not clearing down so after a while they overwhelm the router ....... maybe there is a timeout session on NAT sessions that can be reduced ?
BT------ADSL ROUTER---FW----LAN
public ip | private IP
|
NAT
Is this your topology ?
guydw said:
BT------ADSL ROUTER---FW----LAN
public ip | private IP
|
NAT
Is this your topology ?
Thats exactly what I'm running.
I've just been scannig the network and have found (guess who's) a laptop with tonnes of spyware on it and the firewall disabled.
Once I've got rid of these gremlins then I can get on with searching for other issues.
Perhaps the firewall has been flooded by port 80 requests or similar?
Thanks, I'll get back to you all.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff