nslookup "Server failed" error
hi,
we have problem our windows server 2008 r2 dns servers resolving domains. when perform nslookup on these domains returning "server failed" error message. after searching identified following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;968372
to me, seemed issue implemented work around described. experiencing no problems few weeks before issue recurred. verified registry values still in place, , have been clearing cache on dns servers has been working. we've had reports of domain cannot resolved. have cleared dns cache , restarted dns servers , domain still returning "server failed" error in nslookup.
besides implementing forwarders, there else can do? perhaps raise maxcachettl value 2 days else?
daniel.
the bizzare thing these results, if run commands again say..2 mins later on our dc's, result 490 instead of 3843. run again 5 mins later, it's 3843. third server 4.2.2.2 returns consistent result.
thank you.
it appears firewall supports edns0.
there's quite bit of info below. post if have questions.
.
look below @ query , bolded numbers. numbers ttl (time live) of records. notice how cname has 600 second ttl (10 min) while records points 20 seconds?
.
============================================
; <<>> dig 9.8.0 <<>> @4.2.2.2 www.careerone.com.au
; (1 server found)
;; global options: +cmd
;; got answer:
;; ->>header<<- opcode: query, status: noerror, id: 14035
;; flags: qr rd ra; query: 1, answer: 4, authority: 0, additional: 0
;; question section:
;www.careerone.com.au. in a
;; answer section:
www.careerone.com.au. 600 in cname www.careerone.com.au.edgesuite.net.
www.careerone.com.au.edgesuite.net. 21600 in cname a903.g.akamai.net.
a903.g.akamai.net. 20 in a 72.247.242.9
a903.g.akamai.net. 20 in a 72.247.242.35
;; query time: 114 msec
;; server: 4.2.2.2#53(4.2.2.2)
;; when: tue jul 31 01:42:55 2012
;; msg size rcvd: 146
============================================
.
recommendations:
based on info above, i'm starting think it's cache issue 2008 r2. known issue when cname ttl longer record's ttl, 2008 r2 unable cache record properly.
here's hotfix should address cname vs record ttl issue. if install it, please post results.
.
dns server service not use root hints resolve external names in windows server 2008 r2 - hotfix available.
article id: 2616776 - last review: october 12, 2011, applies •windows 2008 r2 datacenter •windows 2008 r2 ent •windows 2008 r2 std
"consider following scenario:
•you install domain name system (dns) server role on computer running windows server 2008 r2.
•you configure dns server use root hints resolve external names.
in scenario, dns server not use root hints resolve external names , causes name resolution issues.
issue occurs because dns server service in windows server 2008 r2 not allow cname records , ns records coexist. when dns server service receives response has 2 kinds of records, ignores cname record.
in lieu of installing hotfix: "to work around issue, configure dns server use forwarders instead of root hints resolve external names."
http://support.microsoft.com/kb/2616776
.
if management against hotfixes:
your other option use forwarders. see, 4.2.2.2 reliable. whatever forwarder use, make sure supports edns0 , recursion.
- for edns0 test, use test above did 4.2.2.2.
- for recursion test, run:
c:\>nslookup
> server 4.2.2.2
> set d2
look run below @ example website. bolded for. in "got answer" section, looking :
header flags: response, want recursion, recursion avail.
if don't see that, forwarder chose won't work outside queries.
.
============================================
> server 4.2.2.2
default server: b.resolvers.level3.net
address: 4.2.2.2
> set d2
> www.careerone.com.au
server: b.resolvers.level3.net
address: 4.2.2.2
------------
sendrequest(), len 38
header:
opcode = query, id = 3, rcode = noerror
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
questions:
www.careerone.com.au, type = a, class = in
------------
------------
got answer (146 bytes):
header:
opcode = query, id = 3, rcode = noerror
header flags: response, want recursion, recursion avail.
questions = 1, answers = 4, authority records = 0, additional = 0
============================================
ace fekay
mvp, mct, mcitp ea, mcts windows 2008/r2, exchange 2007 & exchange 2010, exchange 2010 ea, mcse & mcsa 2003/2000, mcsa messaging 2003
microsoft certified trainer
microsoft mvp - directory services
complete list of technical blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
this post provided as-is no warranties or guarantees , confers no rights.
Windows Server > Network Infrastructure Servers
Comments
Post a Comment