DNS Drives me nuts

Hewlett-packard Ms windows server 2003 r...
May 7, 2010 at 08:58:54
Specs: Windows 2003 Server 32 bit, Quad Core / 4Gig
Every once in a while like 6 months and on random computers the local DNS cache gets messed up. It can no longer resolve the Domain Name with a server IP and users run to authentication issues because of it. The fix is simple I just Flush and Re-Register the DNS but I was wondering if others have run into this and was your solution?

What causes DNS entries to just be removed from the local cache is there some kind of TTL on DNS entries?


See More: DNS Drives me nuts

Report •


#1
May 7, 2010 at 09:54:37
how about an ipconfig /all from a workstation for review.
No hosts file?
Multiple subnets?
These pcs access the internet?
A reboot does not solve the issue?

Report •

#2
May 7, 2010 at 09:54:41
It can no longer resolve the Domain Name with a server IP

Why can't it?

The DNS address within your LAN (domain) that clients are assigned should be the IP address of the DC (domain controller) so your clients can authenticate to the DC upon login.

Clients should not rely on cached DNS address for resolution.

Are the clients using static IP's or DHCP? Are they getting the proper DNS address in either case?


Report •

#3
May 7, 2010 at 11:02:32
Simply disable the DNS service at the client machines.
In that case, the clients must use the configured DNS server and can not use local cached DNS entries.

The original poster should always write the last response !!!
Let us know, if the problem is solved !!!


Report •

Related Solutions

#4
May 7, 2010 at 11:23:51
No hosts file?
- Not on the Desktop Computers only on VPN computers.

Multiple subnets?
- No just one and it is a /24

These pcs access the internet?
- Yes w/ no proxy

A reboot does not solve the issue?
- No

Clients should not rely on cached DNS address for resolution.
- How do I do this?

Are the clients using static IP's or DHCP?
- DHCP and I thought about going static but it is a pain.

Are they getting the proper DNS address in either case?
- In the local Cache, No
- In the Forwarder, Yes

Like I said the problem is solved if I flush the local cache and reregister to download the DNS info from the forwarder I am wondering why the local cache gets messed up once in a great while. Its not a big problem but just something I would like to figure out.

Example IPCONFIG/ALL

Windows IP Configuration

   Host Name . . . . . . . . . . . . : XXXXXX-02284
   Primary Dns Suffix  . . . . . . . : XXXXXXX.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : XXXXXX.local

Ethernet adapter Local Area Connection 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : SME
   Description . . . . . . . . . . . : Intel(R) PRO/100+ Alert on LAN* Management Adapter
   Physical Address. . . . . . . . . : 00-XX-XX-XX-XX-XX
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-XX-XX-XX-XX-XX
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : XXXXXXXXXXX(Preferred) 
   IPv4 Address. . . . . . . . . . . : 10.xxx.xxx.50(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.xxx.xxx.2
   DHCPv6 IAID . . . . . . . . . . . : 218113153
   DHCPv6 Client DUID. . . . . . . . : XXXXXXXXXXX
   DNS Servers . . . . . . . . . . . : 10.XXX.XXX.9
                                       10.XXX.XXX.10
   NetBIOS over Tcpip. . . . . . . . : Disabled

but this is my computer which is using a static IP.


Report •

#5
May 7, 2010 at 11:30:37
You missed the bottom half of the info for the dhcp workstation like its ip address and dns entries.

I take it from your static ip station you have two dns servers at .9 and .10 correct?

Do understand you will do many more dns requests if the local cache is disabled.

I am curious as to what you mean by forwarder
In the local Cache, No
- In the Forwarder, Yes


Report •

#6
May 7, 2010 at 11:37:20
Yes I do have two DNS servers.

Yes, I would prefer to cache DNS.

Here is the rest of my IPCONFIG if it really will help.

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 28:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 31:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 33:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.SME
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{4D74A82A-F6FA-429C-ABB0-6E77050BF248}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


Report •

#7
May 7, 2010 at 11:43:01
Sorry. I thought you were using dhcp so I was asking for an ipconfig from a station using dhcp.

Has your statically assigned workstation had this dns issue?

Any reason you are running ipv6 on your lan?
You mention vpn pcs having hosts files. Any of these have the dns issue?


Report •

#8
May 7, 2010 at 11:46:03
Unfortunately the one that had the problem is an Inspector's Laptop and he has already taken it out to the field. I could go get a laptop out of our inventory and get the IP info off of it.

P.S. Yes I know my IP Stack is a mess that is kinda why I did not want to post the whole thing. Like showing your dirty laundry.

P.S.S. I will get it after lunch.


Report •

#9
May 7, 2010 at 12:15:21
If my memory serves me, the cache is updated when you first login and authenticate to your DC.

Typically, the IP in the DNS cache will then be used unless the client is unable to contact that IP later on. Then it will try your primary and then the secondary IP's for resolution.

What I'm wondering is why when the cache fails it's not contacting the DNS server and refreshing the info in the cache (this is me thinking aloud btw, I'm not asking you.....lol). That's very odd behaviour.

Once you can post the output of the ipconfig /all from an affected client we'll have a better idea what's going on and be able to start troubleshooting from there. Since Murphy's Law states this won't happen when you want it to, you may have to wait until it happens again and then do an ipconfig /all from the affected machine while it's encountering the problem. At the very least, this will confirm whether or not the DNS IP's are there, and correct, when the problem arises, ruling out one possible issue.


Report •

#10
May 7, 2010 at 12:44:55
Here it is...

Windows IP Configuration



        Host Name . . . . . . . . . . . . : XXXXX-02197

        Primary Dns Suffix  . . . . . . . : XXXXX.local

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : XXXX.local

                                            159.XXX.179.140



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : 159.XXX.179.140

        Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

        Physical Address. . . . . . . . . : 00-1C-C4-CE-EF-76

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.100.XXX.57

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        IP Address. . . . . . . . . . . . : fe80::21c:c4ff:fece:ef76%4

        Default Gateway . . . . . . . . . : 10.100.XXX.1

                                            10.100.XXX.2

        DHCP Server . . . . . . . . . . . : 10.100.XXX.9

        DNS Servers . . . . . . . . . . . : 10.100.XXX.9
                                            10.100.XXX.10

                                            159.XXX.179.140

                                            159.XXX.93.1

                                            fec0:0:0:ffff::1%1

                                            fec0:0:0:ffff::2%1

                                            fec0:0:0:ffff::3%1

        Primary WINS Server . . . . . . . : 10.100.XXX.9

        Lease Obtained. . . . . . . . . . : Friday, May 07, 2010 8:44:53 AM

        Lease Expires . . . . . . . . . . : Saturday, May 15, 2010 8:44:53 AM

I just noticed the "Connection-specific DNS Suffix . : 159.XXX.179.140" This is probably my problem.


Report •

#11
May 7, 2010 at 14:13:55
Yep it looks like a bigger dns problem than just the local resolver

Report •

#12
May 7, 2010 at 15:05:48
The thing that drives me crazy is it happens once in a great while and when my boss asks me all I can do is shrug. I probably need to just monitor packets and see what is causing it.

Report •

#13
May 7, 2010 at 15:32:42
You have too many dns servers listed in the pcs dns listing

I suspect those 159.x.x.x dns entries are causing havoc. Certainly not right you are getting a ip for suffix. You have a misconfiguration of the dns servers for sure.

Fact your boss is asking tells me this is more than an occasional annoyance.

What are the 159.x.x.x?

If you don't need ipv6 then uncheck/don't use it. It may be muddinging the waters.


Report •

#14
May 9, 2010 at 05:48:34
I lost track of this for a few days, sorry about that.

I'm wondering about the 159 addresses too. I immediately noticed the following is different from what you posted earlier:

DNS Suffix Search List. . . . . . : XXXX.local

159.XXX.179.140

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 159.XXX.179.140

Remove those entries from the client(s) and the problem should go away. With regard to IPv6, I don't enable that on anything, and won't, until we start using it. I'm a firm believer in the "KISS" principle and enabling IPv6 in a strictly IPv4 environment seems to me to be adding unneeded complexity.


Report •

#15
May 10, 2010 at 09:16:38
"159.XXX.179.140" is the States DNS forwarder. It is out side of the LAN as the public address would indicate.

Report •

#16
May 10, 2010 at 10:09:22
You list two gateways. This is incorrect. You will use only one and to my knowledge [and past experiments] if the first one fails the second one is never checked.

You should not have the 159.x.x.x listed on the workstation or server dns list and it should not be a suffix.

I believe this is like telling the workstation to look beyond the local dns server for local name resolution. This would explain why you are getting blank caches. If the local dns server failed to response for whatever reason the States dns server can not resolve local names.

"States DNS forwarder" Not sure what you mean by this. A forwarder is a dns server to forward an unresolved request to. Though the State may forward to other dns servers, or you may forward to it from your local dns server, it in itself is not a forwarder.


Report •

#17
May 10, 2010 at 12:28:09
The workstation is set to automatic DNS. It is setting it its self. I have tried Static DNS on some of the computers but because this problem comes up so little it is hard to tell if it solve it.

So it appears that you are saying that because the workstations can see the Public DNSs then they will some times over write the local cache with one of those DNSs and thus whipe the LAN DNS FQDNs. You are probably right. I will try switching the computers to Static DNS.


Report •

#18
May 10, 2010 at 13:15:35
On the dhcp provided clients, dhcp needs to be changed to not list those ips and in tcp/ip properties/dns I believe you have append primary and connection specific dns suffixs checked. This should not be checked imo.

I would also suggest you look at your forward lookup zone to make sure there are no host/ptr records for those 159 ips.

Best of luck!


Report •


Ask Question