question

TrentBecker-3848 avatar image
0 Votes"
TrentBecker-3848 asked DSPatrick commented

DNS External Resolution

Hello,
I am trying to dig into a problem here and have hit a blocker.

I have 3 domain controllers handling DNS. One of them works and the other two are having problems. Let's say DC1 works and DC2 and DC3 have problems. The problem is tricky to track down. Whenever I set a machine to use DC2 and DC3 internal DNS doesn't seem to have a problem, but going to a website in Chrome or anything external will occasionally return an error of "unable to resolve name". I have tested with multiple machines to confirm this wasn't a single machine having a problem. I have checked the DNS debug logs, but unfortunately when I find the error it just gives the log below. I can't find what causes the servfail. After a few refreshes of the Chrome the page will load correctly. This issue doesn't happen with any one site or every site. I can't find the pattern of when they fail.

My forwarder is set to use 8.8.8.8 and 8.8.4.4. I have checked the DNS setting between the working server and not working servers and couldn't notice a difference.

At this point I am stuck on what else to check or look into. I can't seem to find any other way to troubleshoot the issue. If anyone has any insight on where else to look or a misconfiguration that could cause only DNS lookup failures occasionally I would appreciate it.

3/30/2022 12:10:33 PM 16A0 PACKET 00000294802C0170 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:33 PM 16A0 PACKET 000002948E35AAF0 UDP Snd 8.8.8.8 a826 Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:33 PM 16A0 PACKET 00000294FC9649A0 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:34 PM 0760 PACKET 000002948C3B0D00 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:36 PM 0DE8 PACKET 0000029489AC4F40 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:36 PM 12BC PACKET 000002948E35AAF0 UDP Snd 8.8.8.8 a826 Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:40 PM 147C PACKET 00000294FC4A1140 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:41 PM 12BC PACKET 000002948E35AAF0 UDP Snd 2001:502:1ca1::30 6148 Q [0000 NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:45 PM 12BC PACKET 00000294802C0170 UDP Snd 10.105.16.47 6a7f R Q [8281 DR SERVFAIL] A (7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0760 PACKET 00000294FBF68950 UDP Rcv 10.105.16.47 1994 Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0760 PACKET 0000029489EA5E10 UDP Snd 8.8.4.4 ff8e Q [0001 D NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0760 PACKET 00000294F97334F0 UDP Rcv 8.8.4.4 ff8e R Q [8081 DR NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0760 PACKET 00000294FBF68950 UDP Snd 10.105.16.47 1994 R Q [8081 DR NOERROR] A (7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0DE8 PACKET 000002948A305070 UDP Rcv 10.105.16.47 958c Q [0001 D NOERROR] A (2)cf(7)quizizz(3)com(0)

3/30/2022 12:10:51 PM 0DE8 PACKET 0000029487C5D830 UDP Snd 8.8.4.4 13f3 Q [0001 D NOERROR] A (2)cf(7)quizizz(3)com(0)

windows-dhcp-dns
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

DSPatrick avatar image
1 Vote"
DSPatrick answered DSPatrick commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.



· 4
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image DSPatrick ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



1 Vote 1 ·
TrentBecker-3848 avatar image TrentBecker-3848 DSPatrick ·

I'm still gathering the information. I ran the DCDiag and noticed some RPC unavailable failures so I imagine those need fixed before more troubleshooting can be done.

0 Votes 0 ·
DSPatrick avatar image DSPatrick TrentBecker-3848 ·

Ok, sounds good.





0 Votes 0 ·
Show more comments
09670712 avatar image
1 Vote"
09670712 answered TrentBecker-3848 commented

A bit of a shot in the dark but it's easy to miss root hint configuration on the individual DC's. If one or two root hints are configured for invalid IP addresses on DC2 and DC3 then this behavior could certainly happen.
However the fact that the same IP address in the logs above show successes then failure on an internal address (10.105.16.47) would point more to a networking or load based issue.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TrentBecker-3848 avatar image TrentBecker-3848 ·

Good thought! I checked the Root hints, but they match the working server. Also, my forwarders are set to 8.8.8.8 and 8.8.4.4 so if my understanding is correct the root hunts shouldn't be used to often.

Thanks for the response!

0 Votes 0 ·
cheong00 avatar image
1 Vote"
cheong00 answered TrentBecker-3848 commented

Try take a look in the answer here and see if it's related to your issue.

https://superuser.com/questions/1178343/cannot-resolve-websites-intermittently-mostly-gov

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TrentBecker-3848 avatar image TrentBecker-3848 ·

Thanks for the response! I didn't even know this could be a problem. I ran the check mentioned in the article to see if the size was above the minimum required and it was. Good thought though!

0 Votes 0 ·
TrentBecker-3848 avatar image
1 Vote"
TrentBecker-3848 answered DSPatrick commented

Just wanted to add to this in case someone ever finds it.

I found there was a lot wrong with the DC's. Replication was occasionally working and found not all the ports were open. Also the subnet mask was incorrectly setup on the NICs. I restarted both of the broken DC's after this and one started working. I think the one that came up was just in a bad state. Either way that left me with 1 broken DC and I decided to ditch it and just build a new one to replace it. New DC is working great and exists in the same subnet and tools as the broken one so it is something wrong with the machine.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image DSPatrick ·

Glad to hear of success.

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·
DSPatrick avatar image DSPatrick DSPatrick ·

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



0 Votes 0 ·