I hate to have to do this, but i feel up that creek with no… well, some of you might know.
At the moment my one and only DNS server refuses to do Forwarding. The story is as goes:
This site had 2 servers, one W2003SBS and an W2003StdR2. The SBS degraded over a short periode of time, and to not go down with it i decided to move all data over to the other server. This was of course an AD integrated site. Move went ok, the Std server removed from the domain, and the SBS put to rest.
For the time being we decided to run the Std as a server only, and no AD.
We renamed the internal domain to xxx.local, and set the server up with DNS, DHCP and installed WINS (not activated). Forwarding of DNS is to our ISP through a Netgear Firewall.
The same address setup used as before.
So – DNS server started and all went ok, clients reconfigured and hooked up and then – after a day’s time – internet name resolution stopped working on the server! Nothing had changed, been altered, modified, nothing!
What i now get when doing NSLOOKUP is just a 2 sec timeout response!
And i have checked and looked, but to no avail. Anybody seen this behaviour before?
And yes – ALL servicepacks have been updated on the server.I would be much obliged if anyone in here could lend an ear… and give advice!
Thanks…. from Tor in NorwayToday is the 14th, and i still have no resolution to this nagging problem.
Anybody else got any advice in the matter? Please?
Answer
From the server itself, use nslookup to issue queries to the “forwarded” DNS server with the command: nslookup <some Internet name> <IP address of forwarded server> (like nslookup serverfault.com 8.8.8.8, etc). That won’t tell you if the request is getting out to the 3rd party DNS server or not, if it fails (since you won’t be able to tell if the outgoing request isn’t making there or the response isn’t getting back), but it will tell you, if you do get a response, that the 3rd party DNS server is okay.
I’d be suspicious that the 3rd party DNS server isn’t answering right. I’d remove the forwarder configuration, allowing the DNS server to fall back to its default configuration, which uses “root hints” to resolve Internet DNS names against the root DNS servers.
Of course, if your firewall device has somehow gone crazy and is dropping outgoing DNS requests or inbound responses, using “root hints” won’t work, either. If you have the resources, I’d consider sniffing the traffic on the outside of your firewall (with Wireshark or some such) to be sure that the DNS requests are actually getting passed out to the ‘net.
Attribution
Source : Link , Question Author : Community , Answer Author : Evan Anderson
