Re: AD DNS stopping problem
- From: Stoil Pankov <StoilPankov@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Aug 2005 01:35:04 -0700
Thanks for the replay
I checked the DNS Server configuration and both were configured to forward
to each other and to the BIND, so was the LAN cards TCP/IP settings for both
DC-s were configured to use both DNS servers. After reconfiguring the DS-s
now every thing is working perfectly.
Many, many thanks for the help!!!!
Stoil Pankov
"Steve Duff [MVP]" написа:
> How do you have forwarding configured on the DNS servers, and what DNS server(s)
> do you have listed in the TCP/IP properties of those DCs?
>
> For what you're doing, the two DCs shouldn't be trying to send each other any DNS queries
> at all - corrupt or otherwise. At least not if things are configured properly. So my
> hunch is that somebody here is forwarding or looping through or to sombody else
> that they shouldn't be.
>
> Since you have manually entered 'shadow' records for the DMZ hosts in your Win2K DNSen,
> the BIND server shouldn't enter into this at all as regards the Windows DCs. So that IP
> should apppear nowhere in the DNS configuration on the Windows side.
>
> So unless there is more to your network than described here: in your Windows DNS
> you can disable forwarding altogether (using root hints only for public name resolution), and
> just list each DCs own respective IP as its DNS server in TCP/IP properties. This is the simplest
> configuration and should do the job you've described without problems. After you configure this, run
> a netdiag on each DC to verify that it is working to resolve AD properly.
>
> You also might want to check out this hotfix: http://support.microsoft.com/?id=838969 to see
> if it applies.
>
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.
>
> "Stoil Pankov" <Stoil Pankov@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:906D95AC-217C-4580-B62B-500B98ED7513@xxxxxxxxxxxxxxxx
> > Hello
> > I have a question to ask, if someone can help. Here is the situation: we
> > have a Domain with 2 DC running Windows 2000 Advanced Server with SP4 for the
> > internal network, there is a DMZ (demilitarized zone) for the external
> > (internet available servers - WEB, Mail, DNS, Proxy, Firewall etc.) the in
> > the DMZ the DNS is a Linux machine running BIND - it handles the records for
> > the web sites that we are hoisting. For faster access to the web sites form
> > the internal network the DNS services on each DC has a record for the address
> > of the servers in the DMZ with there IP addresses for the local network (not
> > the Internet ones). Until 2 weeks everything was fine but one day the to DC
> > based DNS servers started to act strange - both claim that one is sending the
> > other packets with invalid domain name - to be exact error 5504 "The DNS
> > server encountered an invalid domain name in a packet from X.X.X.X. The
> > Packet was rejected" when that happens one of them starts to build up memory
> > and the used memory jumps with 1.5GB the CPU utilization levels at 100% for
> > all processors and after something like 10 minutes the DNS service stops. If
> > a stop manually the DNS service on one of the DC-s there is no problem but if
> > both are running after 10 minutes both start to log errors and after few
> > hours one of them stops. If any one can help I will be very happy, because we
> > have no idea what might happen to start causing the problem.
> >
> > Stoil Pankov
> >
>
>
>
.
- References:
- AD DNS stopping problem
- From: Stoil Pankov
- Re: AD DNS stopping problem
- From: Steve Duff [MVP]
- AD DNS stopping problem
- Prev by Date: Re: NSLOOKUP
- Next by Date: Replication failure
- Previous by thread: Re: AD DNS stopping problem
- Next by thread: Re: DNS problem still
- Index(es):
Relevant Pages
|
