Re: DNS Forward lookup problem - now having problems with a period

Tech-Archive recommends: Fix windows errors by optimizing your registry

In news:AFB5A84F-69F1-4CE7-8691-90E1D431DD73@xxxxxxxxxxxxx,
pbrill1 <pbrill1@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I then
commented about below:
> Thank you for the links - there seems to be good information to build
> my knowledge AD diagnostics and FRS. To address your response (a
> question remains at the end of this, too!):
>
> 1. Can you describe your topology?
> W2K3 Single Forest/Single Domain
>
>> 2. How many domains do you have?
> 1
>
>> 3. How did you set the replication scopes in the zone's properties
>> in DNS on each DNS server?
> They had been "only to servers listed on the name servers tab",
> with the 2 DC's listed in the name server's tab
>
> I modified it to "only to the following servers" and placed only
> 10.0.2.3 in the 10.0.0.9 DNS's tab, and 10.0.2.3 in the 10.0.0.9
> server's tab
>
>
>> 4. What sort of WAN or ISP link do you have (T1, ADSL, SDSL, Cable,
>> etc)?
> The 10.0.0.9 server is on a T1 link - it connects via a VPN
> tunnel
> to the remote 10.0.2.3 server, which runs on cable (we are working on
> bringing the remote DC to T1, but not until mid-September)
>
> Question : * Could our non-T1 connection at the remote server be so
> 'slow' as to cause 13508 errors?? What should change, if this were
> so?
>
>> 5. The router/VPN devices you are using?
> - CISCO PIX devices
>
>> 6. The MTU settings in the router (or if they've been altered).
> - the settings on the routers have not been altered since the
> replication was working successfully
>
>> 7. Please provide an unedited ipconfig /all from 10.0.0.9
>> and10.0.2.3 Windows IP Configuration
>
> Local Server
> Host Name . . . . . . . . . . . . : primarydc
> Primary Dns Suffix . . . . . . . : internalnetwork.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : internalnetwork.net
>
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC3163 Fast Ethernet NIC
> Physical Address. . . . . . . . . : 01-05-02-41-0D-A3
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.0.0.9
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.0.0.2
> DNS Servers . . . . . . . . . . . : 10.0.0.9
> 10.0.2.3
> Primary WINS Server . . . . . . . : 10.0.0.9
> Secondary WINS Server . . . . . . : 10.0.2.3
>
>
> Remote Server
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : secondarydc
> Primary Dns Suffix . . . . . . . : internalnetwork.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : internalnetwork.net
> Ethernet adapter Local Area Connection:
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
> Physical Address. . . . . . . . . : 01-2F-25-CF-43-3E
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.0.2.3
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.0.2.2
> DNS Servers . . . . . . . . . . . : 10.0.2.3
> 10.0.0.9
> Primary WINS Server . . . . . . . : 10.0.2.3
> Secondary WINS Server . . . . . . : 10.0.0.9
>
>
> Additional note: Since my previous message, I replicated DNS info to
> the remote DC by unchecking "store zone in AD", making the local the
> primary, and the remote the secondary DNS server. It worked -
> although for security reasons, I'd like to return the DNS Servers to
> AD-integrated, secure only!
>
> I also checked dcdiag, netdiag, repadmin, and frsdiag utilities, and
> was able to clean up a few instances of our "dctemp" dc that was
> removed from our network.
>
> REMAINING PROBLEM: I am STILL getting 13508 messages, with only
> occasional 13509 messages.
>
> Any suggestions to improve the quality of our site link/dns
> replication would be much appreciated.

Thanks for posting the info.

The ipconfigs look good, as I first thought they would be. What I mean about
the "replication scope" is the setting in the zone properties, general tab,
AD integration scope, meaning in what part of the AD database is the zone
set to be stored in, not actually the zone transfer tab, which is different
and doesn't apply to AD integrated zones unless there is a secondary zone
pulling from it, but isn't the case here.

What could be happening are two things:
1. PIX is not allowing querying thru it based on EDNS0 support. Win2003
implemented the new industry standard to allow UDP query response traffic
greater than 512 bytes. The PIX device will need to be upgraded to support
this new industry implementation. Read more on it and how to:

828263 - DNS query responses do not travel through a firewall in Windows
Server 2003:
http://support.microsoft.com/?id=828263

832223 - Some DNS Name Queries Are Unsuccessful After You Upgrade Your DNS
Server to Windows Server 2003:
http://support.microsoft.com/?id=832223

828731 - An External DNS Query May Cause an Error Message in Windows Server
2003:
http://support.microsoft.com/?id=828731


OR

2. Cable is not allowing querying traffic inbound. Many cable providers do
not allow server type of traffic inbound to eliminate any possiblity of
subscribers running servers on the connection. Either that, or in
combination with, the slow 'upload' speed that the cable companies throttle
bandwidth. Sure, download is 3-6 mbps, but you would be lucky if the upload
speed is greater than 384 kbps. That can cause problems.

So it's either/and/or between the cable link and PIX.

Ace



.

Relevant Pages

  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 4515 :another copy of zone has been found
    ... running on the old 2000 server. ... I then installed DNS on ... I seem to remember hearing that if you just delete/remove the zone it ... Container), the Configuration Partition, and the Schema Partition. ...
    (microsoft.public.windows.server.dns)
  • Re: proper way of backing up exchange and reinstalling on same server
    ... Verify the Domain Name System (DNS) pointers. ... Right-click Server Local Area Connection, ... DNS server address automatically options. ...
    (microsoft.public.windows.server.sbs)
  • Re: Replication between parent child domains
    ... install dns before i run the dcpromo on the melbourne server. ... DNS server will forward any query it can't answer, Checks zone ...
    (microsoft.public.windows.server.active_directory)
  • Re: Replication between parent child domains
    ... DNS server will forward any query it can't answer, Checks zone ... DNS Servers) all queries will go to tld DNS server (including Internet ... Stub zones: Stub zones contain a read-only copy with specific records ...
    (microsoft.public.windows.server.active_directory)