Re: Weird DNS behavior

Edward <Edward@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I have two 'internal' DNS for AD and one 'external' DNS used for
> web/ftp sites. All my DNS servers are behind a firewall and,
> obviously, DNS ports are
> opened for these three servers.
>
> Through DHPC all my users get assigned these two (internal) dns
> servers as primary and secondary. My servers use these same DNS
> servers to resolve
> names, through static IP configuration.
>
> My users are able to browse almost every site on the web.
> However, I just found out that there are a few websites that either
> take a long time to resolve or they just time out. Some of these
> sites are yahoo and aol.
>
> Doing an nslookup and setting type to mx, these two domains time out
> and
> this is preventing some of my emails to go to those domains.
> Browsing these sites is also slow, so I had to setup a forward, for
> now, to get things going when browsing.
>
> Have any of you guys seen anything like this or have any suggestions
> to fix this behavior?

In all likelihood, you have to either fix the firewall to allow DNS to use
EDNS query responses or disable EDNS on the servers. I recommend to fix the
firewall as it improves the efficiency of DNS by allowing the remote DNS to
respond using UDP Packets over 512 bytes. UDP connections are more efficient
and require less overhead to set up. However, some firewalls, such as the
Cisco PIX, block these UDP packets, because they exceed 512 bytes.

DNS query responses do not travel through a firewall in Windows Server 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828263&sd=RMVP




--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: Help SMPT Errors
    ... FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your ... it may mean that your DNS servers did not respond fast enough). ... INFO NS records at parent servers Your NS records at the parent servers ... PASS Parent nameservers have your nameservers listed OK. ...
    (microsoft.public.exchange.admin)
  • Re: Windows 2000 logon process
    ... Paul Williams ... when clients are accessing the GPO stored in SYSVOL during logon. ... PW>> Sound's like - that's a combination of DNS and Dfs client pointing ... Global Catalogue servers? ...
    (microsoft.public.win2000.active_directory)
  • Re: Replication issues
    ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ...
    (microsoft.public.windows.server.active_directory)
  • Re: DHCP assinged DNS servers dont work
    ... Although the WinXP firewall is enabled and configured via Group ... The first two DNS servers are AD controllers running ONLY core ... I have 75 WinXP machines on a Win2K3 domain using DHCP for address ...
    (microsoft.public.windows.server.networking)
  • Re: Howto refresh IIS 6 Application pool identity credential info
    ... You already have 80% of the work setup (DNS Aliases and HostHeaders) on the ... domain accounts (one for each layer) should be sufficient. ... The Application Servers are load balanced clustered, ... as the account name and SPN alias is correctly defined on both nodes. ...
    (microsoft.public.inetserver.iis.security)