Re: nslookup fails

hinarei <hinarei@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> that KB article refers to ISA 2000. Do you know if this is still
> relevant in ISA 2004? If it is, I can't find what it's talking about

I would supposed not, since it say the problem was fixed in ISA 2000 SP1.

1. Does this DNS server have a Forwarder configured?

a. If a Forwarder is configured, does the forwarder allow recursive
lookups?

b. If the forwarder does not allow recursive lookups, remove that
forwarder and use one that does, if you don't know one try 4.2.2.2.

2. Do you have "Do not use recursion" checked on the forwarders tab?
a. If "Do not use recursion" is checked, from the DNS server machine
run a query to the forwarders IP address using
nslookup -d2 google.com. <ip-of-forwarder>
(Notice the dot after the domain name, make sure you include the dot)

b. If "Do not use recursion" is NOT checked run these queries against
the IP of your DNS server. Does is return the NS records, and IP addresses
for all NS records?

nslookup -qtype=ns .
and
nslookup -qtype=ns google.com.

Post the results of both queries and don't forget to include the dots. (the
first query is making sure your DNS server can resolve the root servers to
IP addresses, you may need to run the root query several times to resolve
all the root servers to their IP addresses.
You should get these for google.com.
google.com nameserver = ns1.google.com
google.com nameserver = ns2.google.com
google.com nameserver = ns3.google.com
google.com nameserver = ns4.google.com

ns1.google.com internet address = 216.239.32.10
ns2.google.com internet address = 216.239.34.10
ns3.google.com internet address = 216.239.36.10
ns4.google.com internet address = 216.239.38.10

If the NS records are not returned for google.com. then your DNS server is
unable to contact the com. parent servers to get the NS records for
google.com. And is a possible mis-configuration of ISA.

I want to compare them to what they are supposed to be. The root query may
differ, depending on what root your DNS server resolves, default is the
ICANN Root. Here is the ICANN Root:

(root) nameserver = D.ROOT-SERVERS.NET
(root) nameserver = E.ROOT-SERVERS.NET
(root) nameserver = F.ROOT-SERVERS.NET
(root) nameserver = G.ROOT-SERVERS.NET
(root) nameserver = H.ROOT-SERVERS.NET
(root) nameserver = I.ROOT-SERVERS.NET
(root) nameserver = J.ROOT-SERVERS.NET
(root) nameserver = K.ROOT-SERVERS.NET
(root) nameserver = L.ROOT-SERVERS.NET
(root) nameserver = M.ROOT-SERVERS.NET
(root) nameserver = A.ROOT-SERVERS.NET
(root) nameserver = B.ROOT-SERVERS.NET
(root) nameserver = C.ROOT-SERVERS.NET

D.ROOT-SERVERS.NET internet address = 128.8.10.90
E.ROOT-SERVERS.NET internet address = 192.203.230.10
F.ROOT-SERVERS.NET internet address = 192.5.5.241
G.ROOT-SERVERS.NET internet address = 192.112.36.4
H.ROOT-SERVERS.NET internet address = 128.63.2.53
I.ROOT-SERVERS.NET internet address = 192.36.148.17
J.ROOT-SERVERS.NET internet address = 192.58.128.30
K.ROOT-SERVERS.NET internet address = 193.0.14.129
L.ROOT-SERVERS.NET internet address = 198.32.64.12
M.ROOT-SERVERS.NET internet address = 202.12.27.33
A.ROOT-SERVERS.NET internet address = 198.41.0.4
B.ROOT-SERVERS.NET internet address = 192.228.79.201
C.ROOT-SERVERS.NET internet address = 192.33.4.12


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: DNS resolcing externally for local machines..
    ... answer, want recursion, recursion avail. ... nameserver = b.root-servers.net ... internet address = 192.33.4.12 ...
    (microsoft.public.windows.server.dns)
  • Re: Urgent!! Exchange Server 2000 cannot received emails....
    ... Default Server: webmail.wecl.com.hk ... nameserver = m.root-servers.net ... l.root-servers.net internet address = 198.32.64.12 ...
    (microsoft.public.exchange.admin)
  • Re: Forwarders versus root hints
    ... > There was some confusion on my part about the benfits forwarding offers ... DNS server on the firewall/gateway (e.g., ... very imporant server from visiting the Internet) it just adds ... And it will not work on a TRUE DNS 'root', ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Forwarders not working?
    ... > DC is pointing to itself in the DNS on the NIC, ... If you are not using a forwarder verify that you can query the root servers ... nameserver = A.ROOT-SERVERS.NET ... H.ROOT-SERVERS.NET internet address = 128.63.2.53 ...
    (microsoft.public.win2000.dns)
  • DNS MX Lookup - Windows Server 2003
    ... I then switch to my sister company's DNS server (they are off our ... dns1.name-services.com internet address = 63.251.163.102 ... burrellesluce.com nameserver = dns1.name-services.com ...
    (microsoft.public.windows.server.dns)