Re: MS Update Breaks External DNS again

---

• From: "Allen Harkleroad" <allen _ mvp at msn dot com>
• Date: Wed, 11 Mar 2009 09:58:16 -0400

---

I have the following enabled

BIND secondaries
ENable Round RObin
Enable Netmask Ordering
Secure Cache against Pollution

name checking: Multibyte (UTF8) Load zone data on startup: From Active
Directory and registry (snce AD isn't enabled it pulls from the registry

Nothing else is enabled or checked.

Allen


"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661c96e8cb706fc0940624@xxxxxxxxxxxxxxxxxxxxxxx

Hello Allen Harkleroad" allen _ mvp at msn dot com,

Under the server properties advanced tab what options are enabled?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Hi,
Yes I have to force root hint updates on both servers manuall ( i use
4.2.2.2 to pull the hints), the cache.dns does have the FQDN and IP
for all
of the root servers.
This is what is in both of my DNS servers cache.dns files.

;
; Root Name Server Hints File:
;
; These entries enable the DNS server to locate the root name servers
; (the DNS servers authoritative for the root zone).
; For historical reasons this is known often referred to as the
; "Cache File"
;
@ NS a.root-servers.net.
a.root-servers.net A 198.41.0.4
@ NS b.root-servers.net.
b.root-servers.net A 128.9.0.107
b.root-servers.net A 192.228.79.201
@ NS c.root-servers.net.
c.root-servers.net A 192.33.4.12
@ NS d.root-servers.net.
d.root-servers.net A 128.8.10.90
@ NS e.root-servers.net.
e.root-servers.net A 192.203.230.10
@ NS f.root-servers.net.
f.root-servers.net A 192.5.5.241
@ NS g.root-servers.net.
g.root-servers.net A 192.112.36.4
@ NS h.root-servers.net.
h.root-servers.net A 128.63.2.53
@ NS i.root-servers.net.
i.root-servers.net A 192.36.148.17
@ NS j.root-servers.net.
j.root-servers.net A 192.58.128.30
@ NS k.root-servers.net.
k.root-servers.net A 193.0.14.129
@ NS l.root-servers.net.
l.root-servers.net A 198.32.64.12
l.root-servers.net A 199.7.83.42
@ NS m.root-servers.net.
m.root-servers.net A 202.12.27.33
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661c94e8cb706aa4609454@xxxxxxxxxxxxxxxxxxxxxxx

Hello Allen Harkleroad" allen _ mvp at msn dot com,

You said you have to manualy update the root hints after each reboot?

Can you check if Cache.dns, stored in the systemroot\System32\Dns
folder on the server exists and contains the NS and A resource
records for the Internet root servers?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

These are web servers / DNS Servers each website is assigned it's
own IP in IIS. the web/dns machines are ns.gmpservices.com and
ns2.gmpservices.com

We have 262 forward lookup zones on each machine (identical zones on
both).

We use them for hosting primarily and thus must have public IP
ranges.

Allen

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661c9278cb7060a01624f4@xxxxxxxxxxxxxxxxxxxxxxx

Hello Allen Harkleroad" allen _ mvp at msn dot com,

127.in-addr.arpa is automatic created during install, also with
0.in-add.arpa and 255.in-addr.arpa so they shouldn't be an issue.

May i ask why you have your domain in public ip range and assigned
also that much ip addresses to the NIC?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I've often wonder if have a 127.x.x.x reverse zone could
cause problems. I am a bit wary of removing it because of
unforseen
issues.
We only use Class C IP's (74.43.13x.x) on the server so I don't
think
the
127 zone should be in there.
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb661c90d8cb705b9208adb4@xxxxxxxxxxxxxxxxxxxxxxx

Hello Allen Harkleroad" allen _ mvp at msn dot com,

Sounds for me that you have a general DNS problem, not only patch
related. We use all patches and it works fine. For starting
please post an unedited ipconfig /all from the DNS servers.

Are the DNS servers also Domain controllers? If yes, do you use
AD integrated zones?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!
http://www.blakjak.demon.co.uk/mul_crss.htm

Windows Server 2003 - The most recent DNS patch and the previous
DNS patch completely breaks my to external (Internet) DNS
Servers. Once I remove the DNS patch (uninstall) and reboot I
can again grab root hints and resolve Internet addresses.

When I applied the DNS server update everything starts normally,
however doing a nslookup for a internet address I get a timeout
error. THe DNS services are running and I can query the local
DNS entries.

Does anyone have any ideas on how I can successfully up DNS and
not have external resolving issues?

I am near the point of using something other than Microsoft DNS.

Each time I reboot the two DNS servers, I must go into each DNS
and manually grab root hints and restart the DNS Service to be
able to resolve external Internet addresses. This particular
issue has been ongoing since I first installed Windows Server
2003 on the servers several years ago.

If possible please reply via email as well as on post here (
email allen _ mvp @ msn . com )

Thanks,
Allen Harkleroad

.

---

• Follow-Ups:
  • Re: MS Update Breaks External DNS again
    • From: Meinolf Weber [MVP-DS]

• References:
  • Re: MS Update Breaks External DNS again
    • From: Allen Harkleroad
  • Re: MS Update Breaks External DNS again
    • From: Meinolf Weber [MVP-DS]

• Prev by Date: Re: MS Update Breaks External DNS again
• Next by Date: Re: MS Update Breaks External DNS again
• Previous by thread: Re: MS Update Breaks External DNS again
• Next by thread: Re: MS Update Breaks External DNS again
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ad and dns setup ... MCSE, MVP Directory Services ... _msdcs, forward zone, reverse lookup zone. ... To fully rebuild DNS: ... changes immediately to all servers, this helps to speedup the process. ... (microsoft.public.windows.server.active_directory) Re: Replication issues ... I wanted to say Zone Transfers not Zone Forwarding. ... on 2 servers out of 4 DNS servers. ... DNS and 2003 DNS and how to set up Conditional Forwarding. ... (microsoft.public.windows.server.active_directory) Re: ad and dns setup ... "Jorge Silva" wrote: ... domain It gave me 2 errors, no dns servers have dns records for this dc ... error no logon servers.. ... Make sure that the _msdcs zone exists and the scope is set ... (microsoft.public.windows.server.active_directory) Re: Event ID 7062 in DNS logs ... you advice me to let the default Internet root ... > hints in place and to use forwarders from the child DNS (DNS server in ... > the root DNS (DNS server on the forest root domain hosting the ... > AD-integrated forestroot.com zone). ... (microsoft.public.windows.server.dns) Re: Global catalog server died before completing replication to new GC server ... What about the DNS zones,are all machines listed there? ... Install DNS role and create a forward lookup zone for your complete ... Then make sure all servers are listed in the zones, ... cause Group Policy problems. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)