Re: machine popping off the domain after DNS query.

---

• From: "Brian Byrnes" <bnbyrnes@xxxxxxxxx>
• Date: Thu, 25 Aug 2005 15:14:52 -0500

---

We figured this out ... (well I hope so - testing now)

We use a monitoring tool called event sentry. We were asked by the
monitoring team to enable snmp. Well what we didn't realize was that this
app would suck up about 5000 UDP ports .. effectivly killing all other UDP
traffic including DNS.

Thanks for your help!

"Brian Byrnes" <bnbyrnes@xxxxxxxxx> wrote in message
news:%23aAQmVaqFHA.3304@xxxxxxxxxxxxxxxxxxxxxxx
> We just replicated a web enviroment with 8 load balanced (wlbs) web
> servers and 2 DC's running DNS. Between the web servers and the DC's is a
> PIX firewall. The DNS forwards to a valid external DNS. The web servers
> send out mail from the IIS smarthost.
>
> So basically what seems to be happening is that within 4 (cached) hours of
> a web server being booted it just drops from the domain with an error:
>
> EVENT # 3245
> EVENT LOG System
> EVENT TYPE Warning
> SOURCE smtpsvc
> EVENT ID 4000
> COMPUTERNAME PRODWEB006
> TIME 8/25/2005 1:08:18 PM
> MESSAGE Message delivery to the remote domain 'yahoo.com' failed for
> the following reason: Unable to bind to the destination server in DNS.
>
>
> BINARY DATA 0000: D5 02 04 C0
>
>
>
>
> Now this is result of the machine being bumped off the domain. I have to
> login locally in order to reboot the box. At that time I can't ping the
> DNS or the DC. The mail remains qued up. Once the box is rebooted
> everything runs great for 4 hours and then down again. So for the 4 hours
> the machine runs great and does its job, then PUKE. I have googled the
> hell out of this and have no answers.
>
> Simplly put what can make a machine pop off the domain until a hard boot.
> Its as if the network card looks at the DC's net card and says STOP. The
> PIX has been adjusted with all the latest fixes for UDP problems and we
> added the fix to stop using DNS over UDP.
>
> Guys/Gals please help!
>
> Thanks,
> Brian Byrnes
> bnbyrnes@xxxxxxxxx
>


.

---

• References:
  • machine popping off the domain after DNS query.
    • From: Brian Byrnes

• Prev by Date: Re: Active Directory Backup on Windows Server 2000
• Next by Date: Domain issues
• Previous by thread: Re: machine popping off the domain after DNS query.
• Next by thread: How to properly remove a domain controler from AD.
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: NETDIAG problem - SPN queries ... Ethernet adapter Local Area Connection: ... Connection-specific DNS Suffix. ... There is no primary WINS server defined for this adapter. ... Description: RSVP UDP Service Provider ... (microsoft.public.win2000.dns) RE: DNS ACL ? ... > Not all DNS clients automatically try to negotiate bigger UDP ... The same goes for DNS servers. ... as a part of the response, but could not be included in its entirety. ... (Pen-Test) Re: Some help interpreting log snipped please? ... >apps only, with fw set to block anything else -all protocols,even dns, ... >for each app). ... UDP Source address _can_ and usually IS faked. ... As I'm not stupid enough to be using windoze, ... (comp.security.firewalls) Re: Bringing DNS In-house ... equally "unavailable" as the web servers for the same reason. ... DNS because you have moved it behind your Line that has just ... Q128978 - Dead Gateway Detection in TCP/IP for Windows NT ... Q171564 - TCP/IP Dead Gateway Detection Algorithm Updated for Windows NT ... (microsoft.public.windows.server.dns) Re: Help with ipfw rules to allow DNS queries through ... Thanks a whole heap! ... I am guessing that this broken UDP rule may have been ... > UDP from your box, including DNS, if I'm read your ruleset rightly? ... > Does the output of 'ipfw list' or 'ipfw show' include that UDP rule? ... (FreeBSD-Security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.general  > 2005-08