DNS Problems

Hello, here is my problem:

I have a network configured as follows:

Primary domain controller running SBS 2003 (192.168.1.250)
Secondary domain controller as above (192.168.1.251)
15 client computers running XP SP2
DSL modem/switch providing NAT (192.168.1.1, DC's have static, private IP's as above)

I'm having big problems with external name resolution and occasionally internal name resolution. Although it works perfectly most of the time, sometimes it's as if the DNS servers are no longer forwarding requests for external addresses. If I manually scavenge stale resource records, update server data files and clear the cache from the DNS MMC the problem disappears.

DNS on the domain controllers is configured as follows:

Server client DNS:

Each has it's own IP as preferred DNS server, the other DC's IP as alternate DNS server

In the MMC for DNS:

On the 'Interfaces' tab, the 'Listen on:' option is set to 'Only the following IP addresses:' and the server's own IP address is in the box.

On the 'Forwarders' tab, there is an entry for all other DNS domains (i.e. anything other than the local domain), and the forwarder's IP is 192.168.1.1 (the DSL modem).

On the advanced tab, the boxes for BIND secondaries, Enable netmask ordering, and Secure cache against pollution are all checked. Name checking is set to all names, Load zone data on startup is set to 'From active directory and registry', automatic scavenging of stale resource records is on and set for every 1 hour.

I've tried changing the setting for scavenging stale resource settings and even turning it off completely, but it has made no difference, although the outages don't seem to correspond to scavenging cycles anyway. There's nothing in any of the event logs to suggest a problem.

Sometimes when attempting an nslookup from a client machine I get error messages like 'Can't find server name for server [DC IP address]. Non-existent domain Default servers are not available.' The modem's IP address then shows as being the DNS server in use. It's as if DNS or possibly Active Directory are having problems, but as yet I can't find where the problem exists.

Any help is appreciated.

 

It could be a configuration problem, but the weak link in you set up that strikes me is the use of your modem as the source of external DNS server. The first thing I would try is point forwarding at the server to your ISP's DNS servers. You should be able to get those from you ISP or get them from the modem configuration.

This is a fairly easy setting to change and would remove the device that I think is likely to be the least reliable in your set up.

 

The modem we have is one supplied by BT and it automatically gets a list of DNS servers from BT. Although I can change this setting and manually enter external DNS servers I have found that, in practice, it works better left at the automatic setting. This way if an external DNS server stops responding it automatically looks for another. As long as the modem is up and running it should be able to answer any external queries. Manually entering external DNS server(s) for forwarding in DNS on the DCs would therefore probably be less fault tolerant than the current setup.

Also, when there is an outage, I can connect another PC via CAT5, USB or wireless to the modem and it can connect externally without a problem, only PC's using the DC's for DNS are affected. I have tried configuring external DNS servers manually in DNS on the DCs but it hasn't made any difference, I'm still getting the same problem. In fact shutting down the DCs also stops the problem as without them running the client PCs look to the modem for DNS.

Something interesting I've noticed today is all clients are being authenticated on the secondary DC - something I coincidentally found out while using LimitLogin. The secondary DC is new (although the DNS problems existed before it was put on the network), so in my opinion this is looking more and more likely to be a problem with the PDC.