Weird DNS Issues

One of my clients has a Single Windows Server 2003 Acting as the one and only Domain Controller so is running AD, DNS, DHCP, Print Server.

The server itself (not the workstations) is having problems browsing the web due to DNS not working. Yet if I go into the command prompt and use NSLOOKUP it resolves the IP's perfectly. I have tried the usuall ipconfig /dnsflush and restarted the DNS client on the server to no avail.

I'm currently using a bodge by using an external proxy server so it can get its Symantec Virus updates but obviously this isn't a clean fix.

Any Idea's guys? .

 

If you have DNS set up correctly, the server can look at itself for DNS lookup. Connection to the outside world comes via Forwarders set up within the DNS service.

Can you connect to a site by IP? Do a NSLOOKUP for the address you want to access and then enter the returned IP in the browser rather than the name.

 

Yes i've configured fowarders in the DNS server config. I have also set it to look at itself for the DNS.

Yes if I use nslookup for google.com I get:-

> google.com
Server: root._msdcs.domain.local
Address: 192.168.0.1

Non-Authoritive answer:

Name: google.com
Addresses: 209.85.171.99 64.233.187.99 74.14.207.99

And if I put any of them IP's into the browser it works. But if I try the hostname in IE it cannot find server (DNS error).

 

I think then this is an IE problem. I've seen similar things on XP system when QoS scheduler is installed (and uninstalling it fixed the problem). The places I'd look next are:

• IE security settings. Add google to your trusted zone and see if that makes a difference (remove google from the trusted zone after the test.
• Anti-virus - make sure there are no settings in your AV blocking the connection - perhaps erroneously seeing it as malicious action.
• Check your proxy settings on the IE connection tab. Unless you need to use a proxy, these should be blank - and I'd always remove the option to auto-detect proxy settings unless it is needed.
• Firewall. Do you have ISA installed? Review your Firewall settings and make sure there is nothing erroneous there. If you are using a firewall that works at the application level, you may well find that the DNS connection when you browse directly involves a system call to DNS on the server which would not be present when a client makes the same connection and therefore the application firewall setting may be different.

 

In the end I resorted to using the hosts file haha. Aw well it works.

Got a new VERY weird issue now, after reinstalling the AntiVirus I had to reboot the server since doing so the DNS Server Service refuses to start. When I try to start it manually I get:- Error 14: Not Enough Storage is availible to complete this operation

There is 3-4gb's availible on Drive C:\ and 20gb's free on D:\ where the pageging file is.

Any ideas?.

 

I think this is caused by an authentication problem. That is the service fails to get the permissions it needs to use the file system. As the amount of file area it is able to access is zero and that isn't enough it comes up with a not enough file space error.

Have a look at this Google search for other similar errors.

In particular, this article suggests that you can fix the problem by adjusting the MaxTokenSize size. See this MS Technet article.

 

Ok thanks for the info! .

I also found an article pointing to 2 hotfixes!. Can't remember no's but ill post them tomrorow when I get back to work. Basically it changed certain UDP ports some services are bound too. So when the DNS Server starts and binds it's 2500 random ports it gets a conflict and then stops with that Error 14.

The DNS server logs appear to support this theory. I've tried the fix but won't know if its worked until the morning due to it needing a reboot

 

Well my theory didn't work so I'm putting your theory into practise.

I've looked into the DNS logs and this is what im getting:-

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 407
Date: 31/10/2008
Time: 10:29:43
User: N/A
Computer: IMPLANTS1
Description:
The DNS server could not bind a User Datagram Protocol (UDP) socket to 127.0.0.1. The event data is the error code. Restart the DNS server or reboot your computer.

Then just after Im getting:-

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 408
Date: 31/10/2008
Time: 10:29:43
User: N/A
Computer: IMPLANTS1
Description:
The DNS server could not open socket for address 127.0.0.1.
Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ ListenAddress value in the services section of the registry and restart.)

If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.

Ive ran netstat -a -p UDP and theres nothing hogging the DNS port "53 "

 

Can you do this:

• Open DNS manager
• Right click on you DNS Server Icon (probably labelled 'IMPLANTS1' and select Properties.
• Select the Interfaces tab

Which addresses are set as being listened to, or is the setting "All IP addresses" being used?

 

It doesn't have an interfaces tab... Probably because the service isn't running .

 

Hmmm. That's not good. 127.0.0.1 is a fundamental IP address and if it isn't working, you could have a problem with the underlying TCP/IP system.

However, there could be a simple cause - something else is already listening on the DNS port (53) and the is preventing the DNS service from using that port. Try this:

Code:

netstat -ano

That will list all the ports being used or assigned to processes. Look for an entry for either 0.0.0.0:53 or 127.0.0.1:53. If there is one, something is already using the port and you need to stop it before the DNS service will start.

To track down the process, note down the PID as that will identify the process. Then do a:

Code:

tasklist

That will show you the running executable and tie them to PIDs. If the one you are looking for is tied to svchost, try this:

Code:

tasklist /svc

and that will show you the systems using svchost on that PID.

 

Theres nothing listening on port 53 .

So it looks like its just refusing to start .

 

I think I'd uninstall and reinstall the DNS server. However, I'm happy to rip bits out of systems and put them back together. Most other people wouldn't be so gung-ho.

The main problem is that there is a good chance that you'll cause a problem in Active Directory if you rip out DNS. Therefore, you need to be prepared to reinstall and restore AD. Also since server 2000, DNS is closely linked to DHCP so there is a chance that could need reinstalling too.

So I'd recommend you don't unless you've run out of other options.

Have a look at this guide first. It may point you in the right direction to fix this without reinstalling DNS:

http://itknowledgeexchange.techtarget.com/itanswers/rebuild-ad-and-dns/

I suggest you work through some of the suggestions there before ripping DNS out and starting again.

However, getting DNS working right is worth the effort. 2003 network can spit out all sorts of problems (especially authentication problems) if DNS isn't working correctly.

 

Thanks for all your help. I'll update how I get on in the coming week .

 

I've tried the gun ho method, I removed the DNS Server Service (didn't effect AD ). Then re-installed DNS Server Service and still get error 14 upon starting .

Going to start looking though your links you've provided.