+ Reply to Thread
Results 1 to 6 of 6
  1. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #1

    Default Question for DNS guru's

    I'm having trouble with our network. we have 2 locations connected by a point to point EVPL. All servers etc reside at the main location. 2 DNS servers and one reverse lookup zone 172.22.1.X. the remote site uses DHCP handed out from the gateway router and is configured to get its DNS from the main site. however, its not working. We have thin clients over there that can connect via IP address, but not hostname. PC's however are fine.

    Another issue is when i use our ISP's DNS servers as the forwarders, then run the nslookup tool, i get a message that it cant resolve. If i add 4.2.2.2 to the top of the forwarders list, it resolves just fine.

    What is the quick/easy way of troubleshooting this? Its driving me nuts.

    Should i add another reverse lookup zone for the remote subnet? What should be in the forwarders tab?
    Reply With Quote Quote  

  2. SS -->
  3. Virtual Member undomiel's Avatar
    Join Date
    Sep 2007
    Location
    Bellevue, WA
    Posts
    2,813

    Certifications
    MCSA:2008, VCP4/5, CCA (XS), MCITP: EA/VA, MCSE, MCSA, Linux+, Security+, Server+, A+
    #2
    Are they having problems connecting to the short netbios name or the fqdn from the other site? Connecting to host doesn't work but host.domain.local works just fine? If so then make sure that your DHCP is handing out the DNS suffix for the systems to append to their queries. If neither are working then you'll want to run nslookup and see if you can resolve queries from the servers. You might need to break out wireshark and see if you're getting any responses.

    The reverse lookup zone is basically just to ease troubleshooting. I always recommend having them configured. For the forwarders I would run nslookup from the DNS servers and point it to the ISP's DNS and see if queries are resolving. Though I generally prefer to use Google's public DNS servers myself.
    Reply With Quote Quote  

  4. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #3
    Quote Originally Posted by undomiel View Post
    Are they having problems connecting to the short netbios name or the fqdn from the other site? Connecting to host doesn't work but host.domain.local works just fine? If so then make sure that your DHCP is handing out the DNS suffix for the systems to append to their queries. If neither are working then you'll want to run nslookup and see if you can resolve queries from the servers. You might need to break out wireshark and see if you're getting any responses.

    The reverse lookup zone is basically just to ease troubleshooting. I always recommend having them configured. For the forwarders I would run nslookup from the DNS servers and point it to the ISP's DNS and see if queries are resolving. Though I generally prefer to use Google's public DNS servers myself.
    Hi undomiel,

    The thin clients cant connect with either name. Just IP's. They could yesterday before the firewall install, but i dont see how that would be the problem. i have other DNS issues.... i'd kinda just like to start from scratch. The DHCP is being handled by the AdTran router now. I'll have to see if i can add the suffix somehow, although it was working prior to the firewall install.

    It seems now, the nslookups with the ISP's DNS servers listed IS working... it wasnt earlier today for some reason.
    Reply With Quote Quote  

  5. Well ain't that shiny! TLeTourneau's Avatar
    Join Date
    Mar 2011
    Location
    MN, USA
    Posts
    582

    Certifications
    CISSP, MCITP:EA, SA, EDA7, MCTSx4, MCSA 2008, CCNA (expired), Security+(expired), Project+, CIW JavaScript Specialist, CIW Web Foundations Associate
    #4
    If it was working prior to the firewall install look at the firewall logs and see if it's doing anything to port 53/udp from or to the IP's of the thin clients. You may need to get a PC/laptop with a NIC in promiscuous mode with wireshark installed to diagnose it if it doesn't show anything in the firewall logs.
    Thanks, Tom

    B.S: IT - Network Design & Management
    M.S. - CSIA (Started 3/1/2017)Progress T1: C688, JIT2; T2: TFT2, C700, VLT2; T3: C701, C702; T4: FXT2, LQT2, C706
    Black = Not Started, Blue = In Progress, Red = Complete
    Reply With Quote Quote  

  6. Senior Member MentholMoose's Avatar
    Join Date
    Sep 2009
    Location
    CA
    Posts
    1,550
    #5
    To narrow down the problem you can use nslookup. I don't know what thin client you're using but they are commonly based on either Windows or Linux and nslookup usually works similarly. Try running some standard queries and explicitly choose one of your DNS servers. Windows or Linux:
    Code:
    nslookup somehost dnsip
    Also try querying with TCP (assuming your DNS server listens on TCP) since sometimes firewalls have problems with UDP. Windows or Linux:
    Code:
    nslookup
    server dnsip
    set vc
    somehost
    What is the new firewall, where was it installed, and what DNS servers are you using? Are the DNS servers now behind the new firewall? If the servers are running Windows and the standard Microsoft DNS server, and they are behind your new firewall, you can try disabling EDNS0 as explained here:
    Some DNS name queries are unsuccessful after you deploy a Windows Server 2003 or Windows Server 2008 R2-based DNS server

    You should also check the configuration on the new firewall since it may be doing something to DNS traffic, and the firewall logs as recommended by TLeTourneau.
    Reply With Quote Quote  

  7. Senior Member tdean's Avatar
    Join Date
    Mar 2009
    Posts
    522
    #6
    Thanks guys.... i will try all this and let you know. Having so many problems today... ugh.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks