Windows Server 2008 R2 DNS Server Intermittently Unresponsive

domain-name-systemwindows-server-2008

Throughout the day out DNS servers (2x Win 2k8 R2 servers) are unable to respond to requests. The requests that fail are all on the .root zone that are either cached or obtained from 1 of 5 DNS servers we forward to before going to root hints.

At first I thought the DNS servers we were forwarding to were flaky. So I added some more in.
Currently the forwarding list looks like

ISP DNS 1
OPEN DNS 1
ISP DNS 2
OPEN DNS 2
ISP DNS 3

I have tried:

Turning off root hints.
Set record scavenging to 7 days.
Using dnscmd /config /EnableEDNSProbes 0 as per this.

Packet capture at the DNS server shows that there is a lot of query responses with server failure between LAN clients and the local DNS server; it does not appear to be forwarding those requests. So maybe a problem with caching?

Does anyone have anything I can try to get this working?

Forwarders Pane

enter image description here

Here is a cap from the secondary DNS called DC3 with capture filter 'port 53'

Best Answer

Ablue, these are my observations:

Query packet 161 - quad A query dc2 - response packet 162 - server failure.
Query packet 251 - quad A query mx1 - response packet 252 - server failure.
Query packet 2102 - quad A query for Storage1 - response packet 2103 - server failure

Gaps:

Successful response from external DNS ends at Jun 1, 2012 08:40:07 with packet 3913

Queries go out to external servers.
DNS caching server does try multiple servers from forwarders,
but does not receive a response from external servers.

Next response from external server received at Jun 1, 2012 08:40:46 with packet 4147

packet 4147 - packet 4453

4504 - 4600 - 4694
4869 - 5004
5210 - 5234

By looking at these gaps out of your pcap file I can see that your DNS server is going out to the forwarders. However, it is not receiving responses from the forwarders. Have you checked if you had connectivity issues at or beyond your border router/gateway? You seem to be experiencing line dropouts.

By what the timestamps in the packets tell, it's also during the morning rush hour.

Related Solutions

Windows 2008 R2 DNS Server Doesn’t Use Root Hints

Got it...

From: http://weblogs.asp.net/owscott/archive/2009/09/15/windows-server-2008-r2-dns-issues.aspx

It appears that the Internet isn’t fully up to date and ready to use EDns quite yet. The solution for this is to disable EDns and wait another year or two until Akamai and other DNS servers catch up....
Note that this isn’t a problem for most Windows Server 2008 R2 member servers. It’s only a problem for DNS servers that do recursive lookups. i.e. likely only your domain controller will be affected if that is where your DNS Server role exists.

Fix

To disable EDns, you can do it from the command prompt, or by editing the registry.

From the command prompt, no restart of DNS is required. If from the registry, make sure to restart the DNS Server service.

Command prompt:

dnscmd /config /EnableEDNSProbes 0

No restart is needed. It takes effect immediately.

or Registry:

Create a DWORD called EnableEDNSProbes and set to 0 in

HKLM\SYSTEM\CurrentControlSet\services\DNS\Parameters

Restart the DNS Server service for it to take effect.

Windows DNS Server 2008 R2 fallaciously returns SERVFAIL

We have had similar issue on Microsoft DNS servers with no forwarders configured. Looks like this hotfix is related: http://support.microsoft.com/kb/2508835 . I wouldnt say that using forwarders would negate the applicability.

Best Answer

Related Solutions

Windows 2008 R2 DNS Server Doesn’t Use Root Hints

Windows DNS Server 2008 R2 fallaciously returns SERVFAIL

Related Topic