Results 1 to 6 of 6

Thread: Name lookup problem, clear cache fixes?

  1. #1
    BobW Guest

    Name lookup problem, clear cache fixes?

    I am currently running Server 2008 with AD integrated DNS. There are not any
    forwarders defined. Note that I have seen the exact same issue with Server
    2003. The firewall/proxy is ISA 2006.

    On occasion (once every coupel months) my users will be unable to go to
    *.*.*.gov. Typically it is only a couple of sites with the tdl of .gov. In
    order to eliminate the proxy, I run an nslookup from my workstation. The
    internal dns gives a "server failed" error (Unfortunately, I did not note the
    verbiage of the error.....) and the firewall shows a valid dns conenction to
    an external DNS.

    In order to get it functioning I then have to go to the internal DNS and
    clear the cache. Immediately all is well again.

    Any thoughts/suggestions would be appreciated.
    Bob



  2. #2
    Herb Martin Guest

    Re: Name lookup problem, clear cache fixes?


    "BobW" <Osm3um@news.postalias> wrote in message
    news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
    >I am currently running Server 2008 with AD integrated DNS. There are not
    >any
    > forwarders defined. Note that I have seen the exact same issue with
    > Server
    > 2003. The firewall/proxy is ISA 2006.
    >
    > On occasion (once every coupel months) my users will be unable to go to
    > *.*.*.gov. Typically it is only a couple of sites with the tdl of .gov.
    > In
    > order to eliminate the proxy, I run an nslookup from my workstation. The
    > internal dns gives a "server failed" error (Unfortunately, I did not note
    > the
    > verbiage of the error.....) and the firewall shows a valid dns conenction
    > to
    > an external DNS.


    Well, next time record the error message and number exactly -- sometimes
    it really helps.

    > In order to get it functioning I then have to go to the internal DNS and
    > clear the cache. Immediately all is well again.
    >
    > Any thoughts/suggestions would be appreciated.


    I would want to know "what is in that cache" that is causing the problem
    and where it is originating.

    Most people don't have this problem; you had it under 2 operating systems;
    so presumably it is something peculiar to your environment INCLUDING
    (and possibly primarily) your ISP or any DNS server to which you are
    forwarding those Gov queries.




  3. #3
    BobW Guest

    Re: Name lookup problem, clear cache fixes?

    Thanks for your reply.

    It seems odd to me that it is always the gov sites as well.

    Is there someway to not have the local DNS cache anything from .gov?


    Thanks,
    Bob

    "Herb Martin" wrote:

    >
    > "BobW" <Osm3um@news.postalias> wrote in message
    > news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
    > >I am currently running Server 2008 with AD integrated DNS. There are not
    > >any
    > > forwarders defined. Note that I have seen the exact same issue with
    > > Server
    > > 2003. The firewall/proxy is ISA 2006.
    > >
    > > On occasion (once every coupel months) my users will be unable to go to
    > > *.*.*.gov. Typically it is only a couple of sites with the tdl of .gov.
    > > In
    > > order to eliminate the proxy, I run an nslookup from my workstation. The
    > > internal dns gives a "server failed" error (Unfortunately, I did not note
    > > the
    > > verbiage of the error.....) and the firewall shows a valid dns conenction
    > > to
    > > an external DNS.

    >
    > Well, next time record the error message and number exactly -- sometimes
    > it really helps.
    >
    > > In order to get it functioning I then have to go to the internal DNS and
    > > clear the cache. Immediately all is well again.
    > >
    > > Any thoughts/suggestions would be appreciated.

    >
    > I would want to know "what is in that cache" that is causing the problem
    > and where it is originating.
    >
    > Most people don't have this problem; you had it under 2 operating systems;
    > so presumably it is something peculiar to your environment INCLUDING
    > (and possibly primarily) your ISP or any DNS server to which you are
    > forwarding those Gov queries.
    >
    >
    >
    >


  4. #4
    Herb Martin Guest

    Re: Name lookup problem, clear cache fixes?


    "BobW" <Osm3um@news.postalias> wrote in message
    news:26CAF4E4-45D3-4FB3-9967-9020AABB2291@microsoft.com...
    > Thanks for your reply.
    >
    > It seems odd to me that it is always the gov sites as well.
    >
    > Is there someway to not have the local DNS cache anything from .gov?


    No practical way. (Unless you conditionally forwarded all those
    requests to some OTHER public DNS server which was willing
    to RECURSE for you -- such is ugly and very non-standard and
    probably rude if you left it that way from more than a test duration.)

    You could try using such a DNS instead -- or just investigate the
    problem with your current DNS (including ISP) servers.

    One difficulty is that you say there are MONTHS between problems.

    "On occasion (once every coupel months) "

    Intermittent and infrequent problems are among the most difficult to
    solve -- anytime you make a change you cannot tell if the change
    helped or not.

    > Thanks,
    > Bob
    >
    > "Herb Martin" wrote:
    >
    >>
    >> "BobW" <Osm3um@news.postalias> wrote in message
    >> news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
    >> >I am currently running Server 2008 with AD integrated DNS. There are
    >> >not
    >> >any
    >> > forwarders defined. Note that I have seen the exact same issue with
    >> > Server
    >> > 2003. The firewall/proxy is ISA 2006.
    >> >
    >> > On occasion (once every coupel months) my users will be unable to go to
    >> > *.*.*.gov. Typically it is only a couple of sites with the tdl of
    >> > .gov.
    >> > In
    >> > order to eliminate the proxy, I run an nslookup from my workstation.
    >> > The
    >> > internal dns gives a "server failed" error (Unfortunately, I did not
    >> > note
    >> > the
    >> > verbiage of the error.....) and the firewall shows a valid dns
    >> > conenction
    >> > to
    >> > an external DNS.

    >>
    >> Well, next time record the error message and number exactly -- sometimes
    >> it really helps.
    >>
    >> > In order to get it functioning I then have to go to the internal DNS
    >> > and
    >> > clear the cache. Immediately all is well again.
    >> >
    >> > Any thoughts/suggestions would be appreciated.

    >>
    >> I would want to know "what is in that cache" that is causing the problem
    >> and where it is originating.
    >>
    >> Most people don't have this problem; you had it under 2 operating
    >> systems;
    >> so presumably it is something peculiar to your environment INCLUDING
    >> (and possibly primarily) your ISP or any DNS server to which you are
    >> forwarding those Gov queries.
    >>
    >>
    >>
    >>




  5. #5
    David Shen [MSFT] Guest

    RE: Name lookup problem, clear cache fixes?

    Dear Customer,

    Thank you for posting in newsgroup. And thanks to Herb for the contribution.

    According to the description, the issue seems to be related to DNS.

    Before we move on to troubleshoot the issue, I would like to confirm some
    information with you.

    Information Needed:
    ======================

    1. Please try to ping the IP address of *.*.*.gov from the workstation to
    check the you can ping through IP address.

    2. Please check if there exists a Forward Lookup zone with the suffix of
    .gov on the internal DNS server. If possible, please take a screenshot of
    the DNS management console.

    3. Please check if the root hint is enabled on the internal DNS server.

    4. Please run nslookup on the workstation first, and then input "Set d2" in
    the command line, afterwards you may try to resolve the problematic
    *.*.*.gov to check if there is any error message. IF possible, please copy
    all the information when you run nslookup and save them into a txt file and
    then send to me.

    5. Also, please check on the ISA 2006 that the DNS traffic is allowed with
    the policy settings.

    Analysis and Suggestion:
    =====================

    For your concern, "Is there someway to not have the local DNS cache
    anything from .gov?"

    By default, DNS Server will cache negative response. When a DNS server
    receives a negative response, it caches response for the time of minimum
    TTL of the SOA record. By default, this value cannot be greater than 15
    minutes. When you query DNS server, you get a server failure, it caches a
    negative response. Mostly this occurs when a given (or cached) NS is no
    longer authoritative for the queried zone.

    We could configure lower negative response cache time to effectively
    disable negative cache behavior; however, we could not disable negative
    response cache only from .gov. Thank you for your understanding.

    1. Default Registry key for Windows 2000 DNS servers:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

    REG_DWORD key: NegativeCacheTime

    Default Value: 300 seconds (0x12c)

    2. Default Registry key for Windows 2003 DNS Servers:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

    REG_DWORD key: MaxNegativeCacheTtl

    Default Value: 900 seconds (0x384)

    Please note: To reduce the influence of this issue, you may adjust the
    corresponding registry value to disable negative response cache or set it
    to a lower value. However, please understand that this may affect DNS
    server performance a little.

    According to your description, since there are not any forwarders defined
    on the internal DNS server. By default, when the initial DNS query to the
    external domain such as *.*.*.gov, if there isn't a Forward Lookup Zone
    with a suffix name of .gov on the internal DNS server, the internal DNS
    server will referral the DNS query to the root hint on the Internet. Since
    the recursive and interactive DNS query from the Internet root hint is with
    low efficiency. I would like to suggest that you enable Forwarder and make
    the ISP DNS server as the forwarder of the internal DNS server.

    Here is some information, just for your reference:

    Configure forwarders for a DNS server
    http://technet2.microsoft.com/window...e-9313-4314-83
    cb-37ae556a4a3f1033.mspx?mfr=true

    DNS best practices
    http://technet2.microsoft.com/window...7-48dc-42cc-89
    86-c73db47398a21033.mspx?mfr=true

    You may send the screenshot and the error message to v-dashen@microsoft.com

    I look forward to your reply and thank you for your time.

    David Shen
    Microsoft Online Partner Support


  6. #6
    David Shen [MSFT] Guest

    RE: Name lookup problem, clear cache fixes?

    Dear Customer,

    How's everything going?

    I'm wondering if the suggestion has helped or if you have any further
    questions. Please feel free to respond to the newsgroups if I can assist
    further.

    David Shen
    Microsoft Online Partner Support


Similar Threads

  1. How to clear Nokia X2 cache
    By Kindle in forum Portable Devices
    Replies: 3
    Last Post: 09-04-2011, 01:34 PM
  2. How to clear DNS cache
    By Eber in forum Technology & Internet
    Replies: 5
    Last Post: 09-01-2010, 12:33 AM
  3. How to clear squid cache
    By Knopper in forum Operating Systems
    Replies: 3
    Last Post: 12-08-2009, 12:00 AM
  4. Clear printer cache
    By Sunena in forum Hardware Peripherals
    Replies: 4
    Last Post: 12-03-2009, 07:55 PM
  5. Cannot clear ARP cache
    By LaviN in forum Small Business Server
    Replies: 3
    Last Post: 12-02-2008, 02:29 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,632,858,701.92107 seconds with 16 queries