Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Name lookup problem, clear cache fixes?

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 21-05-2008
BobW
 
Posts: n/a
Name lookup problem, clear cache fixes?

I am currently running Server 2008 with AD integrated DNS. There are not any
forwarders defined. Note that I have seen the exact same issue with Server
2003. The firewall/proxy is ISA 2006.

On occasion (once every coupel months) my users will be unable to go to
*.*.*.gov. Typically it is only a couple of sites with the tdl of .gov. In
order to eliminate the proxy, I run an nslookup from my workstation. The
internal dns gives a "server failed" error (Unfortunately, I did not note the
verbiage of the error.....) and the firewall shows a valid dns conenction to
an external DNS.

In order to get it functioning I then have to go to the internal DNS and
clear the cache. Immediately all is well again.

Any thoughts/suggestions would be appreciated.
Bob



Reply With Quote
  #2  
Old 21-05-2008
Herb Martin
 
Posts: n/a
Re: Name lookup problem, clear cache fixes?


"BobW" <Osm3um@news.postalias> wrote in message
news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
>I am currently running Server 2008 with AD integrated DNS. There are not
>any
> forwarders defined. Note that I have seen the exact same issue with
> Server
> 2003. The firewall/proxy is ISA 2006.
>
> On occasion (once every coupel months) my users will be unable to go to
> *.*.*.gov. Typically it is only a couple of sites with the tdl of .gov.
> In
> order to eliminate the proxy, I run an nslookup from my workstation. The
> internal dns gives a "server failed" error (Unfortunately, I did not note
> the
> verbiage of the error.....) and the firewall shows a valid dns conenction
> to
> an external DNS.


Well, next time record the error message and number exactly -- sometimes
it really helps.

> In order to get it functioning I then have to go to the internal DNS and
> clear the cache. Immediately all is well again.
>
> Any thoughts/suggestions would be appreciated.


I would want to know "what is in that cache" that is causing the problem
and where it is originating.

Most people don't have this problem; you had it under 2 operating systems;
so presumably it is something peculiar to your environment INCLUDING
(and possibly primarily) your ISP or any DNS server to which you are
forwarding those Gov queries.



Reply With Quote
  #3  
Old 22-05-2008
BobW
 
Posts: n/a
Re: Name lookup problem, clear cache fixes?

Thanks for your reply.

It seems odd to me that it is always the gov sites as well.

Is there someway to not have the local DNS cache anything from .gov?


Thanks,
Bob

"Herb Martin" wrote:

>
> "BobW" <Osm3um@news.postalias> wrote in message
> news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
> >I am currently running Server 2008 with AD integrated DNS. There are not
> >any
> > forwarders defined. Note that I have seen the exact same issue with
> > Server
> > 2003. The firewall/proxy is ISA 2006.
> >
> > On occasion (once every coupel months) my users will be unable to go to
> > *.*.*.gov. Typically it is only a couple of sites with the tdl of .gov.
> > In
> > order to eliminate the proxy, I run an nslookup from my workstation. The
> > internal dns gives a "server failed" error (Unfortunately, I did not note
> > the
> > verbiage of the error.....) and the firewall shows a valid dns conenction
> > to
> > an external DNS.

>
> Well, next time record the error message and number exactly -- sometimes
> it really helps.
>
> > In order to get it functioning I then have to go to the internal DNS and
> > clear the cache. Immediately all is well again.
> >
> > Any thoughts/suggestions would be appreciated.

>
> I would want to know "what is in that cache" that is causing the problem
> and where it is originating.
>
> Most people don't have this problem; you had it under 2 operating systems;
> so presumably it is something peculiar to your environment INCLUDING
> (and possibly primarily) your ISP or any DNS server to which you are
> forwarding those Gov queries.
>
>
>
>

Reply With Quote
  #4  
Old 22-05-2008
Herb Martin
 
Posts: n/a
Re: Name lookup problem, clear cache fixes?


"BobW" <Osm3um@news.postalias> wrote in message
news:26CAF4E4-45D3-4FB3-9967-9020AABB2291@microsoft.com...
> Thanks for your reply.
>
> It seems odd to me that it is always the gov sites as well.
>
> Is there someway to not have the local DNS cache anything from .gov?


No practical way. (Unless you conditionally forwarded all those
requests to some OTHER public DNS server which was willing
to RECURSE for you -- such is ugly and very non-standard and
probably rude if you left it that way from more than a test duration.)

You could try using such a DNS instead -- or just investigate the
problem with your current DNS (including ISP) servers.

One difficulty is that you say there are MONTHS between problems.

"On occasion (once every coupel months) "

Intermittent and infrequent problems are among the most difficult to
solve -- anytime you make a change you cannot tell if the change
helped or not.

> Thanks,
> Bob
>
> "Herb Martin" wrote:
>
>>
>> "BobW" <Osm3um@news.postalias> wrote in message
>> news:BE52BDD2-DE6E-4958-9B7D-CD57B9E2C893@microsoft.com...
>> >I am currently running Server 2008 with AD integrated DNS. There are
>> >not
>> >any
>> > forwarders defined. Note that I have seen the exact same issue with
>> > Server
>> > 2003. The firewall/proxy is ISA 2006.
>> >
>> > On occasion (once every coupel months) my users will be unable to go to
>> > *.*.*.gov. Typically it is only a couple of sites with the tdl of
>> > .gov.
>> > In
>> > order to eliminate the proxy, I run an nslookup from my workstation.
>> > The
>> > internal dns gives a "server failed" error (Unfortunately, I did not
>> > note
>> > the
>> > verbiage of the error.....) and the firewall shows a valid dns
>> > conenction
>> > to
>> > an external DNS.

>>
>> Well, next time record the error message and number exactly -- sometimes
>> it really helps.
>>
>> > In order to get it functioning I then have to go to the internal DNS
>> > and
>> > clear the cache. Immediately all is well again.
>> >
>> > Any thoughts/suggestions would be appreciated.

>>
>> I would want to know "what is in that cache" that is causing the problem
>> and where it is originating.
>>
>> Most people don't have this problem; you had it under 2 operating
>> systems;
>> so presumably it is something peculiar to your environment INCLUDING
>> (and possibly primarily) your ISP or any DNS server to which you are
>> forwarding those Gov queries.
>>
>>
>>
>>



Reply With Quote
  #5  
Old 22-05-2008
David Shen [MSFT]
 
Posts: n/a
RE: Name lookup problem, clear cache fixes?

Dear Customer,

Thank you for posting in newsgroup. And thanks to Herb for the contribution.

According to the description, the issue seems to be related to DNS.

Before we move on to troubleshoot the issue, I would like to confirm some
information with you.

Information Needed:
======================

1. Please try to ping the IP address of *.*.*.gov from the workstation to
check the you can ping through IP address.

2. Please check if there exists a Forward Lookup zone with the suffix of
.gov on the internal DNS server. If possible, please take a screenshot of
the DNS management console.

3. Please check if the root hint is enabled on the internal DNS server.

4. Please run nslookup on the workstation first, and then input "Set d2" in
the command line, afterwards you may try to resolve the problematic
*.*.*.gov to check if there is any error message. IF possible, please copy
all the information when you run nslookup and save them into a txt file and
then send to me.

5. Also, please check on the ISA 2006 that the DNS traffic is allowed with
the policy settings.

Analysis and Suggestion:
=====================

For your concern, "Is there someway to not have the local DNS cache
anything from .gov?"

By default, DNS Server will cache negative response. When a DNS server
receives a negative response, it caches response for the time of minimum
TTL of the SOA record. By default, this value cannot be greater than 15
minutes. When you query DNS server, you get a server failure, it caches a
negative response. Mostly this occurs when a given (or cached) NS is no
longer authoritative for the queried zone.

We could configure lower negative response cache time to effectively
disable negative cache behavior; however, we could not disable negative
response cache only from .gov. Thank you for your understanding.

1. Default Registry key for Windows 2000 DNS servers:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

REG_DWORD key: NegativeCacheTime

Default Value: 300 seconds (0x12c)

2. Default Registry key for Windows 2003 DNS Servers:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters

REG_DWORD key: MaxNegativeCacheTtl

Default Value: 900 seconds (0x384)

Please note: To reduce the influence of this issue, you may adjust the
corresponding registry value to disable negative response cache or set it
to a lower value. However, please understand that this may affect DNS
server performance a little.

According to your description, since there are not any forwarders defined
on the internal DNS server. By default, when the initial DNS query to the
external domain such as *.*.*.gov, if there isn't a Forward Lookup Zone
with a suffix name of .gov on the internal DNS server, the internal DNS
server will referral the DNS query to the root hint on the Internet. Since
the recursive and interactive DNS query from the Internet root hint is with
low efficiency. I would like to suggest that you enable Forwarder and make
the ISP DNS server as the forwarder of the internal DNS server.

Here is some information, just for your reference:

Configure forwarders for a DNS server
http://technet2.microsoft.com/window...e-9313-4314-83
cb-37ae556a4a3f1033.mspx?mfr=true

DNS best practices
http://technet2.microsoft.com/window...7-48dc-42cc-89
86-c73db47398a21033.mspx?mfr=true

You may send the screenshot and the error message to v-dashen@microsoft.com

I look forward to your reply and thank you for your time.

David Shen
Microsoft Online Partner Support

Reply With Quote
  #6  
Old 26-05-2008
David Shen [MSFT]
 
Posts: n/a
RE: Name lookup problem, clear cache fixes?

Dear Customer,

How's everything going?

I'm wondering if the suggestion has helped or if you have any further
questions. Please feel free to respond to the newsgroups if I can assist
further.

David Shen
Microsoft Online Partner Support

Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Name lookup problem, clear cache fixes?"
Thread Thread Starter Forum Replies Last Post
How to clear Nokia X2 cache Kindle Portable Devices 3 09-04-2011 02:04 PM
How to clear DNS cache Eber Technology & Internet 5 09-01-2010 01:03 AM
How to clear squid cache Knopper Operating Systems 3 12-08-2009 12:30 AM
Clear printer cache Sunena Hardware Peripherals 4 12-03-2009 08:25 PM
Cannot clear ARP cache LaviN Small Business Server 3 12-02-2008 02:59 PM


All times are GMT +5.5. The time now is 04:57 AM.