Eratic DNS issues on Win2k network.

[SimonDavis]

I'm probably asking a question here that can only be answered with an RTFM or similar, but here goes.

I am having a lot of transient errors on web browsing on our network. Users are often failing to connect to webpages, then 5 minutes later, everything is OK.

I have a Win2k network, connected to the net via a raptor firewall. We have a lease line with our ISP, with fixed IPs on the outside of the firewall / cisco router etc.

The internal network is a pretty conventional one, 10.0.0.0 scheme.

I have 5 servers, 2 of which have dns running.

I may have messed it all up though.

I have 2 dns addresses from my ISP, with the server names. I have entered both of these into the forward AND reverse lookup zone places in dns config, on both dns servers.

On each client, I have configured (mostly via DHCP, but some static) dns to use the two internal servers, then for good luck the ISP servers as well.

The non dns servers (static IPs) are the same.

Is there anything obviously wrong there? If that looks OK, maybe I need to have a look at the firewall, but that's another story.

Alternatively, if someone could point me to an idiots guide to dns, I'm quite happy to go back to square one and work through it from the beginning. It has to be a real idiots guide though, as I have tried a lot of guides, and at some point in all of them I lose the plot.

Thanks!

 

[GlenJohnson]

Don't bother pointing clients to isp dns. Only use the internal servers. Then, have the internal servers point to themselves first, then the isp as a secondary. My guess is the internal servers maybe causing the problem, but until you change to this config, we can't be sure. Just a thought.

Glen A. Johnson
If you like fun and sun, check out Tek-Tips Florida Forum
"Maybe this world is another planet's hell."
Aldous Huxley (1894-1963), English critic & novelist

 

[ShackDaddy]

The only place in DNS that you should put your ISP's DNS server info is into the Forwarders tab of your DNS server's properties (In DNS manager, right-click the server's name, choose properties and go to the Forwarders tab). It doesn't go in the forward-lookup zone file or in the reverse-lookup zone. I've never done what you describe, but I imagine it could make things screwy.

And like Glen says, just point your clients to your internal servers. If both internal servers are down, you've got worse problems to deal with than web browsing...

ShackDaddy

 

[joepc]

To confirm if it is related to your dns servers or not just make one of your pcs use your isp's DNS server for the day. You might also want to run ipconfig /flushdns on the server to clear it's cache.

 

[elgrandeperro]

Okay, the key is that in 5 minutes it is okay. I believe the cache timeout on the Windows resolver is about 10 minutes for each entry. So what is probably happening is your users are getting the external DNS entry, which doesn't work, and your are stuck for about 10 minutes, then getting the internal DNS entry which does work.

The easiest way to verify this is have them do a
ipconfig /displaydns
and see how they are resolving your web server.

and before they retry,

ipconfig /flushdns

to flush it, as stated before.

I believe you won't have to restart the browser, but I have been fooled by browsers before!
gene