Strange DNS issues

[RMCTJ]

Windows 2003 AD network.
2 AD controlers
1 pix firewall

The 2 AD's have been functioning for the past 3 years. No design changes or anything in 3 years. Internal DNS works correctly. we'll call the servers DC-1 and DC-2. Both server are side by side on the same subnet and same domain.

The problem is with DC-2 and external resolution

DC-1 works flawlessly for internal and external DNS. It does not use forwarders, it uses root hints.

DC-2 until last week was functioning flawlessly as well. Now DC-2 can resolve internal dns queries correctly but has some strange behavior when resolving external. The first symptom was it was unable to surf the internet. I simply opened a command prompt and typed "ping cnn.com" where it successfully resolved the cnn.com IP address quickly. When using the NSlookup command, resolving cnn.com fails. It will not resolve ANY external queries

Things i have tried;
disable edns because of the pix firewall issue
flush dns
check all IP settings
compared the root hints to DC-01
checked thuroughly for viruses


As far as I can tell DC-2 is set up EXACTLY like DC-1. The only changes in the past week was a windows update which installed the last 11 MS server 2003 patches and an upgrade From Trend Micro SMB 2.0 to 3.0 (Just the client, this is not the TM SMB server)

How is the process of resolving DNS queries through pinging different through NSlookup?

Any advice would be appreciated

 

[WhoKilledKenny]

Aside from any patches that may cause a problem, which I have not run into. Check the Pix. Pinging an external web-site and doing an NSLOOKUP use two different ports. Could be that your pix is allowin ICMP for both DC1 and DC2, where as it is only allowing TCP/UDP 53 for DC1 and not DC2. From what you described, it doesn't sound like DC2's DNS is having issues as it can resolve internal Name to IP. It sounds like the firewall is not allowing traffic to pass.

 

[RMCTJ]

Now I dont think it is a DNS issue, i have some other strange things going on. Even when I try to telnet direct to an IP from that server to outside our network it wont connect. Also if i change the DNS from DC-2 to point to DC-1 it still cant surf the net. Traffic is getting blocked somewhere. I checked the PIX access and there is nothing restricting traffic, its very wide open as to what it allows outbound. Plus, no pix changed have been made in about 2 years and its been up and running for about 8 months straight.

This is our main file server and throughput is great. So I dont think it is a physical problem like a cable or NIC

I may be reaching here but I am wondering if it is a virus. In the taskmgr there is always a strange process running, which changes its name. Currently it is FL160C.EXE previously it was something like FQIT1.EXE. It changes names on its own. I kill it and it comes back a different process name. Our Trend Antivirus is up to date and is not detecting anything. Whenever I do a search for the current process name I can not find any information. 0 results, which leads me to believe it is a virus that constantly changes names at random.

 

[WhoKilledKenny]

Is the firewall extension (Part of the Windows 2003 OS) turned on DC-2. Check network setting to verify if the extension is enabled and configured to block the ports.

 

[RMCTJ]

Firewall is not turned on. This is driving me crazy!

 

[WhoKilledKenny]

You did mention patching, I know it sounds crazy, re-boot DC-2 again.

Also, make sure your anti-virus is not blocking the ports.