MS Update Breaks External DNS again

Discussion in 'DNS Server' started by Allen Harkleroad, Mar 11, 2009.

  1. Windows Server 2003 - The most recent DNS patch and the previous DNS patch
    completely breaks my to external (Internet) DNS Servers. Once I remove the
    DNS patch (uninstall) and reboot I can again grab root hints and resolve
    Internet addresses.

    When I applied the DNS server update everything starts normally, however
    doing a nslookup for a internet address I get a timeout error. THe DNS
    services are running and I can query the local DNS entries.

    Does anyone have any ideas on how I can successfully up DNS and not have
    external resolving issues?

    I am near the point of using something other than Microsoft DNS.

    Each time I reboot the two DNS servers, I must go into each DNS and manually
    grab root hints and restart the DNS Service to be able to resolve external
    Internet addresses. This particular issue has been ongoing since I first
    installed Windows Server 2003 on the servers several years ago.

    If possible please reply via email as well as on post here ( email allen
    _ mvp @ msn . com )

    Thanks,
    Allen Harkleroad
     
    Allen Harkleroad, Mar 11, 2009
    #1
    1. Advertisements

  2. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    Sounds for me that you have a general DNS problem, not only patch related.
    We use all patches and it works fine. For starting please post an unedited
    ipconfig /all from the DNS servers.

    Are the DNS servers also Domain controllers? If yes, do you use AD integrated
    zones?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #2
    1. Advertisements

  3. Tahnks for replying. Neither are domain controllers nor do they have AD on
    them. They are our authoritative (ns. and nn2. internet servers that also
    act as our internal resolving DNS), the also provide DNS for our external
    internet mail server to resolve DNS). Note these are web servers/DNS servers
    combined. Once also hs th email server runinng on it. Both are Dell 4600's
    with 12gb of ram, dual Xeon, all RAID mirrored Ultra 320 drives. All other
    patches we have put on these WIndows 2003 server installations have been
    fine except the two DNS update patches. Other than this DNS quirkiness the
    servers run like champs without any problems.

    I appreciate your taking the time to work through this. I sincerely hope it
    is a simple misconfiguration. If you need anything else let me know.

    Allen

    ns2.gmpservices.com ipconfig /all

    C:\Documents and Settings\allen>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : ns2
    Primary Dns Suffix . . . . . . . : gmpservices.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : gmpservices.com

    Ethernet adapter Local Area Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
    Physical Address. . . . . . . . . : 00-B0-D0-FC-D5-E3

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-B0-D0-FC-D5-E4
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 74.43.135.11
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.10
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.9
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.8
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.7
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.6
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.5
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.4
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.3
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.2
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.135.1
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.253
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.252
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.251
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.250
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.249
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.240
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.233
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.232
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.225
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.224
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.223
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.222
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.221
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.220
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.209
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.208
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.207
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.206
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.205
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.133.204
    [trunacated due to the large number of IP's assigned to the interface]
    Default Gateway . . . . . . . . . : 74.43.132.1
    DNS Servers . . . . . . . . . . . : 74.43.132.10
    74.43.133.10



    ns.gmpservices.com ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : ns
    Primary Dns Suffix . . . . . . . : gmpservices.com
    Node Type . . . . . . . . . . . . : Unknown
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : gmpservices.com

    Ethernet adapter WWWtoRouter:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-0B-DB-AD-6F-85
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 74.43.132.253
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.252
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.245
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.243
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.242
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.234
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.233
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.232
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.231
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.230
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.227
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.224
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.220
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.219
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.218
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.217
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.216
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.213
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.212
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.209
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.208
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.203
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.202
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.201
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.200
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.195
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.189
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.187
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.186
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.185
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.184
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.183
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.182
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.181
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.162
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.158
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.157
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.156
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.155
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.154
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.153
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.152
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.151
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.150
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.149
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.148
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.141
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.130
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.129
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.128
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.127
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.126
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.125
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.122
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.117
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.115
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.114
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.113
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.111
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.110
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.104
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.100
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.99
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.98
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.97
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.95
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.91
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.90
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.89
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.88
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.87
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.85
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.84
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.82
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.80
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.79
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.78
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.77
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.76
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.75
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.69
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.68
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.67
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.65
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.63
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.62
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.61
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.57
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.56
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.55
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.52
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.51
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.50
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.49
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.48
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.47
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.46
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.45
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.44
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.43
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.42
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.38
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.37
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.36
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.35
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.34
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.33
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.32
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.30
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.29
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.28
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.27
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.26
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.25
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.23
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.22
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.21
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.20
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.18
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.17
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.16
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.15
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.14
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.13
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.12
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.11
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.9
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.8
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.7
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    IP Address. . . . . . . . . . . . : 74.43.132.10
    Subnet Mask . . . . . . . . . . . : 255.255.252.0
    Default Gateway . . . . . . . . . : 74.43.132.1
    DNS Servers . . . . . . . . . . . : 74.43.132.10
    74.43.133.10
    NetBIOS over Tcpip. . . . . . . . : Disabled

    Ethernet adapter backup NIC:

    Media State . . . . . . . . . . . : Media disconnected
    Description . . . . . . . . . . . : Intel(R) PRO/100 Network Connection
    Physical Address. . . . . . . . . : 00-0B-DB-AD-6F-84
     
    Allen Harkleroad, Mar 11, 2009
    #3
  4. I've often wonder if have a 127.x.x.x reverse zone could
    cause problems. I am a bit wary of removing it because of unforseen issues.
    We only use Class C IP's (74.43.13x.x) on the server so I don't think the
    127 zone should be in there.
     
    Allen Harkleroad, Mar 11, 2009
    #4
  5. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    127.in-addr.arpa is automatic created during install, also with 0.in-add.arpa
    and 255.in-addr.arpa so they shouldn't be an issue.

    May i ask why you have your domain in public ip range and assigned also that
    much ip addresses to the NIC?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #5
  6. These are web servers / DNS Servers each website is assigned it's own IP in
    IIS. the web/dns machines are ns.gmpservices.com and ns2.gmpservices.com

    We have 262 forward lookup zones on each machine (identical zones on both).

    We use them for hosting primarily and thus must have public IP ranges.

    Allen
     
    Allen Harkleroad, Mar 11, 2009
    #6
  7. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    You said you have to manualy update the root hints after each reboot?

    Can you check if Cache.dns, stored in the systemroot\System32\Dns folder
    on the server exists and contains the NS and A resource records for the Internet
    root servers?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #7
  8. Hi,
    Yes I have to force root hint updates on both servers manuall ( i use
    4.2.2.2 to pull the hints), the cache.dns does have the FQDN and IP for all
    of the root servers.

    This is what is in both of my DNS servers cache.dns files.



    ;
    ; Root Name Server Hints File:
    ;
    ; These entries enable the DNS server to locate the root name servers
    ; (the DNS servers authoritative for the root zone).
    ; For historical reasons this is known often referred to as the
    ; "Cache File"
    ;

    @ NS a.root-servers.net.
    a.root-servers.net A 198.41.0.4
    @ NS b.root-servers.net.
    b.root-servers.net A 128.9.0.107
    b.root-servers.net A 192.228.79.201
    @ NS c.root-servers.net.
    c.root-servers.net A 192.33.4.12
    @ NS d.root-servers.net.
    d.root-servers.net A 128.8.10.90
    @ NS e.root-servers.net.
    e.root-servers.net A 192.203.230.10
    @ NS f.root-servers.net.
    f.root-servers.net A 192.5.5.241
    @ NS g.root-servers.net.
    g.root-servers.net A 192.112.36.4
    @ NS h.root-servers.net.
    h.root-servers.net A 128.63.2.53
    @ NS i.root-servers.net.
    i.root-servers.net A 192.36.148.17
    @ NS j.root-servers.net.
    j.root-servers.net A 192.58.128.30
    @ NS k.root-servers.net.
    k.root-servers.net A 193.0.14.129
    @ NS l.root-servers.net.
    l.root-servers.net A 198.32.64.12
    l.root-servers.net A 199.7.83.42
    @ NS m.root-servers.net.
    m.root-servers.net A 202.12.27.33
     
    Allen Harkleroad, Mar 11, 2009
    #8
  9. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    Do you use a Forwarder to 4.2.2.2 or pull them really manual?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #9
  10. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    Under the server properties advanced tab what options are enabled?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #10
  11. I don't use any forwarders (stand alone DNS) and use the copy root hints in
    hte DNS management to do it.

    Allen
     
    Allen Harkleroad, Mar 11, 2009
    #11
  12. I have the following enabled

    BIND secondaries
    ENable Round RObin
    Enable Netmask Ordering
    Secure Cache against Pollution

    name checking: Multibyte (UTF8) Load zone data on startup: From Active
    Directory and registry (snce AD isn't enabled it pulls from the registry

    Nothing else is enabled or checked.

    Allen
     
    Allen Harkleroad, Mar 11, 2009
    #12
  13. Hello Allen Harkleroad" allen _ mvp at msn dot com,

    What i can not understand, that you always have to copy the root hints again
    after reboot. The server is full patched except the updates you talk about?

    Is the cache.dns empty when stopping dns server service?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #13
  14. It's been driving me crazy for a *while*, the only two patches that aren't
    on DNS are the last two.

    I don't think the cache is clearing when stopped and started, I can check if
    you like.

    I only have to do the root hints are boot up time, if I stop and start (or
    restart) DNS the hints remain intact.

    Allen
     
    Allen Harkleroad, Mar 11, 2009
    #14

  15. Allen, since you are using these servers to host Public zones for many
    domains, Root Hints should be disabled and recursion should also be disabled
    (Advanced tab). The only names this server should resolve are for the zones
    it actually hosts in it zones.
    See: http://member.dnsstuff.com/info/opendns.php

    "FAIL Open DNS servers ERROR: One or more of your nameservers reports that
    it is an open DNS server. This usually means that anyone in the world can
    query it for domains it is not authoritative for (it is possible that the
    DNS server advertises that it does recursive lookups when it does not, but
    that shouldn't happen). This can cause an excessive load on your DNS server.
    Also, it is strongly discouraged to have a DNS server be both authoritative
    for your domain and be recursive (even if it is not open), due to the
    potential for cache poisoning (with no recursion, there is no cache, and it
    is impossible to poison it). Also, the bad guys could use your DNS server as
    part of an attack, by forging their IP address. Problem record(s) are:

    Server 74.43.132.10 reports that it will do recursive lookups. [test] Server
    74.43.133.10 reports that it will do recursive lookups. [test] See this page
    for info on closing open DNS servers."

    --
    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht [MVP], Mar 11, 2009
    #15
  16. Hi Kevin,
    We also use the DNS servers for mail server and our internal network DNS, as
    well as clients wanting to use the DNS so we must be able to resolve. We
    have Router ACL's that prevent IP spoofing of our assigned addresses, they
    reject incoming that attempt to use an IP in our ranges.

    Allen


     
    Allen Harkleroad, Mar 11, 2009
    #16
  17. If you have the firewall blocking access to the servers, how are you
    allowing access to them for the zones it has on them?

    Or am I misunderstanding you in thinking you are using them for Publically
    available Authoritative DNS servers?

    --
    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps

    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht [MVP], Mar 11, 2009
    #17
  18. No not a firewall, we have Cisco router ACL's that prevent spoofing of our
    IP address space.

    our two DNS server are authoritative for the domains we host (about 262),
    these DNS server also recolve for our mail server and our corporate LAN.

    My problem isn't connectivity, it is that when I apply the last two DNS
    patches from WIndows UP I can no longer resolve external Internet address,
    thus my mail server doesn't work nor does resolving address when browsing
    from our private LAN.
     
    Allen Harkleroad, Mar 11, 2009
    #18
  19. Hi Allen,

    I'm assuming you are saying these two DNS servers are not DCs and do not
    host the AD zone for the internal corporate network, and are used to host
    public records, which you are also using them as forwarders from the
    internal AD/DNS servers.

    I'm not sure what you mean about the Cisco ACLs preventing spoofing.
    However, I'm also assuming you mean it blocks requests that appear to be
    coming from external requests spoofing the source address as an internal IP,
    then that is a standard config to stop this sort of attack by many routers,
    but it wouldn't apply to this issue. One issue with a Cisco firewall (no
    matter which version), is the DNS fixup command being required with a
    Windows 2003 or newer DNS that resolves external queries. Did you set the
    DNS fixup command on the Cisco box in order for it to allow EDNS0 traffic
    (UDP DNS packets upto 1280 bytes instead of 512 bytes)?

    To test EDNS0:
    nslookup
    what do you get?

    If nothing, try this:
    nslookup
    The set vc switch tells it to use TCP instead of UDP. If it works with the
    vc switch, and not without it, then it is an EDNS0 block. I provided
    hotmail.com as an example because it's response is definitely greater than
    512 bytes. You can also not set it to 'mx' and leave it default when you
    invoke nslookup, and then try aol.com, microsoft.com, yahoo.com, as some
    examples with large responses.

    Which DNS patches are you referring to? Are you referring to MS08-037? If
    not, do you have the KB or MS08-xxx or MS09-xxx numbers?

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer


    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [Microsoft Certified Trainer], Mar 17, 2009
    #19
  20. Hi Ace,
    The DNS servers are not DC's and do not host AD (not installed), they are
    web servers/DNS servers used on our hosting network and we use them
    internally for DNS resolving (no AD in our network)

    I'll check the routers (Cisco 2600 series) for the DNS fixup (I am assuming
    Cisco IOS 10.x supports it). It may very well be this is the issue. I will
    report back shortly.

    Allen
     
    Allen Harkleroad, Mar 17, 2009
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.