Advanced DNS Troubleshooting for Windows Server 2003
So you need to solve a DNS problem. The situation is that you have checked the basics and you still suspect that DNS is not working properly. Where next? That depends on your situation. Here are my favourite DNS tips.
Topics for Troubleshooting DNS
- Gather evidence by asking questions
- Tests that you can make on DNS
- Troubleshooting Methods
- Assemble your Toolkit
- (Basic DNS Troubleshooting)
‡
Gather evidence by asking questions
- Will ipconfig /flushdns magically cure the problem? Alternatively, restart the DNS service.
- Is there one DNS client affected or many clients.
- Can the very DNS server itself resolve addresses and queries?
- Beware that the cause is nothing to do with DNS. I once ripped out a perfectly good DNS configuration because I overlooked testing the physical network.
- A variation of this external cause theme is that a firewall could be blocking DNS ports 53.
- Do you have correct IP address in the resource records for the very server itself.
- Is the server Authoritative for the domain that you are querying?
- Remember to add PTR records in the reverse lookup zone.
- For Email delivery problems, are the MX records correct?
- Is the problem related to the internet? How are the Root Hints configured?
- If it’s a Web browsing problem, which sites are available.
- Delegation. If you have subzones has delegation given the correct permissions?
Tests that you can make on DNS
The scenario: when you attempt to cure a DNS problem by changing a setting, nothing seems to happen. At least nothing happens until you either restart the DNS service or close then re-open the DNS Snap-in.
So remember to make liberal use of Refresh and also right-click the server icon, All Tasks, Restart. Note there is also a Clear Cache setting, which is the equivalent of IPCONFIG /flushdns.
DNS Check list
DNS Server, properties Monitor (Tab). Test Simple and Recursive Queries. If the recursive query fails, check the Root Hints.
Match Host (A) record with PTR in Reverse Lookup Zone; failure could cause problems with internet resolution.
Are there any non-standard characters in any of your names? Be wary of underscores, and hostnames with only numbers.
Could unneeded CName records be masking or confusing Host (A) records? FTP and WWW CName aliases are fine, but for all other cases use CName sparingly.
MX records. It is good practice to create MX records to point to your own server.
Lame Delegations, check that all NS records point to servers that exist and are authoritative for that domain.
Replication problems
Increment the Serial Number to force replication. Navigate to the Forward Lookup Zone (not server icon), Domain name, Properties, SOA (Tab) serial number, Increment (Button).
If you are using Active Directory integrated zones, then you could force an instant replication by going to Active Directory Sites and Services, drill down through Default-first-name-site, servers, NTDS Settings, right-click and Replicate Now.
At the Domain properties, Check Zone transfer (Tab). Make sure the setting Allows Transfer.
Registering Records in DNS
Check DHCP. First, a basic check that your Type 006 Option is set to the correct DNS server. Next find the DNS (tab) in DHCP, investigate Dynamic DNS Settings.
Check client TCP/IP properties, Advanced, DNS, Register this connection’s address in DNS. This is the equivalent of IPCONFIG /registerdns
Problems with Active Directory.
Check that the _msdcs folder exists and is populated with lots of records. If not try restarting the Netlogon services. While I am not a great fan of rebooting in Windows 2003, on this occasion I would try a reboot to see if that causes the _msdcs to be populated.
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v12
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
Download your free trial of SolarWinds Network Performance Monitor.
Troubleshooting Methods
Ask: ‘what has changed recently?’
What were the last settings to change? Has any hardware changed? If so reverse engines, revert to how it was and see if that cures the problem. Pattern recognition is a vital troubleshooting skill. Look for patterns, spot what is out of the ordinary, such as resource records that is different, or aspelling misNake in a forwarder name.
The Event Log
Microsoft has provided a clue by situating a copy of the DNS Event log right underneath the server icon. So take advantage of this invitation to search for error messages and lookup the Event ID in TechNet. It may worth a quick look in the system event log, perhaps your DNS problem is a symptom of a bigger problem and not the underlying cause.
Can you reproduce the problem?
Can make the fault reoccur? If so write down any error messages and goto TechNet and experiment with different combinations of key words from theevent viewer or message box.
Phone a friend!
Ask for help. Which expert do you know, what is there email address, or better still their mobile number. When you are stuck, it’s time to call in favour.
I have noticed that people approach problem solving in two distinct ways. I’ll call the first method the ‘techie’ approach and the second the Henry Fordmethod. At this point I assume that you have been using the ‘techie’approach and sadly it has not worked for your problem; if so, then give theHenry Ford method a chance.
Legend has it Henry Ford knew little about car manufacturing but had a row of buttons, blue for an engine expert, red for electrical etc. So, now is the time to press your buttons. Contact the most likely people, explain the problem and appeal to their problem solving skills.
®