Intermittent DNS failure

domain-name-system windows-server-2008-r2 nslookup

5,698

Solution 1

I should’ve realized this way before. It wasn’t a DNS problem, but instead all TCP connections stopped working at some point. UDP, however, was still working completely fine. That’s why nslookup would only fail with the “-vc” option enabled. The problem was ephemeral port exhaustion. The server hosts Citrix and was upgraded form a 2003 installation. Back in Server 2003, the maximum amount of ephemeral TCP hosts was set in the registry using “MaxUserPort” – which was the case on our server. In 2008, however, that range needs to be set using netsh. I’ve expanded the range of available TCP slots and shortened their lifetime using “TcpTimedWaitDelay” and we haven't had any issues since.

Solution 2

We have had an issue with this recently as well after we patched our servers this weekend. We had one of our Exchange 2010 servers running Windows 2008 R2 lose DNS resolution capability entirely, even with redundant DNS servers configured. All other IP & protocol connectivity to and from the server was fine.

Restarting the DNS Client service did not resolve the issue.

We had 2 additional NIC's on the server and once we added a DNS server to #2, DNS resolution began to work. The DNS servers are local and WAN connected Windows 2003 R2 domain controllers.

This is obviously not a permanent fix, but it worked.

Did you find that a reboot fixed it, but only temporarily?

5,698

Pascal Kesseli

Updated on September 18, 2022

Comments

Pascal Kesseli almost 2 years
Currently, I am struggling with a problem causing one of our servers to lose its DNS access in irregular time intervals. The symptoms are that, for some minutes, any call to nslookup fails with error messages such as this one:
```
   C:\> nslookup –vc dc.domain.loc
   Server:  UnKnown
   Address: 192.168.12.11
   *** dc.domain.loc wurde von UnKnown nicht gefunden: Unspecified error.
```
However, nslookup seems to work properly without the "virtual channel" option:
```
   C:\> nslookup dc.domain.loc
   Server:  dc.domain.loc
   Address:  192.168.12.11

   Name:    dc.domain.loc
   Address:  192.168.12.11
```
After some minutes in this state, the server seems to recover and calls to nslookup work with the "-vc" option as well again.

Any ideas where this problem could be rooted?

Thanks for any suggestions and best regards

Pascal
- MichelZ almost 12 years
  
  Is the network gone, too? Or is it really just DNS? any firewall which might block temporarily?
- Pascal Kesseli almost 12 years
  
  It's just DNS. In that state, I am perfectly able to connect via UNC to the DNS server and copy large files between the two. They're located on the same switch, so no firewall should interfere there.