SBS2011 Standard DNS suddenly not resolving some domains
Using nslookup with set debug,
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\bob>nslookup
Default Server: SBS2011.example.com
Address: xx.xx.xx.xx
> set debug
> www.google.com
Server: SBS2011.example.com
Address: xx.xx.xx.xx
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
[snip loads of output]
------------
Name: www.l.google.com
Addresses: 173.194.35.176
173.194.35.177
173.194.35.178
173.194.35.180
173.194.35.179
Aliases: www.google.com
It should show you the full trace of how your DNS server gets to the answer it gets to. You can also use set d2 to get even more debugging output from nslookup. You could run this from your client, and you could also run it from the SBS server to query it's DNS servers.
Related videos on Youtube
09 : 21
05 : 11
06 : 11
04 : 15
02 : 53
Matt
Updated on September 18, 2022Comments
-
Matt almost 2 years
Suddenly today I am unable to resolve common domains like serverfault.com, facebook.com; but other domains like google.com, cnn.com work fine.
This is on a client machine (Win7 Pro) connected to an SBS2011 Standard domain. The only DNS server is the SBS2011 server.
The same domains work fine on all client PCs I have tried, and the same ones do not work. Using nslookup, I get 'no such domain' errors for facebook.com, and the correct DNS entries for the ones that do work.
When I add Google's Public DNS to my client PC as a backup (primary = local SBS server, secondary = 8.8.8.8), everything works fine for my client PC, but querying from the SBS server directly or from other client PCs are broken (so I don't believe it's a firewall issue).
My main question is how can I see what servers the SBS2011 server queries if it doesn't know about a domain? There is nothing in our firewall logs that say it blocked any DNS-based packets, but I also wanted to query based on the IP/FQDN on the servers that the SBS server was likely to contact to find out about facebook.com for example.
Update 23/05/2012: It appears DNS is working again this morning for the affected websites. Both the DC on its own and all client PCs can once again access the websites that were not loading last night, as well as the websites that were working.
I haven't changed anything overnight, so it appears that there was some kind of temporary glitch, but I can't understand what would have caused it on the network.
-
Matt about 12 yearsThere are no forwarders under Admin Tools > DNS > right-click server > Properties > Forwarders tab, and the 'Use root hints' option is disabled but checked. The Root Hints tab in the same Properties specifies all the root-servers.net servers (a.root-servers.net. through to m.root-servers.net.)
-
Matt about 12 yearsThanks for this - useful to know for future, although the problem appears to have resolved itself all by itself for now.