Advanced DNS Troubleshooting for Windows Server 2003

So you need to solve a DNS problem.  The situation is that you have checked the basics and you still suspect that DNS is not working properly.  Where next?  That depends on your situation.  Here are my favourite DNS tips.

Gather evidence by asking questions

  1. Will ipconfig /flushdns magically cure the problem?  Alternatively, restart the DNS service.
  2. Is there one DNS client affected or many clients.
  3. Can the very DNS server itself resolve addresses and queries?
  4. Beware that the cause is nothing to do with DNS.  I once ripped out a perfectly good DNS configuration because I overlooked testing the physical network.
  5. A variation of this external cause theme is that a firewall could be blocking DNS ports 53.
  6. Do you have correct IP address in the resource records for the very server itself.
  7. Is the server Authoritative for the domain that you are querying?
  8. Remember to add PTR records in the reverse lookup zone.
  9. For Email delivery problems, are the MX records correct?
  10. Is the problem related to the internet? How are the Root Hints configured?
  11. If it's a Web browsing problem, which sites are available.
  12. Delegation.  If you have subzones has delegation given the correct permissions?

 

Tests that you can make on DNS

 

The scenario: when you attempt to cure a DNS problem by changing a setting, nothing seems to happen.  At least nothing happens until you either restart the DNS service or close then re-open the DNS Snap-in.

So remember to make liberal use of Refresh and also right click the server icon, All Tasks, Restart.  Note there is also a Clear Cache setting, which is the equivalent of IPCONFIG /flushdns.

DNS Check list

 

DNS Server, properties Monitor (Tab).  Test Simple and Recursive Queries.  If the recursive query fails, check the Root Hints.

Match Host (A) record with PTR in Reverse Lookup Zone; failure could cause problems with internet resolution.

Are there any non-standard characters in any of your names?  Be wary of underscores, and hostnames with only numbers.

Could unneeded CName records be masking or confusing Host (A) records?  FTP and WWW CName aliases are fine, but for all other cases use CName sparingly.

MX records.  It is good practice to create MX records to point to your own server.

Lame Delegations, check that all NS records point to servers that exist and are authoritative for that domain.

Replication problems

Increment the Serial Number to force replication.  Navigate to the Forward Lookup Zone (not server icon), Domain name, Properties, SOA (Tab) serial number, Increment (Button).

If you are using Active Directory integrated zones, then you could force an instant replication by going to Active Directory Sites and Services, drill down through Default-first-name-site, servers, NTDS Settings, right click and Replicate Now.

At the Domain properties, Check Zone transfer (Tab).  Make sure the setting Allows Transfer.

Registering Records in DNS

Check DHCP.  First, a basic check that your Type 006 Option is set to the correct DNS server.  Next find the DNS (tab) in DHCP, investigate Dynamic DNS Settings.

Check client TCP/IP properties, Advanced, DNS, Register this connection's address in DNS.  This is the equivalent of IPCONFIG /registerdns

Problems with Active Directory.

Check that the _msdcs folder exists and is populated with lots of records.  If not try restarting the Netlogon services.  While I am not a great fan of rebooting in Windows 2003, on this occasion I would try a reboot to see if that causes the _msdcs to be populated.

Monitor Your Network with the Real-time Traffic Analyzer

 

The main reason to monitor your network is to check at a glance which of your servers are available.  If there is a network problem you want an interface to show the scope of the problem immediately.

Even when all servers and routers are available, sooner or later you will be curious to know who, or what, is hogging the precious network's bandwidth.  A GUI showing the top 10 users makes interesting reading.

Another reason to monitor network traffic is to learn more about your server's response times and the consumption of resources.  To take the pain out of capturing frames and analysing the raw data, Guy recommends that you download a copy of the SolarWinds.

Troubleshooting Methods

 

Ask: 'what has changed recently?'

What were the last settings to change?  Has any hardware changed?  If so reverse engines, revert to how it was and see if that cures the problem.  Pattern recognition is a vital troubleshooting skill.  Look for patterns, spot what is out of the ordinary, such as resource records that is different, or a spelling misNake in a forwarder name.

The Event Log

Microsoft have provided a clue by situating a copy of the DNS Event log right underneath the server icon.  So take advantage of this invitation to search for error messages and lookup the Event ID in TechNet.  It may worth a quick look in the system event log, perhaps your DNS problem is a symptom of a bigger problem and not the underlying cause.

Can you reproduce the problem?

Can make the fault reoccur?  If so write down any error messages and go to TechNet and experiment with different combinations of key words from the event viewer or message box.

Phone a friend! 

Ask for help.  Which expert do you know, what is there email address, or better still their mobile number.  When you are stuck, it's time to call in favour.

I have noticed that people approach problem solving in two distinct ways.  I'll call the first method the 'techie' approach and the second the Henry Ford method.  At this point I assume that you have been using the 'techie' approach and sadly it has not worked for your problem; if so, then give the Henry Ford method a chance. 

Legend has it Henry Ford knew little about car manufacturing but had a row of buttons, blue for an engine expert, red for electrical etc.  So, now is the time to press your buttons.  Contact the most likely people, explain the problem and appeal to their problem solving skills.

Assemble the Toolkit

 

Command Prompt

  1. IPCONFIG /flushdns /registerdns /displaydns

  1. PING

  1. TraceRt (Trace route)

  1. Route Print

  1. NSLookup

  1. DNSLint

  1. DNSCmd

  1. NetDiag and DCDiag

DNS Server Icon

  1. Monitoring (Tab)

  1. Root Hints (Tab) - Do you need them?

  1. Event Viewer - DNS log

  1. Debugging Logging (Tab)

Guy Recommends: SolarWinds Engineer's Toolset v10

 

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.  Guy says it helps me monitor what's occurring on the network, and the tools teach me more about how the system itself operates.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools. 

Summary of Troubleshooting DNS

 

The secret of troubleshooting DNS is to follow a structured plan. Play the detective and ask questions. Write down changes that you have made.  Make it a habit to collect a wide variety of utilities from Ping to DNSLint.