When we do an nslookup on an external host, we often get a timeout 3 or 4 times before it finally resolves. We are using our child domain controllers for all our desktops DNS. The child DCs are forwarding to the root DCs. The root DCs have the root-hints on them, and are allowed by the firewall to go out port 53 for UDP and TCP. Any settings we need to tweak?
I did a couple lookups on carmax.com and they timed out, then they finally resolved. Our child DC is 10.4.223.32. This is part of a debug log on my root DC. Any ideas? 11:23:13 2334 PACKET UDP Rcv 10.4.223.32 0d2d Q [0001 D NOERROR] (6)carmax(3)com(0) 11:23:13 2334 PACKET UDP Snd 192.41.162.30 35c0 Q [0000 NOERROR] (6)carmax(3)com(0) 11:23:13 2334 PACKET UDP Rcv 192.41.162.30 35c0 R Q [0080 NOERROR] (6)carmax(3)com(0) 11:23:13 2334 PACKET UDP Snd 199.191.128.105 35c0 Q [0000 NOERROR] (6)carmax(3)com(0) 11:23:13 2334 PACKET UDP Rcv 199.191.128.105 35c0 R Q [0084 A NOERROR] (6)carmax(3)com(0) 11:23:13 2334 PACKET UDP Snd 10.4.223.32 0d2d R Q [8081 DR NOERROR] (6)carmax(3)com(0) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
