Thx, none of those fail. While we cannot do a query to mail.google.com we can resolve any internal DNS without issue. My original thoughts was that even though the registry is there its still sending out EDNS requests, because its only specific sites and nothing else does a page cannot be displayed. The problem is that within 10 secs resolutions work again which is usually why a F5 refresh pulls the page immediately. So its stinking hard to wait around for 15 to 30 mins clicking and getting 10 secs to do a bunch of queries and then it works again..
Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Richard Stovall [mailto:[email protected]] Sent: Monday, November 28, 2011 10:25 AM To: NT System Admin Issues Subject: Re: 2008 R2 DNS strangeness I actually meant lookups of other internal hosts. E.g., nslookup host1.internaldomain.local. dc.internaldomain.local or even the DC itself - nslookup dc.internaldomain.local. dc.internaldomain.local On Mon, Nov 28, 2011 at 9:51 AM, Greg Sweers <[email protected]<mailto:[email protected]>> wrote: Sorry should have been more clear. The NSlookup is to the internal DC server. When you try and query it comes up with service failure or timeout. Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849<tel:813-657-0849> Office 813-758-6850<tel:813-758-6850> Cell 813-341-1270<tel:813-341-1270> Fax From: Richard Stovall [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, November 28, 2011 9:44 AM To: NT System Admin Issues Subject: Re: 2008 R2 DNS strangeness When you do an nslookup of an external host and it fails, have you tried doing internal nslookups to see if they continue to work? On Mon, Nov 28, 2011 at 9:19 AM, Greg Sweers <[email protected]<mailto:[email protected]>> wrote: We have a single site migrated from 2003 AD to 2008 R2. Physical. We do have the HyperV role loaded at the request of the client to add a small app that he might put on there. DCdiag reports no issues other than the RODC errors which we have not run. EDns has been shutoff. (Confirmed registry entry gets created after its run) IPV6 has been disabled. Tried it with it on and off. Users can be happily browsing the web for hours or minutes and then when they hit a google, especially gmail, page cannot be displayed. Usually a refresh and the page comes up. Sometimes it takes a few minutes and then all users can browse those sites. Streaming audio/video, network access, VPN to other site for IP Phone system all work without issue. All computers pull DHCP from server with single DNS of the DC. Firewall is a watchguard 11.4.2 XTM that has a single Packet Filter for DNS allowing all outbound from the trusted network. No proxy or DNS advanced mechanisms in place. When the computer cannot access the webpage, doing an nslookup fails because the DNS server does not respond. Give it a minute and then it works fine. If I move their DNS settings to the previous 2003 box which I configured with DNS for testing, it works without any issues. Once I move it back to the DC I get this randomness. The DNS server just randomly stops responding during this time. Any ideas??? I have been banging my head out on this for 2 weeks now. Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849<tel:813-657-0849> Office 813-758-6850<tel:813-758-6850> Cell 813-341-1270<tel:813-341-1270> Fax ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
