To test this for your environment... Get this: http://www.techrepublic.com/article/use-dig-to-administer-windows-dns-servers/5032892
Then do this: https://www.dns-oarc.net/oarc/services/replysizetest Kurt On Wed, Jan 23, 2013 at 1:15 PM, Robert Peterson <[email protected]> wrote: > We do not have Cisco firewalls, though everything else is Cisco (switches, > routers, VOIP) > Has anyone seen this issue using Fortinet firewalls? > Thx, > Robert > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, January 23, 2013 3:05 PM > To: NT System Admin Issues > Subject: Re: DNS concerns - Server 2003 R2 SP2 Domain Controllers > > Defintely better to fix the firewall than to limit the size of DNS queries on > the server. > Other firewalls have needed similar fixes, too - not just Cisco. > Kurt > > On Wed, Jan 23, 2013 at 11:44 AM, Kennedy, Jim <[email protected]> > wrote: >> Yes. At some point your DNS servers are talking to the outside >> work…directly or via forwarders I would assume. If dns fixup is >> enabled you need to allow longer lookups. >> >> fixup protocol dns maximum-length 4096 >> >> Or turn off eDNS on the 2003 servers. >> dnscmd /Config /EnableEDnsProbes 0 > >> From: Robert Peterson [mailto:[email protected]] >> Sent: Wednesday, January 23, 2013 2:39 PM >> >> To: NT System Admin Issues >> Subject: RE: DNS concerns - Server 2003 R2 SP2 Domain Controllers >> Thank you Jim. >> >> We have no Cisco firewalls, but all Cisco switches, routers. A new >> switch may have went in last week. We also are in the middle of a >> Cisco VOIP project, past 6 months. Phones all up, but they are still >> working out tweaks, etc. Trying to make a “Jabber” client work on desktops >> and PDAs. >> >> Something on the Cisco side I should dig into? >> >> From: Kennedy, Jim [mailto:[email protected]] >> Sent: Wednesday, January 23, 2013 1:14 PM >> To: NT System Admin Issues >> Subject: RE: DNS concerns - Server 2003 R2 SP2 Domain Controllers >> >> >> >> Did someone put in a shiny new Cisco firewall this past weekend? > > >> From: Robert Peterson [mailto:[email protected]] >> Sent: Wednesday, January 23, 2013 2:02 PM >> To: NT System Admin Issues >> Subject: DNS concerns - Server 2003 R2 SP2 Domain Controllers >> >> Hoping this is an old problem and someone has ideas? >> >> We have Server 2003 R2 SP2 Domain Controllers, four of them. >> >> Since this past weekend, we saw a large increase in Event 5504 warnings. >> Eventually the DC gives an Event 7502 and DNS services hang. >> >> When DNS hangs, memory usage of the DNS service has grown to 800,000K, >> after reboot the memory usage starts around 50,000K. >> >> Found a registry setting to add an EnableDuplicateQuerySuppression DWORD “0” >> setting. This has stopped the memory growth/leaks, and replaced the >> 5504 errors with numerous 404 and 408 errors, till probably due to the >> registry change to suppress “dups” it has quit logging those. >> >> DNS memory usage is stable around 100,000K and DNS services to our >> users is remaining stable too. >> >> However, I feel this is just a stopgap and I need to resolve the real >> culprit… thoughts? Ideas? >> >> As always… great listserv & thanks! >> Robert >> > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
