DNS forward lookups failing

My system is the only DC and running Server 2012 R2 and is the only DNS server on a small network. There are 2 forwarders for internet name resolution and the root domains are also configured...all resolve without issue. Repeated simple & recursive test
inquires all pass. The DNS timeout is set to 5 seconds.
On every network client, approximately one-third of forwarded lookups fail on the first attempt. The second attempt may get a response. By the third attempt, the name resolves. There appears to be no relation between the domain lookups which fail. In
fact, the same domain may fail on one day but, after clearing the cache, the same lookup won't fail
No errors post to either the server or client event logs. I've removed the DNS service and reinstalled but the issue persists.
Any guidance is much appreciated.
Best,
Bill
Best,
Bill

Does the DNS lookup for your AD domain resolution or is it for public DNS names resolution?
If it fails for public DNS names resolution, you can consider updating your DNS forwarders to be your ISP ones.
Please also make sure that your DC is pointing only to its private IP address as primary DNS server and 127.0.0.1 as secondary one. On your client computers, make sure that they point to your DC as primary DNS server.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password

Similar Messages

  • DNS forward lookup

    When I run a changeip -checkhostname all returns ok from the server. When I run a dig -x on that DNS server IP all is ok. When I run a dig on the server name it fails. So forward lookup fails, reverse is fine. Any reason why?

    What DNS server(s) are involved here? Your own? ISP? A combination?
    Is the server resolving DNS itself? If so, then the network controllers reference the local box and the local DNS via the name localhost (or 127.0.0.1), and the local DNS server then connects to the upstream servers.
    Does dig with the @dns.example.com specifier for the DNS server you're interested in work?

  • DNS Forward Lookups Not Working

    My DNS experience and knowledge is pretty limited. Having said that it appears that our xserves can do reverse lookups for both of our xserves, but can't do a forward lookup. How can I fix this?
    Here are the lookup information from network utility:
    Lookup has started ... dataxserve.w.k12.ia.us
    ; <<>> DiG 9.3.4 <<>> dataxserve.w.k12.ia.us
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37918
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;dataxserve.w.k12.ia.us. IN A
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:26:53 2008
    ;; MSG SIZE rcvd: 49
    Lookup has started ... 192.168.0.3
    ; <<>> DiG 9.3.4 <<>> -x 192.168.0.3
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19034
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;3.0.168.192.in-addr.arpa. IN PTR
    ;; ANSWER SECTION:
    3.0.168.192.in-addr.arpa. 86400 IN PTR dataxserve.w.k12.ia.us.
    ;; AUTHORITY SECTION:
    0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
    0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:32:01 2008
    ;; MSG SIZE rcvd: 122
    Lookup has started ...xserve.w.k12.ia.us
    ; <<>> DiG 9.3.4 <<>> xserve.w.k12.ia.us
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10240
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;xserve.w.k12.ia.us. IN A
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:32:52 2008
    ;; MSG SIZE rcvd: 45
    Lookup has started ...192.168.0.2
    ; <<>> DiG 9.3.4 <<>> -x 192.168.0.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;2.0.168.192.in-addr.arpa. IN PTR
    ;; ANSWER SECTION:
    2.0.168.192.in-addr.arpa. 86400 IN PTR xserve.w.k12.ia.us.
    ;; AUTHORITY SECTION:
    0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
    0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:33:26 2008
    ;; MSG SIZE rcvd: 122
    Please help

    Hi
    You don't have to if you don't want to. You can leave both servers running internal DNS Services. The DHCP Service does not require DNS. It all depends on how you want to push out network services to your clients.
    I don't know your particular circumstances but its not absolutely necessary to run DNS on your mail server. It depends a great deal on how you want the server to handle mail for your domain. I'm not an expert but the way I generally do a mail server is to use external MX Records and duplicate the external record internally. Its a fairly simple method and should send and receive mail for your clients internally as well as externally.
    You could configure internal DNS Services on one server only and just add a machine record for the second server. You could expand on this and configure DNS Services on both servers with a machine record for each server on both. There is enough in the GUI to allow you to do this. For example server01.mydomain.com with an IP address of 192.168.254.254 and server02.mydomain.com with an IP address of 192.168.254.253. This way if one server was to go down the other server should still provide a DNS Service to your local clients. However without knowing fully your network environment and your requirements its difficult to advise.
    However is this a new setup and are you trying to get it to work? Or has it been working OK for a while and something has broken it? If its the latter what errors are you seeing?
    If you want to know more about DNS purchase a copy of Paul Ablitz and Cricket Lui's book 'DNS & Bind' and start reading.
    Hope this helps, Tony

  • Delegate DNS Forward Lookup Zone

    A: DNS - I would like to delegate the ability of creating Forward Lookup Zones at the root of my DNS (not subdomain).
    For example, i would like to delegate to my "Tier 1" staff with the ability to modify our DNS. i want our "Tier 1" staff to have the ability to create a Primary Zone in order to redirect users that attempt to access a site with known malware content to an internal site with a warning message notifying the user that they have attempted to access a site that is not allowed.
    Is this possible?

    Hiya,
    I'm about 86% sure that if they need permissions to  create primary zones, they will have access to the complete DNS administration. So it's just a question if that is ok?
    If that is okay you can add the users to the DNSadmin group and they should have access to perform the above from the DNS administration tool, which can be installed anywhere.

  • DNS: Forward Lookup Domain with Just the MX Record

    Our Active Directory domain is olddomain.com. I have a Forward Lookup Zone for olddomain.com with CNAME, MX, and many A records. The MX record points to an internal mail server.
    We just acquired newdomain.com.
    newdomain.com is resolving to external DNS and it works. However, I need to route the internal mail flow of newdomain.com to our internal mail server and not have it pass out to the internet before coming back in.
    I would like to add JUST the mx record for newdomain.com to DNS. All other lookups (newdomain.com,  subdomains.newdomain.com, etc) should work exactly as they do now.
    I have had two thoughts how to do this, but need advice:
    Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
    Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
    I tried adding a new Forward Lookup Zone for newdomain.com with just the SOA, two NS, and the MX record. This broke resolution for http://newdomain.com and http://www.newdomain.com until I added two A records. I do not want to be manually adding records
    for all of our newdomain.com subdomains.
    What do you recommend?
    Thank you in advance!

    Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
    You cannot as you will face the problem you already described.
    However, you might think about doing it that way:
    Get a copy of your external DNS zone (If you can do it of course) using
    NSlookup: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx
    Create a zone named newdomain.com
    Develop a script that will create all the DNS records from the extracted copy except for the MX record
    Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
    Same answer as before.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • DNS lookup failed. How to fix with Google chrome?

    "The server at _____.com can't be found, because the DNS lookup failed. This error is often caused by having no connection to the internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing google chrome from accessing the network." 

    Is Safari the same?

  • Setting Forward Lookup Zones in DNS based on the port queried

    I have the following problem.
    We are using Dynamic DNS to access our site and the modem/router differentiates via port forwarding what server the query goes to based on the port number ie all request go to abc.dyndns.org:port number.
    Based on the port eg. port 3389 goes to server1 (192.168.0.1), port 8080 goes to server 2(192.168.0.2), port 80 goes to server 3 (192.168.0.3). This all works well if you are entering from OUTSIDE the local network.
    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
    come into play?

    As I said before, DNS doesn't do this. DNS has nothing to do with ports resolution. It's purely a name to IP or IP to name resolution. THAT'S IT!
    But you can port translate each individual port from the WAN IP to different IPs  internally. I thought I said that earlier? Maybe I wasn't clear. I apologize for not fully explaining it, for I thought you understood that part.
    Revisiting the bottom of your original post:
    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
    come into play?
    You still have to specify the port internally. Assuming mail.domain.com is server4 (since you didn't specify that port in your original post), you simply create a mail.domain.com zone and give it a blank IP for (making this up) 192.168.0.3, then type in
    the same exact thing you would do from the outside:
    http://mail.domain.com:8083/folder  
    Like I said, it's in the application. DNS just resolve to an IP. There are 65,536 port numbers, and DNS does not deal with resolving any of them. That's the responsibility of the application or service and the client (such as a browser) connecting to
    it.
    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
    This post is provided AS-IS with no warranties or guarantees and confers no rights.

  • Local site blocked - DNS lookup failed

                      Hitting our webpage from the inside is blocked; the policy trace shows Request blocked: Details: DNS Lookup fails
    the local webpage is in the Custom URL Catagory- Allow group...
    This fails when leaving the www off the front.   www.site.com works but site.com fails...
    .site.com and site.com are in the custom URL catagory in an 'allow' group
    this is also in the bypass filter

    A large amount of sites in the world are unable to resolve domains that do not have www in the front. The easiest example is NASA.  Go to nasa.gov and it does not work.  www.nasa.gov does work.  This is due to the admins configuration.  However like chris mentioned I would confirm that your DNS is opperating correctly.
    P.S.  The nasa test might or might not work.  Some browsers automatically change the nasa.gov to www.nasa.gov
    Christian Rahl
    Customer Support Engineer
    Cisco Web Content Security Appliance
    Cisco Technical Assistance Center RTP

  • Post Moved DNS-Lookup-Failed

    Post Moved http://community.bt.com/t5/Other-BB-Queries/DNS-Lookup-Failed/td-p/611636
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

    Is Safari the same?

  • WSA error DNS lookup failed

    hi,
    When i try to download a file from let say xyz.com i am not able to do so.Policy trace show below result
    User Information
    User Name: r5893
    Group Membership: NBKDOM\r5893, NBKDOM\Limit_Login_Single, NBKDOM\MMS_Access Group, NBKDOM\Screen Saver, NBKDOM\Domain Users, NBKDOM\MMSGroup, NBKDOM\Purchasing&GS-Kuwait, NBKDOM\AllUsers, NBKDOM\Outlook Users, NBKDOM\Administration-Kuwai, NBKDOM\BOUsers, NBKDOM\MYNBKUSERS, NBKDOM\Purchasing Requests - Administration, NBKDOM\EVGROUP001
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
    Custom URL Category: Allow sites
    Policy Match
    Cisco IronPort Data Security policy: None
    Decryption policy: None
    Routing policy: Global Routing Policy
    Identity policy: Users
    Access policy: NBK_Users
    Final Result
    Request blocked
    Details: DNS lookup failed
    Trace session complete

    Hi Asim,
    I would investigate the DNS by establishing an SSH session to the M1 interface.  Do an 'nslookup xyz.com' and see if it resolves.  If it does not resolve, you may want to check your DNS server.
    -Vance

  • DNS lookup failing on Macbook with Fios

    Hello all
    I've had Verizon Fios for over a year and had no problems connecting wirelessly to my MacBook.  Out of the blue today, both my MacBook and my brother's began to have issues accessing the internet.  Every attempt would yield the same response:
    This webpage is not available
    The server at google.com can't be found, because the DNS lookup failed. DNS is the web service that translates a website's name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing Google Chrome from accessing the network.
    Here are some suggestions:
    Reload this web page later.
    Check your Internet connection. Reboot any routers, modems, or other network devices you may be using.
    Check your DNS settings. Contact your network administrator if you're not sure what this means.
    Try disabling network prediction by following these steps: Go to Wrench menu > Preferences > Under the Hood and deselect "Predict network actions to improve page load performance." If this does not resolve the issue, we recommend selecting this option again for improved performance.
    Try adding Google Chrome as a permitted program in your firewall or antivirus software's settings. If it is already a permitted program, try deleting it from the list of permitted programs and adding it again.
    If you use a proxy server, check your proxy settings or check with your network administrator to make sure the proxy server is working.
    If you don't believe you should be using a proxy server, try the following steps: Go to Applications > System Preferences > Network > Advanced > Proxies and deselect any proxies that have been selected.
    Error 105 (net::ERR_NAME_NOT_RESOLVED): Unable to resolve the server's DNS address.
    I called Verizon for support, and while their reset of my internet has allowed me to connect directly from a ethernet cord from my router, I'm still getting the same result on any attempts to connect via wi-fi.  Since Verizon decided it was a Mac issue and not a Verizon issue at this point, they pointed me in the direction of applecare, but I don't have the money to spend right now on a support call. 
    It seems that the router is connecting to the internet, and I can connect through ethernet, but their is a problem with the wireless communication between my computer and the router.  Any suggestions?

    That is a different issue. Most likely, your university IT has misconfigured their network and only tested it on Windows where little details like TCP/IP subnets aren't even checked. This sounds pretty typical for university IT. Unfortunately, you will have zero luck getting them to fix the problem because they don't support MACS.
    First of all, your question is pretty important and shouldn't be tucked inside a Verizon FiOS thread where no one will see it. I suggest starting a new question so that people looking for this topic in the future can find the answer.
    I am familiar with this problem. It is an IT configuration problem. I just rolled my own hack for it. I should probably try to improve my hack since obviously other people are experiencing the same problem.
    Before I get started. Why are you even looking? What is the exact problem that you are having? My problem was specific to VPNs but your issue seems even more basic than that. What, exactly, does or does not happen to cause you to search for a fix?
    In the Terminal, run the command "scutil list". How many DNS entries are listed? What are they? You should have one that says "State:/Network/Global/DNS". Type "show State:/Network/Global/DNS". What does it return? Are these the DNS servers that you added?
    Let me know the respones to the above and then I can craft a command that will correct and possibly override those servers properly.

  • DNS lookup failed WRT120N

    Hello,
    I've been having an issue with my internet connection, which has been getting a lot worse over the past 1 month. I purchased the WRT120N about a year and a half ago, and occasionally observed dropped connections, but it was no big deal. Over teh past month or so, however, it seems like I get the "DNS lookup failed" error about every 15-30 minutes. Every time, I have to disconnect and reconnect my computer to my router. In addition, I will be disconnected from XBox Live. This problem may occur every 5 minutes or every few hours.
    I have updated the firmware on the router. I have reset the router, and have reset DNS 1 t0 8.8.8.8 and DNS 2 to 8.8.4.4. THe network is configured as a DHCP. The X-Box has a wired connection, and my laptop experiences this problem whether I use a wired connection or a wireless one.
    I've reached the end of my very limited technology skills, so if anyone has a solution, I'd be more than greatful.
    Thank you!

    To isolate the concern, connect your computer to the modem and observe the connection for a day or a period of time. If the connection is dropping through the modem, contact your ISP. However, if it is stable through the modem, you can adjust the MTU settings of the router. Set the MTU to 1350. Also, reconfigure the wireless settings. Set the channel width to 20 MHz only and select a specific wireless channel. I suggest using 1, 6 or 11.
    Another thing you need to consider is the location of the router. It shouldn’t be too close to your modem as it may create interference. It should be on a higher and open location.

  • DNS lookup failed

    When I attempt to access certain websites my DNS look up fails to translate the website to an ip address

    Need more info.  Are you using a public DNS server? if so which one?
    Which website are you struggling to resolve?

  • Create a "New Zone" in the "Forward Lookup Zone"

    I am working I Windows Server 2008 R2 SP1. 
    I went to DNS Server and tried to create a "New Zone" in the "Forward Lookup Zone" under "subdomain.domain.com". 
    I got the error: "Zone Not Loaded by DNS Server".
    Tried to F5 to Refresh but still same error.
    How do I get a new child or "subdomain" that will work in forest or "domain.com"?

    Hi
    You need to create a new child Domain in a new server.
    Build a new server and follow the belwo link as how to create a new child domain. This will create a subdomain as well a DNS
    http://technet.microsoft.com/en-us/library/cc771856(v=ws.10).aspx

  • When trying to assign IP reservation in IPAM, Domain does not appear in Forward lookup zone drop-down list

    I am trying to assign reserved IP Addresses through IPAM that is installed on a Server 2012 OS.  Here is the procedure I have been following:
    Login to IPAM server
    Open Server Manager
    In left-hand column select IPAM
    In left-center column expand IP ADDRESS SPACE
    Select IP Address Range Groups
    Right-click the appropriate address range and select Find and Allocate Available IP Address
    In new window, scroll down to Basic Configurations
    I can input the basic configurations with no problem.  DHCP Reservation Synchronizations look good too.  But when I get down to DNS Record Synchronization, I can't do anything with the Forward lookup zones because nothing appears in the drop-down
    lists and I cannot manually enter the zone name.  Here is a screen shot of what I see at this point:
    Without completing this information, I cannot complete the Address Reservation.
    Any help or insight will be greatly appreciated.
    Thanks!
    Tom LaLumiere

    Hi Tom,
    This happens if your DNS servers that are managed by IPAM are not authoritative and primary for any zones, if they are not authoritative for the appropriate zones, or if there are not any DNS servers managed by IPAM.
    See the examples below. Here my DNS server is authoritative for 4 forward zones and 2 reverse zones. I can choose any of the forward zones but assuming I pick a range such as 10.0.1.0, I would be unable to choose the 168.192.in-addr.arpa zone because the
    IP addresses do not match.
    -Greg

Maybe you are looking for

  • Cisco 2811 SIP-to-SIP GW T.38 does not work!

    Hello! Diagram is something like this:  Softswitch(MERA) -->>-- Cisco2811 -->>-- Softswitch(MERA)   It's needed to limit traffic if one of SSWs is hacked. But it is not a subject. We just need such "construction". Previously there was Cisco 1760 inst

  • Can't print from HP Win 7 64bit notebook to laserjet 1022 via wireless router

    I've been able to always print from an XP notebook, but now I can't print from an HP Win 7 64 bit notebook to a Laserjet 1022 installed on an XP desktop via wireless router. Looking for a driver that I can't find anywhere. Followed all the forum help

  • Class Cast Exception

    Hi I got class cast exception here String value = String.valueOf (((IPrivateMaterialApplicationView.IMaterial_InputElement)(wdContext.nodeMaterial_Input().nodeT_Matno_in().getElementAt(i))).getMatnr());           valueSet.put(value,value); Thanks & R

  • Group a report based on a hierarchy level

    Hi, I'm struggling with a query that I'd like to group a report based on the selection of a hierarchy level. Here's the situation: I've got a table with a "normal" hierarchy, say the EMP table from SCOTT with its EMPNO and MGR columns. What I'd like

  • Managing tag libraries

    This question was posted in response to the following article: http://help.adobe.com/en_US/dreamweaver/cs/using/WSc78c5058ca073340dcda9110b1f693f21-7b66a .html