DNS/MX issue

Similar Messages

• DNS Server Issues with Comcast and Airport Extreme wifi routers

  I am having significant challenges with 3 Airport Extreme (latest gen) wifi routers and my Comcast Xfinitity service.  It once worked just fine, but now I continually get the blinking amber lights stating "No DNS servers" for each of the Airport Extreme (AE) routers.  My configuration is:
  Coax cable -> Comcast Xfinity cable modem -> ethernet to 16-port gigabit ethernet switch ->->-> ethernet to 3 Airport Extremes around the house direct connected with switch
  I have many wifi devices throughout the house (iPads, MacBooks, home automation devices) as well as direct-connected devices via ethernet (one PC connected to AE router).
  Each Airport Extreme router is set with these settings in the Airport Utility app: 
  Internet tab=  Connect using: DHCP
  Wireless tab=  Network mode: Create a wireless network
  Network tab=   Router mode: Off (Bridge Mode)
  I have attempted to put the Xfinity cable modem in bridge mode, and use the Airport Extreme to serve up the IP addresses, but still lost internet connectivity.
  I have also attempted to set the Network tab=> Router Mode to "DHCP and NAT" but get "Double NAT" error issues as well.
  I have tried using the Comcast DNS server addresses (75.75.75.75;75.75.76.76) setting on the Internet tab for the routers and do end up getting a green light, but NO internet connectivity.
  Lastly, I have tried using the Google DNS servers (8.8.8.8;8.8.4.4) setting on the Internet tab the routers giving me the No DNS servers amber light error and again, no Internet connectivity for either wifi-connected or even ethernet connected (directly to Airport Extreme router) devices (like my PC) despite getting a green light on the router.
  Any this point, it really seems that these AE routers are NOT compatible with the Xfinity cable modem or service… (and yes, I've tried power-cycling and restarting the modem, and then the AE routers, MANY times to little avail).
  Should I move one of these Airport Extreme wifi routers to before the switch, and have the other 2 in Bridge mode after the switch?  Do I need to setup a specific range of DHCP reservation addresses for each different AE router?
  Appreciate any insight anyone can share with this aggravating DNS server issue between Comcast & multiple Airport Extreme wifi routers.

  I do not see anything wrong with your basic setup.. the issue is indeed the WAN ports of the AE.. AC version are having problems with some network equipment.
  You have listed a stack of things you have tried.. but I want you to move the ethernet patch cable you use on each AE to its LAN port instead of WAN.
  Restart the airport when you do that.. and then see if it becomes stable.
  In bridge mode the airport moves the WAN port to LAN.. but the WAN port setup itself seems more problematic than the LAN ports.
  There are other methods we can try if this does not work.. but in the end.. I would be tempted to take the whole lot back to apple.. they need to start making equipment that works with standard modems and switches.
  BTW what brand is the 16 port switch?? Does it happen to be managed (smart type)?

• DNS/LDAP Issue for Trusted Domain

  Hi
  I'm trying to configure  Configuration Manager 2012 R2 Forest Discovery to a trusted domain.
  Objects from the trusted domain (users/computers) show up in the Collections, but when I check under Administration\Active Directory Forests I can see Discovery Status "Failed to connect using default account" and Publishing status "Cannot
  Contact LDAP Server".
  I've added the SCCM server to local admin at the trusted domain via GPO and have also created the system Management container.
  When I check the log ADForestDisc.log I get this error message:
  "Failed to connect to forest X. This can be because of disjoint DNS namespaces, network connectivity or server availibility issue. Error Information The specified forest does not exist or cannot be contacted."
  I have setup Conditional Forwarders in DNS in both domains.
  I have also read other forums about this issue and should have the answer:
  "This error occurs for all of the domains that you mentioned and is typical when SRV records for DCs in those remote domains cannot be found. Forest discovery relies on DNS name resolution of SRV records to locate a suitable DC to communicate with."
  "The site server performing the forest discovery must be able to resolve the SRV records for the DCs or root domain of the other forest."
  We are using Windows AD integrated DNS in both domains.
  I'm not so familiar with DNS configuration so I appreciate if someone could tell more specific how to fix this.
  Thanks in advance

  Hi
  Thank you for your answer. This issue is solved. I've missed to open some ports in the router/firewall between the LANs.
  The status under Active Directory Forests is Succeded now, but when I check under boundaries, I can only see the "Default-First-Site-Name" site for the first domain (same LAN as CM Server) and I can only see the IP address range for that LAN.
  I don't Think  this is a big issue, but shouldn't the site name and address range for the other LAN (where the trusted domain is) be automatically found to during forest Discovery when I've checked the options to create site and ip boundaries automatically?

• DNS / DHCP Issues in Server 2008R2 Domain

  Hi folks,
  We’ve been having an ongoing issue for a while now in that some PCs and laptops (Win 7) in our company can’t be contacted by hostname i.e. if we try and RDP from one Windows 7 PC to another the RDP session fails as if the PC isn’t turned on, but it
  is indeed turned on and connected to the network. 
  Even if we ping the host name of a particular computer that is on it fails to reply but if I go into DHCP I can find the hostname bit it has a different IP address assigned to it other than what is listed in DNS for that host name.
  So for some reason when some computers get switched on and be allocated a new dynamic IP address through DHCP the corresponding record in DNS doesn’t seem to get updated meaning we need to go into DNS and manually amend the Host A record with the new
  IP address that it has been given so we can RDP onto that computer using the hostname.
  At present aging and scavenging isn’t enabled in our environment as we are afraid to in case it removes live DNS entries that just haven’t been turned on in a wee while.  Does aging and scavenging just ignore static DNS entires and does aging and
  scavenging work in DHCP as well?
  One other thing I noticed is that if I delete an incorrect DNS Host A record and create it manually and assign the hostname and the correct IP address it says static rather than having a timestamp on it. When I create the new record I always click on our
  domain in the Forward Lookup Zone and on creation I always select Create the associated pointer (PTR) record so not sure why the manual record doesn’t get a time stand.
  So any help/advice or suggestions would be greatly appreciated.
  Thanks,
  Bonemister

  Hi David,
  Thanks for your reply and for clarifying those things for me.  Unfortunately in my workplace when I add a manual DNS Host A record it does become a static entry and doesn't have the '0'
  you mention, do you have any idea why that would be as I'm worried about it affecting things if I were to enable aging and scavenging.
  Is it possible to just enable aging and have it remove entries before a time of my choosing or does scavenging need to be enabled also?
  I still can't understand why the relationship between DHCP and DNS isn't working correctly. Sure if DNS has an A record for a computer and the IP address changes via DHCP there is bound to be
  a way to setup DNS to be able to update the records it holds - do you know if my reading of this is correct.
  By the way, I can confirm that my adapters TCP/IP DNS settings are the same on of the PCs that had the DNS fault as in your screenshot the only different is we have the tick in Append parent suffixes... - would that make a difference.
  Thanks also for that other link, it seems very interesting and I'll have a good read through it carefully before doing anything!!
  Thanks again for you reply and I look forward to seeing any responses.
  Regards,
  Bonemister

• DNS Doctoring issue - ASA 5540

  I am in the process of setting up a segrated Guest Wifi network in my office and in doing so realized that I can not access my NAT'd externally facing web servers through this network. This guest network is using 8.8.8.8 for DNS and is properly resolving the external IP for the servers, but the pages refuse to load. If I go directly to the Private IP of the servers, the pages load. These NAT'd servers are on the DMZ interface of my ASA, whereas the "Guest network" resides on the Internal interface.
  I came accross this: "By default the Cisco ASA will not allow packet redirection on the same interface (outside) which is tried by the guest client trying to access the DMZ server by its NAT’d public IP address.", which perfectly describes my issue. The article goes on to say that my checking the "Translate the DNS replies that match the translation rule" box (enable DNS Doctoring) in the NAT rule, the ASA would essentially rewrite the external IP to the private IP. This however is not working and the pages still won't come up.
  Am I not understanding this right? What am I missing from this set up?

  Hello Tom,
  If the server is on a different interface than the clients why don't you simple do a static one to one from the private to the global IP address.
  EX
  static (dmz,inside) public ip private ip
  Rate all of the helpful posts!!!
  Regards,
  Jcarvaja
  Follow me on http://laguiadelnetworking.com

• Network and DNS Setup Issues

  I am setting up an Xserv with Snow Leopard at my school, and I'm running into DNS issues.
  I followed the excellent guide at http://labs.hoffmanlabs.com/node/1436 and believe I've set DNS up correctly, but I fail the changeip -checkhostname test (I've replaced my domain and server names):
  mserver:~ admin$ sudo changeip -checkhostname
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  I tried running the command as given, ("sudo /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver") but that didn't solve it. I'm not sure if that's the correct thing to do, or why that didn't work.
  I have come to suspect that my issue is with network settings, and would appreciate advice on what I'm trying to do. The server (our only one) will be an OD master, a file server and a web server. It is inside our router, with an externally-reachable IP address and an internal one (the latter is 10.10.10.2). I have configured it with the two IPs on one port to avoid the issue with SL wanting two serial numbers. My System Preference > Network settings are as follows:
  Ethernet 1b (highest service order):
  IP Address: 10.10.10.2
  Subnet mask: 255.255.255.0
  Router: 10.10.10.1
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 1 (second highest service order):
  IP Address: <my external IP>
  Subnet mask: 255.255.255.248
  Router: <my ISP's router>
  DNS Server: 127.0.0.1
  Search Domains: mydomain.ns.ca
  Ethernet 2:
  Not Connected
  Although I'm unsure what it means (I'm more a teacher than a techie!), Server Admin > Settings > Network shows:
  Computer Name: myserver
  Local Hostname: myserver
  Network Interfaces:
  en0; IPv4; 10.10.10.2; myserver.mydomain.ns.ca
  Ethernet 1 (en0); IPv4; <my external IP>; myserver.local
  The second of the interfaces above is bold.
  The big issue I'm seeing on my network (possibly as a result of this, but everything I've seen says fix DNS first) is that network users can't log in although they have homes and can connect to the homes once logged in as local users.
  Many thanks in advance for your help--the school year is closing in quickly!
  Regards,
  Alex

  Thanks. I disabled the external IP & rebooted. Server Admin now has only the one IP. But I still get the same result:
  myserver:~ admin$ dscacheutil -flushcache
  myserver:~ admin$ sudo changeip -checkhostname
  Password:
  Primary address     = 10.10.10.2
  Current HostName    = myserver.mydomain.ns.ca
  DNS HostName        = myserver
  To fix the hostname please run /usr/sbin/changeip for your system with the
  appropriate directory with the following values
     /usr/sbin/changeip 10.10.10.2 10.10.10.2 myserver.mydomain.ns.ca myserver
  dirserv:success = "success"
  myserver:~ admin$
  I ran dig on a client:
  Last login: Mon Sep  5 11:40:13 on console
  Lab-iMac-64:~ admin$ dig myserver.mydomain.ns.ca
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> myserver.mydomain.ns.ca
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45308
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;myserver.mydomain.ns.ca.        IN    A
  ;; AUTHORITY SECTION:
  mydomain.ns.ca.        10800    IN    SOA    myserver.mydomain.ns.ca. dns.mydomain.ns.ca.mydomain.ns.ca. 2011090201 86400 3600 604800 345600
  ;; Query time: 1 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:40:42 2011
  ;; MSG SIZE  rcvd: 94
  Lab-iMac-64:~ admin$ dig -x 10.10.10.2
  ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 10.10.10.2
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7073
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
  ;; QUESTION SECTION:
  ;2.10.10.10.in-addr.arpa.    IN    PTR
  ;; ANSWER SECTION:
  2.10.10.10.in-addr.arpa. 10800    IN    PTR    myserver.
  ;; AUTHORITY SECTION:
  10.10.10.in-addr.arpa.    10800    IN    NS    myserver.mydomain.ns.ca.
  ;; Query time: 3 msec
  ;; SERVER: 10.10.10.2#53(10.10.10.2)
  ;; WHEN: Mon Sep  5 11:41:04 2011
  ;; MSG SIZE  rcvd: 99
  What to try next?
  ~Alex
  PS- ...and I'm still not able to log in as a network user, but still can access network accounts using connect to server. Here's what my password log looks like when I try to log in (hash and username edited):
  Sep  5 2011 11:34:11    RSAVALIDATE: success.
  Sep  5 2011 11:34:11    AUTH2: {0x4e4d1b4e67..., alex} DHX authentication succeeded.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} is in good standing.
  Sep  5 2011 11:34:11    KERBEROS-LOGIN-CHECK: user {0x4e4d1b4e67..., alex} authentication succeeded.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.
  Sep  5 2011 11:34:11    GETPOLICY: user {0x4e4d1b4e67..., alex}.

• Netctl and DNS client issues

  AFAIK there is nothing wrong in placing both 'domain' and 'nssearch' in '/etc/resolv.conf'. I'm afraid that netctl ignores 'DNSSearch' entry if 'DNSDomain' is present. Is it a bug or a 'feature'?
  My experience shows that netctl incorrectly handles the 'DNS' entry: if it contains '127.0.0.1' all other nameservers are ignored (not placed in '/etc/resolv.conf'. It is a problem if a server is running a secondary DNS which is frequently down for upgrade/maintenance/testing.
  (OK, found this issue discussed, bug-reported and "fixed")
  Last edited by quayasil (2013-07-11 12:50:36)

  AFAIK there is nothing wrong in placing both 'domain' and 'nssearch' in '/etc/resolv.conf'. I'm afraid that netctl ignores 'DNSSearch' entry if 'DNSDomain' is present. Is it a bug or a 'feature'?
  My experience shows that netctl incorrectly handles the 'DNS' entry: if it contains '127.0.0.1' all other nameservers are ignored (not placed in '/etc/resolv.conf'. It is a problem if a server is running a secondary DNS which is frequently down for upgrade/maintenance/testing.
  (OK, found this issue discussed, bug-reported and "fixed")
  Last edited by quayasil (2013-07-11 12:50:36)

• ISA Server 2006 DNS error issue

  we are using ISA server 2006, and we are facing issue DNS Clients services, we need to restart its DNS client services in 10min or 15mins, 1st error event ID is 8003, Sources :-MRxSmb and 2nd event ID 11160, Source:- DNSApi.

  Hi,
  By default, ISA Server is configured to log requests that come through the Web Proxy Service. You can check by opening
  the ISA Management MMC and choosing Monitoring Configuration, and then clicking Logs. In addition,
  all log files are stored in the ISALogs folder found in the Microsoft ISA Server folder if you never specify the folder for storing the log file.
  You can check the IAS log files for troubleshooting since it is hard to say which would be the reason.
  Best regards,
  Susie

• DNS nslookup issue

  Hello,
  It is in continuation of my previous thread;
  http://social.technet.microsoft.com/Forums/en-US/4cb781c2-7da5-4da8-aa4a-b62dd8b122c4/nslookup-issue?forum=winserverNIS
  I have two sites main and dr. In each site we have 4 domain controllers running on windows 2008 r2. when i try to nslookup from dr domain controllers to our Domain name (ads.pnu.edu.sa), it gives me two times "Time out for 2S" and after that it
  properly shows me the IP addresses of the servers of my domain. I need to investigate why the RTO is coming. i am attaching the nslookup and ipconfig snapshots.
  I disabled ipv6 from registry. all is working through normal ping and there is PTR for the server in DNS. Appreciate if anyone please guide.

  When you put a period on the end of it, it will not use the search suffixes. Here's more info on that and how and why it works:
  Nslookup suffixing behavior
  http://blogs.msmvps.com/acefekay/2013/02/17/nslookup-suffixing-behavior/
  Are you concerned that your servers, applications or something else is not properly working? Nslookup is good for testing, however, you have to remember that an app doesn't use nslookup. It has its own built-in resolver. If you use ping, which uses the machine's
  client side resolver, do you see any delays or non-resolution issues?
  Are your DNS server patched and updated?
  ===
  If it's doing it for other records too, then Run the following, and if the hotfix is already installed or it doesn't apply
  due to service pack level or operating system version, no fret, the installer will tell you right away and will tell you to
  stop. Some of them require restarts.
  DNS Server service does not use root hints to resolve external names in Windows Server 2008 R2
  Post Windows 2008 R2 SP1 HOTFIX available.
  APPLIES TO •Windows 2008 R2 Datacenter •Windows 2008 R2 Ent •Windows 2008 R2 Std.
  Requires a restart.
  http://support.microsoft.com/kb/2616776
  DNS Server service does not resolve some external DNS names after it works for a while in Windows Server 2008 R2
  Hotfix release - (released 4/15/2011)
  http://support.microsoft.com/kb/2508835
  Windows 2008 -
  DNS queries for external domains are not resolved when you use Conditional Forwarding in Windows Server 2008
  Post Windows 2008 SP2 Hotfix available
  Requires a restart.
  http://support.microsoft.com/kb/2625735/
  DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in
  Windows Server 2008 R2 - Post Service Pack Hotfix available.
  Does not require a restart.
  http://support.microsoft.com/kb/2655960
  And if nslookup times out on MX records, it's by design:
  NSLOOKUP Returns Time-out Error When Query for an MX Record
  http://support.microsoft.com/kb/198551/en-us
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS Microsoft issues

  Have a client moving from google to Microsoft for mail and other services. This is the message I received from their IT guys. I'm a designer so my knowledge of DNS is limited. Any assistance is appreciated.
  Message:
  I am however still having issues with the service records that I added.  Could you help me resolve this issue?  I have added them under the advanced DNS records section with the corresponding srv type but it doesn't look like we have the ability to add any of the other sub categories like service, protocol and target.  As a result, Microsoft isn't able to validate these records to complete our full migration.   Please call me with any questions.
  SRV records
  Service
  Protocol
  Port
  Weight
  Priority
  Name
  Target
  TTL
  _sip
  _tls
  443
  1
  100
  sipdir.online.lync.com
  3600
  What do I fix?
  _sipfederationtls
  _tcp
  5061
  1
  100
  sipfed.online.lync.com
  3600
  What do I fix?

  If you're NOT using BC as email provider you can safely use another nameserver provider with a more advanced DNS-panel. Domain name service and DNS services - Easy DNS hosting with DNSimple - DNSimple , just to name one of many providers that have a extensive DNS panel for custom records.

• DNS resolving issues

  Hello.
  I'm having a lot of issues when resolving DNS names on Linux.
  I've 2 computers, one is running Windows XP SP2, the other is running Arch Linux. I connect to the internet using the Windows machine, and I have ICS turned on so I can connect through my linux box as well.
  Whenever I connect to a host of any sort through the linux box, I often recieve "Unknown Host" messages. If I refresh several times then it works.
  My linux box has dual boot with Windows XP SP2. If I use Windows on this machine, I'm having no DNS issues at all.
  So I believe the problem is with the way my Arch is configured.
  This is the relevant part from my /etc/rc.conf:
  lo="lo 127.0.0.1"
  #eth0="dhcp"
  eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
  INTERFACES=(lo eth0)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  # - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(gateway)
  Can anyone help me rid of this annoying problem?

  This is what it says:
  nameserver 192.168.0.1
  search mshome.net
  192.168.0.1 is the IP address of the Windows machine.
  MSHOME is the name of the workgroup my Windows machine is in.

• SRP541w DNS Proxy issue

  I'm running FW 1.02.01 (23) and I'm having problems with the DNS proxy.  I have DNS Proxy enabled for my DHCP server on the router and I have my dns server programmed into the global dns location.  I cannot ping any DNS names for my IPSEC VPN tunnel.
  Thanks,
  Adam De Lay

  Hi Adam,
  Could I first recommend that you upgrade to version 1.2.4.  This is available for free download, just go to www.cisco.com/go/srp500 and look for the link on the right.
  If you are still seeing the issue after upgrade, could you please grab the device status file (Administration > Remote Support) and send to me please. [Don't post it here]
  Regards,
  Andy

• ASA 5520 Reverse DNS lookup Issue

  We are having Reverse DNS issues.
  10.10.0.10 = Exchange Server
  Windows 2003 = DNS server internal.
  Setup: 1 to 1 NAT
  10.10.0.10 smtp --> 70.89.133.218 smtp
  Int gi0/2 = 70.89.133.217
  Incoming Access Rule:
  any --> 70.89.133.218 smtp permit
  When we do a WhatismyIp on exchange server it says the IP is 70.89.133.217
  It should be 70.89.133.217.
  This is causing our email to be rejected from external sites due to reverse dns not returning 218. External people say are email is coming from 217. Comcast says the reverse pointer is setup correctly.
  What are we doing wrong?
  Thanks for any help you can offer.

  Correction:
  When we do a WhatismyIp on exchange server it says the IP is 70.89.133.217
  It should be 70.89.133.218
  217 is the interface gi0/2 on the ASA.

• DNS Registration Issues when using DHCP Server in Other Domain

  We have an issue where we have 2 domains with an external trust between and a set of DHCP servers that are only located in Domain A.
  Clients in Domain B receive the DHCP information from Domain A which also gives them DNS settings pointing to Domain Controllers in Domain A.  There are forwarders in place so resolution works.
  However clients when registering their DNS information in their own domain gets refused by Domain B Domain Controllers.
  Is there a way to populate a security group to allow client's in Domain B to register DNS configuration on their Domain B Domain Controllers?
  I know the easiest way would be to create additional VLANs for DCs and clients and segregate clients with IP helpers to different DHCP servers per domain. But this cannot be done unfortunately.
  Any help or advice appreciated on this one

  The logs I receive are below:
  31/07/2014 20:47:11 14D4 PACKET  000000C48FE6A5B0 UDP Rcv 172.16.32.140    ca65   U [0028       NOERROR] SOA    (16)Internal.domain(3)com(0)
  31/07/2014 20:47:11 154C PACKET  000000C48FE6A5B0 UDP Snd 172.16.32.140    ca65 R U [05a8       REFUSED] SOA    (16)Internal.domain(3)com(0)
  31/07/2014 20:47:11 1EE4 PACKET  000000C4908D8030 TCP Rcv 172.16.32.140    966b   Q [0000       NOERROR] TKEY   (9)1408-ms-7(10)45-6b599a3(36)7986ecc4-17e5-11e4-8b81-3c77e6ef79d7(0)
  31/07/2014 20:47:11 144C PACKET  000000C4908D8030 TCP Snd 172.16.32.140    966b R Q [0080       NOERROR] TKEY   (9)1408-ms-7(10)45-6b599a3(36)7986ecc4-17e5-11e4-8b81-3c77e6ef79d7(0)
  31/07/2014 20:47:11 14D4 PACKET  000000C48E9F2B90 UDP Rcv 172.16.32.140    ae74   U [0028       NOERROR] SOA    (16)Internal.domain(3)com(0)
  31/07/2014 20:47:11 1AEC PACKET  000000C48E9F2B90 UDP Snd 172.16.32.140    ae74 R U [05a8       REFUSED] SOA    (16)Internal.domain(3)com(0)

• AD DNS resolution Issue for specific Site

  Hello Experts,
  Currently I am facing issue for DNS Resolution.
  I have 2 Sites
  Site A(2003 R2 DC) & Site B(2008 R2 ADC)
  my domain name is abc.co.in
  and I have another forwardlookup zone abcl.com (mail.abcl.com/Dev.abcl.com)
  I am able to resolve host recoreds for abc.co.in & abcl.com from site A
  I am facing issue for Site B
  unable to resolve A records for mail.abcl.com
  when I am trying to resolve using
  ============================================================
  nslookup mail.abcl.com 192.168.0.5 (Site B ADC)
  getting below output
  Server : adc01siteB.abc.co.in
  Address : 192.168.0.5
  Non autoritative answer :
  Name : com.co.in
  address : 192.254.185.209
  Aliases : mail.abcl.com.co.in
  ==============================================================
  mail.abcl.com - 192.168.0.11 (Actual Internal A record)
  I want to know why this trying to resolve from external DNS (192.254.185.209)
  your help / pointers will be appreciable
  R Udeg

  Is your settings for site B the same for site A in the DNS Server properties?
  Did you make sure that UDP and TCP port 53 is open both ways?
  Did you make sure all resource records have been updated?
  Did you flush the cache/ scavenging happened?
  Did you check the DNS forwaders and recursion?
  Remember if a DNS server fails to resolve a name for which it is not authoritative, the cause is usually a failed recursive query. Recursive queries are used frequently by DNS servers to resolve remote names that are delegated to other DNS zones and servers.
  Note: If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.

• DNS Resolution Issues

  Hey Guys,
  I have recently set up a Mac OS X server at home and have set it up to work with the domain name server.geckocentral.co.uk for which I have created an A record and it works perfectly.. this is the Mac OS X standard tutorial method presented by the great Todd Otholff for accessing your network on an outside line and I followed it perfectly.
  The problem I now have is that I cannot access http://geckocentral.co.uk anywhere in the world although I could on and off earlier on but even off my WiFi my mobile devices can no longer access it so I guess the internal and external DNS are both broken ?
  When you add the domain to the servers DNS it has to hold the zone geckocentral.co.uk and then server.geckocentral.co.uk is the machine name within the domain.
  Is there perhaps a record I can add somewhere to tell the DNS that anything not assigned to server.geckocentral.co.uk needs to look somewhere else since my website is hosted externally with innohosting along with my webmail etc and now its busted.
  This is for my business I run and I am hoping there is a way to fix it.
  Regards,
  Matt

  You'll want to launch the following diagnostic command and confirm your local DNS is working:
  sudo changeip -checkhostname
  If you're referring to any DNS services off of your network and if you're using NAT as is typical, then the above command will probably report a DNS error.
  Here are details on setting up LAN-local DNS on OS X Server.
  I would generally recommend against using the same domain name both inside your firewall on your NAT'd network and outside via your DNS provider's servers — it's possible to do that, but you'll then have to track public IP addresses around within your internal DNS.   If I've guessed at the trigger for the issue you've encountered, it's involving two separate authoritative DNS servers, or there's no internal DNS running here. 
  Either use a subdomain of a domain you've registered or have permission to use, or use a seperate registered domain inside your network, or (getting more difficult as ICANN is adding new top-level domains) use a bogis domain such as .mattd25 as your top-level domain.  If you choose to use a bogus domain, do not use .local, .com, .net or any other existing top-level domain.