DNS issues on 2003 network
-
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
At least everything is on the same subnet... to sum up:
- You can ping the .16 from .23 and .36 and vice-versa
- You can not use "nslookup somehostname 192.168.10.16"
I can't nslookup from .23 or .36, .16 is my domain controller
Could you just try the following from your fileserver please?
nslookup printserver 192.168.10.16
And, just coming to mind: Are there A-records for your file- and printserver in your primary forward lookup zone?
What about asking your second DC/DNS?
nslookup printserver 192.168.10.55
-
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
At least everything is on the same subnet... to sum up:
- You can ping the .16 from .23 and .36 and vice-versa
- You can not use "nslookup somehostname 192.168.10.16"
I can't nslookup from .23 or .36, .16 is my domain controller
Could you just try the following from your fileserver please?
nslookup printserver 192.168.10.16
And, just coming to mind: Are there A-records for your file- and printserver in your primary forward lookup zone?
What about asking your second DC/DNS?
nslookup printserver 192.168.10.55
Same error
-
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
-
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error. This is from the file server. I will try the print server
-
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
-
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
-
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Print server says DNS request timed out.
-
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Of course it can be that! That product is downright famous for doing stuff like this. That should have been mentioned immediately. Is that the problem here? Less than likely. Is it a possibility? Certainly.
You should get that removed, although it's difficult to remove and that's why it is sometimes classified as malware. You would be better off running with the OS' own AV than that. But of course, something like Webroot or Cylance would be far better still. But SEP... not a viable option IMHO.
-
Could it be a firewall with UDP throttling on and these machines are just getting caught at random?
-
@scottalanmiller said in DNS issues on 2003 network:
Could it be a firewall with UDP throttling on and these machines are just getting caught at random?
Wouldn't that make the issue intermittent though?
-
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
-
@wirestyle22 said in DNS issues on 2003 network:
@scottalanmiller said in DNS issues on 2003 network:
Could it be a firewall with UDP throttling on and these machines are just getting caught at random?
Wouldn't that make the issue intermittent though?
Maybe just turn it off for a second and see if you can do some lookup
-
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@scottalanmiller said in DNS issues on 2003 network:
Could it be a firewall with UDP throttling on and these machines are just getting caught at random?
Wouldn't that make the issue intermittent though?
Maybe just turn it off for a second and see if you can do some lookup
I've seen that not even work. Because the innards of it are messed up.
-
@BRRABill said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@scottalanmiller said in DNS issues on 2003 network:
Could it be a firewall with UDP throttling on and these machines are just getting caught at random?
Wouldn't that make the issue intermittent though?
Maybe just turn it off for a second and see if you can do some lookup
I've seen that not even work. Because the innards of it are messed up.
NB: Would never install that on my servers, not even on workstations, but that's just IMHO.
-
@BRRABill said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
Symantec isn't on any of the servers but the DC though. If that were the issue wouldn't everything be triggered?
-
@wirestyle22 said in DNS issues on 2003 network:
@BRRABill said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
Symantec isn't on any of the servers but the DC though. If that were the issue wouldn't everything be triggered?
Not nessecarily
Just imagine a "ban" added to the filter set because the fileserver asked the DNS too many times. For example because the fileserver queries the DNS about a client, which may happen very often within a small time window on a fileserver, usually early in the morning.
-
@wirestyle22 said in DNS issues on 2003 network:
@BRRABill said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
Symantec isn't on any of the servers but the DC though. If that were the issue wouldn't everything be triggered?
It gets complex. It could do any number of things depending on what factor was causing this to happen.
-
@wirestyle22 said in DNS issues on 2003 network:
@BRRABill said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
Symantec isn't on any of the servers but the DC though. If that were the issue wouldn't everything be triggered?
BUT please think twice before you are going to uninstall SEP Have seen weird things after an uninstall of Symantec products.
-
@scottalanmiller said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@BRRABill said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
@wirestyle22 said in DNS issues on 2003 network:
@thwr said in DNS issues on 2003 network:
Weird. And what about
nslookup www.cnn.com 8.8.8.8
from your print- or fileserver?
Should look like this:
nslookup www.cnn.com 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Nicht autorisierende Antwort: Name: prod.turner.map.fastlylb.net Address: 151.101.36.73 Aliases: www.cnn.com turner.map.fastly.net
Received the same error.
Any firewall in between? Some local AV with firewall included?
We use Symantec endpoint protection, but can It really be that? Based on yesterday I can't think of anything that would cause any of those settings to change
Many times I have uninstalled AV from Symantec (or McAfee) that suddenly fixed all Internet issues.
Symantec isn't on any of the servers but the DC though. If that were the issue wouldn't everything be triggered?
It gets complex. It could do any number of things depending on what factor was causing this to happen.
Yup. Like disaster-bingo.
-
So what are my options here? Are there any other tests I can run?