Microsoft DNS

[Scarpozzi]

I don't know much about DNS other than how to create A Names/C Names...

We're seeing some weird problems with an upstream DNS server giving us a bad address. (actually started Friday)

Does anyone have a good guide or advice on how to adjust where a Microsoft caching DNS server gets its upstream data from? I've flushed the DNS cache on the server, but it doesn't appear to help. I checked the root hints, but aside from that...I'm trying to figure out *where* to look for problems. If I query 4.2.2.2 in nslookup, I get a different IP for a few of the reported bad sites, so there's definitely something going on.

Thanks,

-Scar

 

[Scarpozzi]

I found a few bad addresses in my root hints (root servers) list. I removed those. I'm really leaning toward thinking that something's wrong with our ISP's side even though calling them has gotten no where...

 

[imagoon]

MS DNS gets its DNS information from either a) the root servers speced in the root hints (that can be updated by the way, you can get the root hints from the root servers themselves, i recall there is a way to automate it also) b) any forwarders you set.

 

[Scarpozzi]

Appears to be upstream...the problem is half-way resolved...

 

[dawks]

Appears to be upstream...the problem is half-way resolved...

Does your server have forwarding configured? I have my DNS server set to handle all internal requests. It forwards any external request to OpenDNS. If I were having strange issues, I'd expect the problem to be OpenDNS in this case.

Right click on the server name in the DNS Manager window, then switch to the forwarders tab.

I have mine set with 208.67.222.222, 208.67.220.220 (OpenDNS) and with 8.8.8.8 and 8.8.4.4 (Google). I have un-checked, "Use root hints if no forwarders are available."

 

[spidey07]

Don't use forwarding, ever unless you have specific reasons to do so internally and internally on servers you administer. Just go to the roots. that's how DNS is supposed to operate.

Don't use forwarders. You open yourself up to a world of hurt if you do.

 

[imagoon]

Don't use forwarding, ever unless you have specific reasons to do so internally and internally on servers you administer. Just go to the roots. that's how DNS is supposed to operate.

Don't use forwarders. You open yourself up to a world of hurt if you do.

Forwarders do have a place, just not for "open web." We use them internally for internal DNS domains all the time.

 

[spidey07]

Forwarders do have a place, just not for "open web." We use them internally for internal DNS domains all the time.

Right. Never use unless you have firm understanding of dns and only use I ternally.

 

[Emulex]

you can benchmark your dns and find that external's even with overhead are faster because they have ginormous ram caches that you can't possibly ever afford