2

Note: this is a followup to an earlier question after further investigation.

The issue (so far) seems to be isolated to a Win2003 DNS server (though I haven't tried other server-types)

The questions is also (as of 2010-02-24) open as an MSDN Forum post here but I was hoping that somebody might be able to help test against other server-types.

I'm coming across a rather strange DNS problem (Server = Win2003)

I have already started investigating direct with my ISP, and we've come across a strange issue as listed below.

NOTE: These result Occasionally work somehow (Tests are best performed just after clearing the Win2003 DNS cache)

To start with, if we look at the nameserver records for wilmot.me.uk, we get:

>>> nslookup -q=cname mail.wilmot.me.uk
Non-authoritative answer:
   wilmot.me.uk    nameserver = primary-dns.co.uk
   wilmot.me.uk    nameserver = secondary-dns.co.uk

Now, there are two records in particular that are of interest.

>>> nslookup -q=cname mail.wilmot.me.uk
Non-authoritative answer:
   mail.wilmot.me.uk       canonical name = wilmot.me.uk.mail.aaisp.net.uk

>>> nslookup -q=cname mail2.wilmot.me.uk
Non-authoritative answer:
   mail2.wilmot.me.uk      canonical name = C.mail.aaisp.net.uk

Now the problem SEEMS to be that the local Windows 2003 DNS Server is not correctly following the CNAME data.

Using the following commands:

>>> nslookup -d2 -q=a mail.wilmot.me.uk.
>>> nslookup -d2 -q=a mail2.wilmot.me.uk.

we can see that:
mail.wilmot.me.uk returns an NXDOMAIN result However:
mail.wilmot.me.uk returns a NOERROR result (as expected) with IP addresses.

It would APPEAR that the CNAMEs are not being correctly followed.

Oddly enough, both of the following return as expected.

>>> nslookup -q=a wilmot.me.uk.mail.aaisp.net.uk.
>>> nslookup -q=a C.mail.aaisp.net.uk.

If anyone can help shed any light on this (even by confirming "Yes it causes problems in xxx OS" or "Seems to work fine in yyy OS", that would be great.

The log-data below shows that the Win2003 doesn't even attmpt to resolve the wilmot.me.uk.mail.aaisp.net.uk. CNAME in the first instance

DNS Server log file creation at 24/02/2010 15:07:34 UTC

Message logging key (for packets - other items use a subset of these fields):
    Field #  Information         Values
    -------  -----------         ------
       1     Date
       2     Time
       3     Thread ID
       4     Context
       5     Internal packet identifier
       6     UDP/TCP indicator
       7     Send/Receive indicator
       8     Remote IP
       9     Xid (hex)
      10     Query/Response      R = Response
                                 blank = Query
      11     Opcode              Q = Standard Query
                                 N = Notify
                                 U = Update
                                 ? = Unknown
      12     [ Flags (hex)
      13     Flags (char codes)  A = Authoritative Answer
                                 T = Truncated Response
                                 D = Recursion Desired
                                 R = Recursion Available
      14     ResponseCode ]
      15     Question Type
      16     Question Name

20100224 15:07:36 D80 EVENT   The DNS server has started.

---

20100224 15:07:45 5A4 PACKET  00F421D0 UDP Rcv 10.0.0.102      0001   Q [0001   D   NOERROR] PTR   (1)2(1)0(1)0(2)10(7)in-addr(4)arpa(0)

20100224 15:07:45 5A4 PACKET  00F421D0 UDP Snd 10.0.0.102      0001 R Q [8085 A DR  NOERROR] PTR   (1)2(1)0(1)0(2)10(7)in-addr(4)arpa(0)

20100224 15:07:45 5A4 PACKET  00F42C80 UDP Rcv 10.0.0.102      0002   Q [0001   D   NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:45 5A4 PACKET  02349AE0 UDP Snd 192.36.148.17   a992   Q [0000       NOERROR] NS    (0)

20100224 15:07:45 5A4 PACKET  02344000 UDP Snd 128.63.2.53     b3cb   Q [0000       NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:45 5A4 PACKET  017E9FF0 UDP Rcv 192.36.148.17   a992 R Q [0084 A     NOERROR] NS    (0)

20100224 15:07:46 5A4 PACKET  017C7430 UDP Rcv 128.63.2.53     b3cb R Q [0080       NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:46 5A4 PACKET  02344000 UDP Snd 195.66.240.130  4caf   Q [0000       NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:46 5A4 PACKET  01706E30 UDP Rcv 195.66.240.130  4caf R Q [0080       NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:46 5A4 PACKET  02349AE0 UDP Snd 156.154.102.3   c5a7   Q [0000       NOERROR] A     (11)primary-dns(2)co(2)uk(0)

20100224 15:07:46 5A4 PACKET  01CF9870 UDP Rcv 156.154.102.3   c5a7 R Q [0080       NOERROR] A     (11)primary-dns(2)co(2)uk(0)

20100224 15:07:46 5A4 PACKET  02349AE0 UDP Snd 81.187.30.41    afb9   Q [0000       NOERROR] A     (11)primary-dns(2)co(2)uk(0)

20100224 15:07:46 5A4 PACKET  00F76370 UDP Rcv 81.187.30.41    afb9 R Q [0084 A     NOERROR] A     (11)primary-dns(2)co(2)uk(0)

20100224 15:07:46 5A4 PACKET  02344000 UDP Snd 81.187.30.41    bc45   Q [0000       NOERROR] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:46 5A4 PACKET  01C1C6D0 UDP Rcv 81.187.30.41    bc45 R Q [0384 A    NXDOMAIN] A     (4)mail(6)wilmot(2)me(2)uk(0)

20100224 15:07:46 5A4 PACKET  01C1C6D0 UDP Snd 10.0.0.102      0002 R Q [0384 A    NXDOMAIN] A     (4)mail(6)wilmot(2)me(2)uk(0)

---

20100224 15:07:49 5A4 PACKET  02343550 UDP Rcv 10.0.0.102      0001   Q [0001   D   NOERROR] PTR   (1)2(1)0(1)0(2)10(7)in-addr(4)arpa(0)

20100224 15:07:49 5A4 PACKET  02343550 UDP Snd 10.0.0.102      0001 R Q [8085 A DR  NOERROR] PTR   (1)2(1)0(1)0(2)10(7)in-addr(4)arpa(0)

20100224 15:07:49 5A4 PACKET  00F421D0 UDP Rcv 10.0.0.102      0002   Q [0001   D   NOERROR] A     (5)mail2(6)wilmot(2)me(2)uk(0)

20100224 15:07:49 5A4 PACKET  00F42C80 UDP Snd 81.187.30.41    42d0   Q [0000       NOERROR] A     (5)mail2(6)wilmot(2)me(2)uk(0)

20100224 15:07:49 5A4 PACKET  02311E70 UDP Rcv 81.187.30.41    42d0 R Q [0084 A     NOERROR] A     (5)mail2(6)wilmot(2)me(2)uk(0)

20100224 15:07:49 5A4 PACKET  00F42C80 UDP Snd 194.83.244.131  8601   Q [0000       NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  0179F2F0 UDP Rcv 81.187.81.33    8601 R Q [0080       NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  00F42C80 UDP Snd 195.66.240.130  8601   Q [0000       NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  0179FDA0 UDP Rcv 195.66.240.130  8601 R Q [0080       NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  02349AE0 UDP Snd 194.83.244.131  3e6d   Q [0000       NOERROR] A     (4)auth(13)secondary-dns(2)co(2)uk(0)

20100224 15:07:49 5A4 PACKET  01B36A50 UDP Rcv 81.187.81.32    3e6d R Q [0080       NOERROR] A     (4)auth(13)secondary-dns(2)co(2)uk(0)

20100224 15:07:49 5A4 PACKET  0234C590 UDP Snd 81.187.81.32    284a   Q [0000       NOERROR] A     (4)auth(11)primary-dns(2)co(2)uk(0)

20100224 15:07:49 5A4 PACKET  01E12130 UDP Rcv 81.187.81.32    284a R Q [0084 A     NOERROR] A     (4)auth(11)primary-dns(2)co(2)uk(0)

20100224 15:07:49 5A4 PACKET  00F42C80 UDP Snd 81.187.30.42    f980   Q [0000       NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  020E0CF0 UDP Rcv 81.187.30.42    f980 R Q [0084 A     NOERROR] A     (1)C(4)mail(5)aaisp(3)net(2)uk(0)

20100224 15:07:49 5A4 PACKET  00F421D0 UDP Snd 10.0.0.102      0002 R Q [8081   DR  NOERROR] A     (5)mail2(6)wilmot(2)me(2)uk(0)

20100224 15:07:57 D80 EVENT   The DNS server wrote version 567 of zone data-utilities.co.uk to file data-utilities.co.uk.dns.

---
Community
  • 1
Steven_W
  • 252
  • 3
  • 10
  • So to sum up, would it be correct to state that you're finding that the dns in primary-dns.co.uk is working correctly while your local dns server is not working correctly? And that you don't have any control over the primary-dns.co.uk dns server but you do have control to the local dns server? – Patrick R Feb 24 '10 at 17:34
  • Correct: primary-dns.co.uk seems to be working correctly (though I'm no expert in the DNS RFC's) ... I don't have any control of this (though the ISP who owns it is definitely clued up (http://aa.nu/) and are in the position to make changes if something **is** wrong) ... However, I do have control of my local server (10.0.0.2 above) (and have observed the same results on another Win2003 Server that I've tested against) – Steven_W Feb 24 '10 at 17:43

3 Answers3

1

Worked for me no problem on OS X 10.6:

bash-3.2$ dig mail.wilmot.me.uk

; <<>> DiG 9.6.0-APPLE-P2 <<>> mail.wilmot.me.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23413
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mail.wilmot.me.uk.     IN  A

;; ANSWER SECTION:
mail.wilmot.me.uk.  0   IN  CNAME   wilmot.me.uk.mail.aaisp.net.uk.
wilmot.me.uk.mail.aaisp.net.uk. 3471 IN A   81.187.30.14
wilmot.me.uk.mail.aaisp.net.uk. 3471 IN A   81.187.30.19

;; AUTHORITY SECTION:
mail.aaisp.net.uk.  3368    IN  NS  auth.primary-dns.co.uk.
mail.aaisp.net.uk.  3368    IN  NS  auth.secondary-dns.co.uk.

;; ADDITIONAL SECTION:
auth.primary-dns.co.uk. 3466    IN  A   81.187.30.42
auth.secondary-dns.co.uk. 3466  IN  A   81.187.81.33

;; Query time: 158 msec
;; SERVER: 10.6.18.110#53(10.6.18.110)
;; WHEN: Wed Feb 24 09:18:45 2010
;; MSG SIZE  rcvd: 225

bash-3.2$ dig mail2.wilmot.me.uk

; <<>> DiG 9.6.0-APPLE-P2 <<>> mail2.wilmot.me.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41203
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mail2.wilmot.me.uk.        IN  A

;; ANSWER SECTION:
mail2.wilmot.me.uk. 0   IN  CNAME   C.mail.aaisp.net.uk.
C.mail.aaisp.net.uk.    3357    IN  A   81.187.30.19
C.mail.aaisp.net.uk.    3357    IN  A   81.187.30.14

;; AUTHORITY SECTION:
ail.aaisp.net.uk.   3357    IN  NS  auth.primary-dns.co.uk.
mail.aaisp.net.uk.  3357    IN  NS  auth.secondary-dns.co.uk.

;; ADDITIONAL SECTION:
auth.primary-dns.co.uk. 3455    IN  A   81.187.30.42
auth.secondary-dns.co.uk. 3455  IN  A   81.187.81.33

;; Query time: 162 msec
;; SERVER: 10.6.18.110#53(10.6.18.110)
;; WHEN: Wed Feb 24 09:18:56 2010
;; MSG SIZE  rcvd: 216
einstiien
  • 2,538
  • 18
  • 18
1

Server 2003 DNS has been around a while, I kind of doubt there's an incompatibility but I guess it's possible. If there is one it's not an OS issue but an MS DNS <--> "Other DNS" server issue. The DNS server doesn't know/care about the OS of the requestor or the DNS server it's querying.

I think you're going to have to look at the DNS logs from your server and see if your ISP can review them with you and/or look at their own logs to see what they are returning to DNS queries for your domain.

Make sure you disable EDNS on the W2k3 box. http://support.microsoft.com/kb/832223

I have seen a DNS server not resolve when DNS others do and usually it's a forwarding issue. In this case I do not have fwder's on my DNS and it fails for me but works when I change to an ISP's DNS server nearby. I would remove any forwarders if you have them setup on the DNS server in any case.

I tested from the US using my internal MS Server 2008 DNS, it fails consistently but with 2 different results:

mail.wilmot.me.uk
Server: [10.10.254.11]
Address: 10.10.254.11
*** [10.10.254.11] can't find mail.wilmot.me.uk: Non-existent domain

mail.wilmot.me.uk
Server: [10.10.254.11]
Address: 10.10.254.11
*** [10.10.254.11] can't find mail.wilmot.me.uk: Server failed

Google DNS server resolves it fine:

mail.wilmot.me.uk
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: wilmot.me.uk.mail.aaisp.net.uk
Addresses: 2001:8b0:0:30:230:48ff:fedb:256a
2001:8b0:0:30:230:48ff:fedb:25dc
81.187.30.14
81.187.30.19
Aliases: mail.wilmot.me.uk

Finally from a client's internal MS Server 2003 DNS I also got NXDomain:

mail.wilmot.me.uk
Server: oddjob.xyzassociates.com
Address: 192.168.2.7

*** oddjob.xyzassociates.com can't find mail.wilmot.me.uk: Non-existent domain

Hope that helps out a bit.

Ed Fries
  • 1,621
  • 2
  • 11
  • 14
  • Thanks - that's very helpful. I hadn't realised that Google had public DNS servers. I've looked through the packet-logs (even working with the ISP to get a tracedump of the line), and it clearly shows that my DNS server isn't even **trying** to lookup the full CNAME. I'll try the EDNS support-article, but I'm certain that there are no firewall-issues between here and the ISP. I'm not currently using forwarders, but from a theoretical point of view, I want to try and find the root cause rather than the "best workaround" – Steven_W Feb 25 '10 at 11:15
  • Just tried the EDNS article ... no help I'm afraid. – Steven_W Feb 25 '10 at 11:19
  • It's an interesting problem (for me, I'm sure frustrating for you!) and I've seen MS DNS fail when I thought it shouldn't but it's never been a real problem so I haven't looked into it further. Difficult to solve I think. A workaround might be to use a different DNS service (DynDNS, EasyDNS, etc) and if it works then call it good and move one. If not then it's a small cost to test. Not a satisfying answer I know... – Ed Fries Feb 26 '10 at 04:37
  • Fortunately, I'm in the position where the I can easily either modify the DNS record mail.wilmot.me.uk, or use a record such as mail2.wilmot.me.uk -- the workarounds are straight forward, it has become more of an "academic" issue rather than anything else, but it is interesting to see MS DNS fail like this. – Steven_W Feb 26 '10 at 11:26
0

I don't believe that you'll find that anyone (regardless of OS) will experience this issue unless they query your internal dns server. For the sake of argument I tried and successfully resolved usind Mac 10.6, Ubuntu Server 9.10, Windows 7, and Windows XP from 4 different networks using three different DNS servers. They all resolved correctly.

I took a look at the other question you referenced and noticed that box2.data-utilities.co.uk does not resolve this domain.

Is there a chance that you don't have mail.wilmot.me.uk defined correctly on your local dns server and your local dns server is deferring incorrectly?

That appears to be the case since I'm seeing both NXDOMAIN and NOERROR referenced in your examples.

You've posted a lot of data so forgive me if I'm reading it incorrectly.

EDIT: One other thing, I believe that if your dns server provides the mapping for a domain name you'll get NOERROR. And if it hands it off to another server you'll get NXDOMAIN and then NOERROR from the final dns server.

Also, I'm running dns servers locally on Windows 2003, Windows 2008 and Ubuntu 9.10. We compare notes on Windows2003 dns if needed.

Patrick R
  • 2,925
  • 1
  • 18
  • 27
  • The DNS records for wilmot.me.uk are held only at primary-dns.co.uk (and secondary-dns.co.uk) . My local server (10.0.0.2 aka box2.data-utilities.co.uk - an internal machine-name only) is purely acting as a local caching resolver. – Steven_W Feb 24 '10 at 19:29
  • Just noticed that you also mentioned above about WinXP and Win7 - It doesn't seem to be the client OS that is the problem, but more the OS of the DNS server that it connecting to. – Steven_W Feb 24 '10 at 19:35
  • Sorry but I'm thoroughly confused so I'm probably just wasting your time. I'm not even sure what the question is after reading this question and the referenced question a forth time. – Patrick R Feb 24 '10 at 20:16
  • It was basically a case of trying to troubleshoot why a record that seems to be stored correctly according to the "proper standards" and RFCs seems to not resolve properly when recursing through a Win2003 DNS server (but so far, it seems that Win2003 is the **only** system that is unable to resolve "properly" ... and yet **occasionally** it seems to get the right answer). ... So the question (possibly a long-shot) was whether anyone could help shed any light on this or help point me in the direction of anything similar – Steven_W Feb 24 '10 at 21:23