5

When I open the DNS console in Administrative tools, I keep finding a couple of problems which keep on reappearing by themselves, and I want to stop them from happening.

One of the DNS servers has two network interfaces, and it should only be listening for requests on of them, and I get errors in the Event Log otherwise. But when right clicking one DNS server and selecting Properties, I can see on the Interfaces tab that 'All IP addresses' is selected. If I Change it to 'Only the following IP addresses:' and deleselect the WAN addess, I will find it reslected when I next check it after a couple of days.

In the other DNS server's Properties, on the Forwarders tab, there should only be two forwarder addresses. However, the address for the router keeps in appearing. This router has the DNS server as its forwarder. There shouldn't be anything using the router's DNS forwarders for DNS other than the router itself, but this surely is causing a loop.

How do I get these properties on both DNS servers to stick?

Dave M
  • 4,494
  • 21
  • 30
  • 30
paradroid
  • 858
  • 5
  • 15
  • 28
  • Is DNS working for clients? Are you receiving errors? – Dave M Apr 10 '12 at 01:47
  • @DaveM: DNS works fine, but the first problem causes Event ID 410 to appear in the DNS server event log. I'm not sure if the first problem causes any errors, but I can see it causing DNS request loops. – paradroid Apr 10 '12 at 01:51
  • Have you tried this procedure? http://technet.microsoft.com/en-us/library/cc735664(v=ws.10).aspx Not sure of this one, but you might want to verify group policy isn't overriding settings but I'm not a group policy expert. – murisonc Apr 10 '12 at 01:57
  • @murisonc: Thanks. I have been trying what that link says to do, apart from restarting the DNS role, which I have now tried. I'll have to wait and see if that has worked. I am pretty sure there are no group policies that would affect this. – paradroid Apr 10 '12 at 02:16
  • Well I hope it works. Check back in and let us know tomorrow or the next day. These types of problems are a PITA. – murisonc Apr 10 '12 at 02:21
  • @murisonc: Unfortunately that didn't work. – paradroid Apr 13 '12 at 06:49

1 Answers1

2

Event ID 410 seems to indicate that the DNS server looks at the list of interfaces that it is allowed to respond to requests on and that it does not contain an IP address that is one of its own. It seems to be saying that when it finds itself in that state, it automatically sets itself back to "All IP addresses," which is the behavior you report.

Perhaps your DNS server is set to use DHCP for its IP address(es) and it is getting changed. Changing it to static IP addressing might fix the issue.

Perhaps it is set to static IP addressing and the address is intentionally being changed.

Tom Ligda
  • 183
  • 1
  • 6
  • Ah yes, the private-facing interface on the remote DC/DNS server is on OpenVPN, and does get its address through DHCP, as it is an OpenVPN client. I have set OpenVPN to always give the same address, but it is still technically a dynamic address. I cannot make that host an OpenVPN server instead of client, as I cannot get it to work like that on Amazon EC2 for some unknown reason. So now that I know the reason for this issue, I still need a workaround (registry entry NTFS permissions?), or just ignore it. There is also still the other problem on the other DNS server. – paradroid Apr 14 '12 at 16:22
  • One thing you could do is to block port 53 on the WAN side so no DNS queries come through on that interface. I have no idea on the other issue with DNS forwarders. – Tom Ligda Apr 16 '12 at 21:55