Hi,

I've got a Windows 2003 Small Business Server running a DNS server.
Usually resolving addresses (e.g. by using a web browser or by using
nslookup on the command shell) works for my clients, but if the client
did not resolve an address for some time, it fails. If I retry
resolving the address, it usually works.
I switched on logging for DNS on the server and found out that those
failing requests had a very long query time (e.g. 526492 seconds for
one query!) but didn't fail. So I guess the client times out and
doesn't receive the answer.
I found http://support.microsoft.com/kb/828731/en-us and followed the
instructions, but this didn't .
Does anyone have an idea what I could do?
Thanks in advance!
Regards,

Robert.

In news:1152781754.349950.174630@i42g2000cwa.googlegr oups.com,
r.g.siebeck@gmail.com <r.g.siebeck@gmail.com> stated, which I commented on
below:
> Hi,
>
> I've got a Windows 2003 Small Business Server running a DNS server.
> Usually resolving addresses (e.g. by using a web browser or by using
> nslookup on the command shell) works for my clients, but if the client
> did not resolve an address for some time, it fails. If I retry
> resolving the address, it usually works.
> I switched on logging for DNS on the server and found out that those
> failing requests had a very long query time (e.g. 526492 seconds for
> one query!) but didn't fail. So I guess the client times out and
> doesn't receive the answer.
> I found http://support.microsoft.com/kb/828731/en-us and followed the
> instructions, but this didn't .
> Does anyone have an idea what I could do?
> Thanks in advance!
> Regards,
>
> Robert.

What part of 808731 did you follow? Did you run a fixup on your PIX or
firewall or did you disable EDNS0? Did you test it?

To test, try a query using nslookup (not ping):
nslookup
> www.yahoo.com

if it times out here, then enter this next command to force it to use TCP
instead of UDP:

set vc

then rerun:

> www.yahoo.com

If the answer comes back, then it means EDNS0 is still active or you didn;'t
allow port 53 UDP max 1280 bytes thru the firewall.

DNS uses UDP, then switches up to TCP if greater than 512 bytes upto 1280
bytes.EDNS0 is a new industry implementation (not just Microsoft but
industry wide) that makes DNS queries more efficient. But routers and
firewalls need to allow it and usually means to upgrade your firmware on the
router. You can also disable EDNS0 on the Win2003 DNS server with the
command supplied in the article, but you must have the Support Tools
installed to have the DNSCMD command available

Type dnscmd /Config /EnableEDnsProbes 0, and then press ENTER.

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...

Hi,

thanks for your answer.

Ace Fekay [MVP] schrieb:

> In news:1152781754.349950.174630@i42g2000cwa.googlegr oups.com,
> r.g.siebeck@gmail.com <r.g.siebeck@gmail.com> stated, which I commented on
> below:
> > Hi,
> >
> > I've got a Windows 2003 Small Business Server running a DNS server.
> > Usually resolving addresses (e.g. by using a web browser or by using
> > nslookup on the command shell) works for my clients, but if the client
> > did not resolve an address for some time, it fails. If I retry
> > resolving the address, it usually works.
> > I switched on logging for DNS on the server and found out that those
> > failing requests had a very long query time (e.g. 526492 seconds for
> > one query!) but didn't fail. So I guess the client times out and
> > doesn't receive the answer.
> > I found http://support.microsoft.com/kb/828731/en-us and followed the
> > instructions, but this didn't .
> > Does anyone have an idea what I could do?
> > Thanks in advance!
> > Regards,
> >
> > Robert.
>
> What part of 808731 did you follow? Did you run a fixup on your PIX or
> firewall or did you disable EDNS0? Did you test it?

I disabled EDNS0 and tested it. Didn't fix the problem.

Any other ideas?

Regards,

Robert.

In news:1154184837.807305.321470@s13g2000cwa.googlegr oups.com,
r.g.siebeck@gmail.com <r.g.siebeck@gmail.com> stated, which I commented on
below:
> Hi,
>
> thanks for your answer.

You are welcome. But curious, many folks usually post back with the results
of a suggestion offered by someone here in the groups. I'm curious if my
suggestions ed. What did you do to resolve it?

Thank you.

Ace

<r.g.siebeck@gmail.com> wrote in message
news:1154184837.807305.321470@s13g2000cwa.googlegr oups.com...
<snip>
>
> I disabled EDNS0 and tested it. Didn't fix the problem.
>
> Any other ideas?
>
> Regards,
>
> Robert.

My apologies for my previous post, if only I had looked down further!. I
didn't see the answer at the bottom of your post. My apologies...

I'msorry the ENDS0 suggestion didn't work. Maybe another idea is to try a
different external DNS server for your forwarder. Give this one a try:
4.2.2.2.

Ace