Jump to content
Compatible Support Forums

hwest

Members
  • Content count

    2
  • Joined

  • Last visited

    Never

Everything posted by hwest

  1. Hello, We're having symptoms identical to those described a couple of posts ago (DNS Server Not Working for External Access). The Server we use has multiple NICs, but all are disabled except for one. We have only one domain and the DC that handles DNS forwarding to the internet works fine, sometimes for a day or two, regarding forwarding dns requests out to the internet. However, it occasionally stops forwarding requests (although it continues functioning fine for resolving names in our domain). The event viewer shows nothing wrong and the DNS server service, itself, never shows it has stopped. Restarting the DNS server service resolves the problem for a day or two at a time. The NIC properties has two DNS server ip's in it--the first address points DNS at that server itself and the second points it at another DC in our domain, as recommended by Microsoft http://support.microsoft.com/default.asp...blurb091200.asp (this is a webcast and having each DC contain its own IP address in the NIC properties, as well as another DC on the same domain, is covered between minute 17 and 18 in the webcast). Has anyone else had this problem? If so, how did you resolve it? We are about to upgrade our AD infrastructure from 2000 to 2003 and a consultant told us the forwarding problem is a known issue with MS and the upgrade to 2003 should fix it (although I cannot find any documentation at MS to support his statement--anyone seen that?). Thanks for any ideas! -HWest
  2. Thanks for the replies (greatly appreciated). I'll try forwarding to another DNS server and see what happens. Your idea that it's a flakey DNS server (or something along those lines) sounds quite possible. We had some trouble in the recent past after our carrier installed a new router on their network. They reported they had corrected the problems on their side that were giving us trouble, but there may remain unresolved problems there. Now, I'm seeing a new problem, though. I put a packet sniffer on the network and filtered for udp port 53 and I'm seeing large number of requests for www.code87.org. I found only one reference to this specific line, so far (although I just started searching) and it's regarding worm_rbot.as. However, I see these requests coming from various machines over our network and when I check each, I see no signs that any of the machines requesting this address have any of the files/registry entries described in the article on worm_rbot.as at http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_RBOT.AS&VSect=T. Our a/v signature is up to date on all computers (using ca's inoc. 7.0 software). Need to sort this out and then come back to original problem. Thanks again for the replies.
×