HELP! I killed the DNS server on my Windows server.

Discussion in 'Mac OS X Server, Xserve, and Networking' started by PinkyMacGodess, Jun 14, 2017.

  1. PinkyMacGodess macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #1
    I've used a local DNS server for decades, and it's been our Windows Server, and the current one is Windows 2008, and it's worked for YEARS flawlessly.

    Until Monday.

    It stopped answering DNS queries.

    I've reset it, I've reinstalled it, I've gone through all of the hair brained (well most) solutions I can find, but it's still not working. At first it was popping errors about not being able to access the Domain for replication, fixed that. Now I get a message, which just started to popup, that says that DNS Server received a bad message from X.X.X.X, which is my Mac.

    I would try Windows Update, but the server can't get outside the local network because it apparently can't do anything DNS. Pings don't work, NSLOOKUP fails, it's just FUBAR. Now I can't remote into it at all. I'll have to trudge downstairs and see what's up now. Talk about drama. It's been up for 9 years! What a time to do a face plant...
     
  2. PinkyMacGodess thread starter macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #2
    I'm hoping I don't have to reinstall this.

    There seems to be a bit flipped in Active Directory somewhere. DAMN... :-(
     
  3. DJLC macrumors 6502a

    DJLC

    Joined:
    Jul 17, 2005
    Location:
    Mooresville, NC
    #3
    Have you checked all DNS settings — root hints, forwarders, etc?

    Any weird firewall or antivirus stuff going on?
     
  4. Mikael H macrumors 6502

    Joined:
    Sep 3, 2014
    #4
    +1 for this. Something about how DNS is implemented in Windows results in it not always even trying to access the next entry in the list in certain circumstances. Re-ordering the entries may be a valid workaround.
     
  5. kiwipeso1 macrumors 6502a

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #5
    Have you considered running MacOS server and replacing the flakey Windows server with it ?
    I haven't had a problem with mac server app at all for the last 6 years I've used it.
     
  6. daflake macrumors 6502a

    Joined:
    Apr 8, 2008
    #6
    You are running a domain or is this just a stand alone dns server? As others have mentioned, make sure you check firewall settings first before you start tearing things apart.
     
  7. PinkyMacGodess thread starter macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #7
    I was told that part of the problem is that Windows DNS doesn't need forwarders and will work (*SHOULD* work) just fine without them. I've tried with, and without. No difference.

    DCDiag isn't quite happy with Active Directory, but the errors showing, for the most part, are NBD and ignorable. It's almost like Windows Firewall is blocking its own service, DNS. I would have thought that an uninstall/reinstall dance would have fixed that if it were the case.

    As far as weird, no. No weirder than OOB...

    This all seems to have started when a wiring problem happened in the huge cabinet down the road. One pair was disconnected and jammed into an other set of contacts in there resulting in our losing the 'bonded pair'. That and the 'medem' was replaced a few times by helpful field minions, and a transcription error on my part with the DNS addresses from the modem to the DNS server, which is probably what happened as apparently the DNS server can't be depended on to alter its own settings. *SIGH*
    --- Post Merged, Jun 15, 2017 ---
    I have had that happen at a client site. I believe it was Charter had one DNS server that was always unavailable. After an 'upgrade', the notorious IP was given as 'The Server To Use', and it never worked, and Windows DNS seemed to ignore the secondary address. I just swapped them manually, and peace and tranquility reigned until that DNS went down a month or so later. Drama...
    --- Post Merged, Jun 15, 2017 ---
    Yes I have. I also have an old Cobalt rack system that I have thought of using. I used our own DNS for convenience because the ISP ones would occasionally go missing. It seemed faster too...
    --- Post Merged, Jun 15, 2017 ---
    Full Active Directory Domain. I once had nearly a dozen Windows systems on that network before I retired. Now I keep the server for the DNS and also one email account I have to have because it's tied to my Apple ID. *sigh*
     
  8. daflake macrumors 6502a

    Joined:
    Apr 8, 2008
    #8
  9. PinkyMacGodess thread starter macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #9
    That was one article I haven't seen yet. I'm not going to give up. Not yet. Right now it's not accessible through MRD, so I have to trip down and see what's up. (It lives, appropriately, in the basement)
     
  10. PinkyMacGodess thread starter macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #10
    So I killed all the root hints, and recreated them. I am chasing errors from 'dcdiag /testdns'.

    Even with forwarders, I have zero internet connectivity from the server, yet I can still ping the server IP, and remote into it from my mac.

    Wishing I had an extra Mac Mini to donate to the cause. I'd be thinking of putting SUNOS on a PeeCee box and running that just to have *something*...

    I still can't even begin to think about what hammered the NIC. I mean, it works. Sort of...
    --- Post Merged, Jun 15, 2017 ---
    Windows firewall is correctly configured too. Odd...
    --- Post Merged, Jun 15, 2017 ---
    I thought it was my firewall appliance, but it can resolve url's. Strange...
     
  11. PinkyMacGodess thread starter macrumors 68040

    PinkyMacGodess

    Joined:
    Mar 7, 2007
    Location:
    Midwest America.
    #11
    So I fixed it. Don't know why this worked.

    I changed the subnet mask on the firewall to a full class c (255.255.255.0). Strange, but I'm not the planet's best network engineer.
     

Share This Page