DNS not resolving for one specific external domain from our domain controllers. All others work.

Keith Crofutt 21 Reputation points
2021-10-14T19:18:34.787+00:00

There is one external domain that used to work, but recently is no longer resolving from our internal network. We use the built-in DNS service from Microsoft Server. Changing the DNS setting on internal systems to an open DNS, such as 1.1.1.1 solves the issue, but this is not ideal as a resolution for our internal systems.

Any ideas what can be checked, why this could be impacting just the Microsoft DNS services? There are no other external domains that seem to be having the issue. Doing packet tracing, they always stop after getting to the internal DNS.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments

8 answers

Sort by: Newest
Most helpful Newest Oldest
  1. Dave Patrick 426.1K Reputation points MVP
    2021-10-19T17:19:13.617+00:00

    Makes sense, glad to hear of progress.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Keith Crofutt 21 Reputation points
    2021-10-19T17:00:36.257+00:00

    When trying to set up a forwarder, it eventually times out stating that the remote domain could not be verified. For now we are trying to arrange a meeting with the IT support for the remote domain. They just switched to a cloud provider so it seems to be related to that change and not us.

    0 comments
  3. Gary Reynolds 9,391 Reputation points
    2021-10-15T20:35:02.427+00:00

    Hi @Keith Crofutt

    You could try enabling debug logging on the DNS server, to see why the query is failing and if it's a specific forwarder that is causing the problem.

    To enable the logging open the server properties in the DNS console and set the debug logging tab as shown, setting the file path to something that's appropriate for your server:
    140973-dns-debug.png

    Then use nslookup to query the site a couple of times and access the webpage.

    You will need to disable the debug logging for the log to be flushed to the drive.

    Review the log file and see if you get any insights why the query for domain is failing.

    Gary.

  4. Dave Patrick 426.1K Reputation points MVP
    2021-10-15T14:03:31.387+00:00

    it reports that DNS server are unavailable

    What DNS server? There are many public DNS servers. The site itself may have some sort of registration problem, may need to contact the site owner.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

  5. Keith Crofutt 21 Reputation points
    2021-10-15T13:39:49.62+00:00

    Nope, we thought for a bit it might have been Defender or Intune but there are no settings to block/filter websites. When running the built in Windows Diagnostics after failure to reach the site, it reports that DNS server are unavailable. This is obviously not true since every other website and resource works with no issues, internal and external. So at this point we are baffles. Traces show the browsers reaching the DNS servers, but then nothing. Packets die.

    0 comments