This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 45%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hello,
I am trying to dig into a problem here and have hit a blocker.
I have 3 domain controllers handling DNS. One of them works and the other two are having problems. Let's say DC1 works and DC2 and DC3 have problems. The problem is tricky to track down. Whenever I set a machine to use DC2 and DC3 internal DNS doesn't seem to have a problem, but going to a website in Chrome or anything external will occasionally return an error of "unable to resolve name". I have tested with multiple machines to confirm this wasn't a single machine having a problem. I have checked the DNS debug logs, but unfortunately when I find the error it just gives the log below. I can't find what causes the servfail. After a few refreshes of the Chrome the page will load correctly. This issue doesn't happen with any one site or every site. I can't find the pattern of when they fail.
My forwarder is set to use 8.8.8.8 and 8.8.4.4. I have checked the DNS setting between the working server and not working servers and couldn't notice a difference.
At this point I am stuck on what else to check or look into. I can't seem to find any other way to troubleshoot the issue. If anyone has any insight on where else to look or a misconfiguration that could cause only DNS lookup failures occasionally I would appreciate it.
3/30/2022 12:10:33 PM 16A0 PACKET 00000294802C0170 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:33 PM 16A0 PACKET 000002948E35AAF0 UDP Snd 8.8.8.8 a826 Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:33 PM 16A0 PACKET 00000294FC9649A0 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:34 PM 0760 PACKET 000002948C3B0D00 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:36 PM 0DE8 PACKET 0000029489AC4F40 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:36 PM 12BC PACKET 000002948E35AAF0 UDP Snd 8.8.8.8 a826 Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:40 PM 147C PACKET 00000294FC4A1140 UDP Rcv 10.105.16.47 6a7f Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:41 PM 12BC PACKET 000002948E35AAF0 UDP Snd 2001:502:1ca1::30 6148 Q [0000 NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:45 PM 12BC PACKET 00000294802C0170 UDP Snd 10.105.16.47 6a7f R Q [8281 DR SERVFAIL] A (7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0760 PACKET 00000294FBF68950 UDP Rcv 10.105.16.47 1994 Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0760 PACKET 0000029489EA5E10 UDP Snd 8.8.4.4 ff8e Q [0001 D NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0760 PACKET 00000294F97334F0 UDP Rcv 8.8.4.4 ff8e R Q [8081 DR NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0760 PACKET 00000294FBF68950 UDP Snd 10.105.16.47 1994 R Q [8081 DR NOERROR] A (7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0DE8 PACKET 000002948A305070 UDP Rcv 10.105.16.47 958c Q [0001 D NOERROR] A (2)cf(7)quizizz(3)com(0)
3/30/2022 12:10:51 PM 0DE8 PACKET 0000029487C5D830 UDP Snd 8.8.4.4 13f3 Q [0001 D NOERROR] A (2)cf(7)quizizz(3)com(0)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Please run;
Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt
then put unzipped text files up on OneDrive and share a link.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
I'm still gathering the information. I ran the DCDiag and noticed some RPC unavailable failures so I imagine those need fixed before more troubleshooting can be done.
Ok, sounds good.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 5%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
A bit of a shot in the dark but it's easy to miss root hint configuration on the individual DC's. If one or two root hints are configured for invalid IP addresses on DC2 and DC3 then this behavior could certainly happen.
However the fact that the same IP address in the logs above show successes then failure on an internal address (10.105.16.47) would point more to a networking or load based issue.
Good thought! I checked the Root hints, but they match the working server. Also, my forwarders are set to 8.8.8.8 and 8.8.4.4 so if my understanding is correct the root hunts shouldn't be used to often.
Thanks for the response!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Try take a look in the answer here and see if it's related to your issue.
https://superuser.com/questions/1178343/cannot-resolve-websites-intermittently-mostly-gov
Thanks for the response! I didn't even know this could be a problem. I ran the check mentioned in the article to see if the size was above the minimum required and it was. Good thought though!
Just wanted to add to this in case someone ever finds it.
I found there was a lot wrong with the DC's. Replication was occasionally working and found not all the ports were open. Also the subnet mask was incorrectly setup on the NICs. I restarted both of the broken DC's after this and one started working. I think the one that came up was just in a bad state. Either way that left me with 1 broken DC and I decided to ditch it and just build a new one to replace it. New DC is working great and exists in the same subnet and tools as the broken one so it is something wrong with the machine.
Glad to hear of success.
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
