Changed DNS server config on Azure VM DC, Azure VMs stopped responding

Question

Hi folks,

We have a number of VMs provisioned in Azure. We have a Domain Controller and two OpenDNS VMs for DNS resolution.

I had to run a script to change the DNS configuration on all servers - both on-prem and Azure - to point to our on-prem OpenDNS servers. In error, all our DCs were included in the list of servers.

When the script ran, there were no issues internally, but our Azure VMs stopped responding to pings, RDP, web access, etc. The Azure VMs, such as Citrix, web and SQL instances were not changed as part of the running script - the remote procedure call failed. We couldn't contact the Azure VMs either by name (understandable) or by IP (little bit more confused about this one). A restart of the VM resolved the issue. We manually changed the on-prem DCs back to the pre-change DNS settings.

Can someone help me shed some light on this issue? I am trying to understand why the VMs stopped responding to connectivity by IP as well as by name. The name thing I can understand, but the lack of being able to connect/contact by IP has me stumped.

Any advice or suggestions would be greatly appreciated.

Thanks.

Andy

Answer 1

In the scenario you described, it is not typical or expected to lose connectivity via the Public IP. When you say you lost connectivity, do you mean that you were unable to establish an RDP session, or unable to establish a TCP connection? If you lost contact with your domain server, it is expected to be unable to login with domain credentials, although a local admin should still work.

Answer 2

You need to configure forwarders at your OpenDNS If a DNS server cannot find a resource record in its zones, it can send the request to another DNS server for additional attempts at resolution. A common scenario might be to configure forwarders to your ISP's DNS servers.

Click Start, point to Administrative Tools, and then click DNS.

Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.

Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.

In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.

Repeat step 4 to add the DNS servers to which you want to forward.

Click OK.

Answer 3

Dead on folks, thanks for the responses.

Just to answer your question Travis, all the Azure VMs stopped responding from our local network. We couldn't RDP, ping, browse sites, manage SQL DBs. This was both by name and IP, which is why I'm so baffled. I can understand, and even expect, the name resolution to have issues, but for almost all our Azure resources to stop IP address communication was just weird. Ironically enough though, the Azure DC VM was the only one that didn't lose connectivity.

Weily, I will touch base with the network/security guys to see what way the OpenDNS servers are being configured. This is something that's just come our way in the past few weeks and I'm not 100% sure what way it's being done. I do know that I have noticed both forwarder and root hints issues on the Azure DC, so know this won't have helped.

Thanks for the feedback guys, appreciate it.