Share via

Malformed DNS Query

page2012 1 Reputation point
2020-11-17T16:52:40.757+00:00

Hi Everyone

I was recently troubleshooting an issue and doing a packet capture when I found DNS queries that were formed like the following:

_ldap._tcp.<zone>._sites.dc._msdcs.<HOST_NAME>.<domain>.com

where the host name of the server was being inserted into the DNS query.

Upon further investigation, I found that this was occurring on other servers and all happening exactly every 30 minutes. I assume this is based on the DNS refresh interval. The issue is that it is causing DNS queries to not respect the site and failing before it chooses a random DC. As such, it will randomly connect to a DC at a remote site for LDAP lookups which slows down performance.

My question is: Why is it inserting the hostname into the query? How do you resolve this?

I have consulted with Microsoft and so far they have not been able to find a solution yet. If we find a solution, I will update this thread, but any advice would be greatly appreciated!

Thank you

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,470 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,039 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gloria Gu 3,896 Reputation points
    2020-11-19T06:11:30.79+00:00

    @page2012 Hi,

    Thank you for posting in Q&A!

    In order to provide you more specificed suggestions, firstly allow me to confirm the following information:

    1.According to your description, when the client trying to communicate with one specific DC in the same site with client, the DNS queries failed, and a random DC located in a remote site responced. If my understanding has any problem, please correct it at any time.

    If it is the situation, first I suggest you to check the configuration of your client's site and the DC of it. If there're some problem with this site or the DC, it will end up with contacting another random DC.

    2.This DNS query packet was caught under what condition?

    Hope you have a nice day : )
    Gloria

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
    https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.