DNS not resolving for one specific external domain from our domain controllers. All others work.

Keith Crofutt 21 Reputation points
2021-10-14T19:18:34.787+00:00

There is one external domain that used to work, but recently is no longer resolving from our internal network. We use the built-in DNS service from Microsoft Server. Changing the DNS setting on internal systems to an open DNS, such as 1.1.1.1 solves the issue, but this is not ideal as a resolution for our internal systems.

Any ideas what can be checked, why this could be impacting just the Microsoft DNS services? There are no other external domains that seem to be having the issue. Doing packet tracing, they always stop after getting to the internal DNS.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,391 Reputation points
    2021-10-15T20:35:02.427+00:00

    Hi @Keith Crofutt

    You could try enabling debug logging on the DNS server, to see why the query is failing and if it's a specific forwarder that is causing the problem.

    To enable the logging open the server properties in the DNS console and set the debug logging tab as shown, setting the file path to something that's appropriate for your server:
    140973-dns-debug.png

    Then use nslookup to query the site a couple of times and access the webpage.

    You will need to disable the debug logging for the log to be flushed to the drive.

    Review the log file and see if you get any insights why the query for domain is failing.

    Gary.

  2. Keith Crofutt 21 Reputation points
    2021-10-19T17:00:36.257+00:00

    When trying to set up a forwarder, it eventually times out stating that the remote domain could not be verified. For now we are trying to arrange a meeting with the IT support for the remote domain. They just switched to a cloud provider so it seems to be related to that change and not us.

    0 comments
  3. Dave Patrick 426.1K Reputation points MVP
    2021-10-19T17:19:13.617+00:00

    Makes sense, glad to hear of progress.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments