Yesterday, we applied SP1 to our DNS server which is running Windows Server 2008 R2.
After the update DNS is failing. There are no failure codes in the event log; it says the service has started and for all intents and purposes acts like it is working.
However, when I go to DNS properties, Monitoring tab and click "test now" it says both the simple and recursive queries have failed.
Event loggings is set to log All events.
For some reason it worked for a few minutes earlier today; but since has stopped again.
Any ideas on what I can check?
NOTE: I did a restart on the DNS services and it came back online; for a little while. Then went away again.
EDIT: (4/5/11) 2 Months later and the same issue. DNS now runs for awhile before tanking. However, when it does there is absolutely no error.
We took a specific router out of the equation recently and there has thus far not been a recurrence of this.
I'm going to chalk it up to one of two possibilities. Either a flaky router was sending requests that was causing the DNS server to tank; or MS fixed this issue.
Either way, closing.
UPDATE
As with all things in life, there is more. The newer router died and we replaced it with a Linksys RV082 and this issue started popping up again.
A bit more research and I found that it's a combination of problems. First, Windows Server 2008 R2 defaults to sending DNS requests using an extension called EDNS0. However, in the event of a DNS failure, it doesn't send the request out again without that extension.. like it should.
Some routers apparently either completely drop, or at least truncate, UDP packets that are over 512 bytes. Normal DNS is less than this, however the EDNS0 extension can easily go beyond it. And by some, I mean several of the Cisco routers we've tried. Yes, the first router was a Cisco (different model) as well. The second router was some other brand.
Unfortunately, these particular routers don't give us the option to allow larger UDP packets; or, if they do, it's hidden and I haven't been able to find the right switch.
Normally, this isn't too much of an issue but there appears to be a bug in the MS DNS server that causes it to completely stop resolving DNS queries when a certain number of failures occur. This necessitates restarting the DNS services at which it will function for awhile.
The fix is to simply turn off EDNS0 support.
The command for that is:
dnscmd /config /EnableEDNSProbes 0Try using the dcdiag tool, it may help you identify the problem. Also, on your DNS server, do you have auto register in DNS selected on the adapter?