And I did consider that. :)
However, (A.) this server's configuration hasn't changed in the years since it was deployed, (B.) we've done the same thing at our other sites that aren't having problems, and (C.) DNS is working 100% correctly at the site in question except for the failure of lookups against this one single domain name. So while I'm open to all possibilities (honestly-I'm getting desperate), my gut instinct is that this isn't the cause of the problem. John From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, August 15, 2012 10:36 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address I have a theory. Often when Mr. Smith asks a question he isn't looking for an answer to that question, he is pointing you towards the answer for your problem. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, August 15, 2012 10:33 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Yup. When we decommissioned the old server this server replaced, some devices were still looking for it for DNS (they had static settings). So we assigned the old server's address to the new one as a second address. John From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, August 15, 2012 10:05 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Your DC has multiple IP addresses? From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]<mailto:[mailto:john.hornbuc...@taylor.k12.fl.us]> Sent: Wednesday, August 15, 2012 9:08 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Oh, and to add... Each of my sites has its own DNS server. All other DNS servers are resolving this address fine. All servers are behind the same firewall. Curiouser and curiouser. From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]<mailto:[mailto:john.hornbuc...@taylor.k12.fl.us]> Sent: Wednesday, August 15, 2012 8:50 AM To: NT System Admin Issues Subject: RE: DNS Lookup Failing for One Address Per the suggestions from the list, I put dig on my squirrely DNS server and ran dig +trace www.studyisland.com<http://www.studyisland.com>. Results are: === ; <<>> DiG 9.3.2 <<>> +trace www.studyisland.com<http://www.studyisland.com> ;; global options: printcmd . 19740 IN NS b.root-servers.net. . 19740 IN NS c.root-servers.net. . 19740 IN NS d.root-servers.net. . 19740 IN NS e.root-servers.net. . 19740 IN NS f.root-servers.net. . 19740 IN NS g.root-servers.net. . 19740 IN NS h.root-servers.net. . 19740 IN NS i.root-servers.net. . 19740 IN NS j.root-servers.net. . 19740 IN NS k.root-servers.net. . 19740 IN NS l.root-servers.net. . 19740 IN NS m.root-servers.net. . 19740 IN NS a.root-servers.net. ;; Received 449 bytes from 127.0.0.1#53(127.0.0.1) in 15 ms com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. ;; Received 509 bytes from 192.33.4.12#53(c.root-servers.net) in 46 ms studyisland.com. 172800 IN NS aldfwprdinf001.archipelagolearni ng.com. studyisland.com. 172800 IN NS aldfwcrpinf001.archipelagolearni ng.com. ;; Received 147 bytes from 192.42.93.30#53(g.gtld-servers.net) in 93 ms www.studyisland.com<http://www.studyisland.com>. 0 IN CNAME vip1.studyisland.com. vip1.studyisland.com. 28800 IN A 72.249.13.58 ;; Received 72 bytes from 207.210.237.70#53(aldfwprdinf001.archipelagolearning.c om) in 46 ms === Now, I'm not a DNS expert. But to me, this looks right because I know that www.studyisland.com<http://www.studyisland.com> = vip1.studyisland.com = 72.249.13.58. But when I use nslookup against that same DNS server, my queries still fail. I enabled debugging in nslookup and got this: === > set db2 > www.studyisland.com<http://www.studyisland.com>. Server: aoc-pet300.taylor.k12.fl.us Addresses: 10.11.7.19 10.11.7.13 ------------ Got answer: HEADER: opcode = QUERY, id = 8, rcode = SERVFAIL header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 1 QUESTIONS: www.studyisland.com<http://www.studyisland.com>, type = A, class = IN ADDITIONAL RECORDS: -> (root) ??? unknown type 41 ??? ttl = 0 (0 secs) ------------ DNS request timed out. timeout was 2 seconds. timeout (2 secs) *** aoc-pet300.taylor.k12.fl.us can't find www.studyisland.com<http://www.studyisland.com>.: Server failed === Found someone reporting a similar issue (but no real solution) here: http://forums.msexchange.org/m_1800553796/printable.htm Also, when I run nslookup I *can* resolve studyisland.com-just not www.studyisland.com<http://www.studyisland.com>. Still researching... From: John Hornbuckle Sent: Tuesday, August 14, 2012 1:42 PM To: NT System Admin Issues (ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>) Subject: DNS Lookup Failing for One Address Okay, DNS wizards... I need some input. One of my DNS servers (Server 2008) is failing to resolve www.studyisland.com<http://www.studyisland.com> like so: C:\>nslookup Default Server: aoc-pet300.taylor.k12.fl.us Address: 10.11.7.13 > www.studyisland.com<http://www.studyisland.com>. Server: aoc-pet300.taylor.k12.fl.us Address: 10.11.7.13 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to aoc-pet300.taylor.k12.fl.us timed-out But I can point nslookup at one of my other servers (also Server 2008), and it resolves fine. Which kind of sounds like a server problem--but this server has resolved every other name I've thrown at it, though. Only this one is failing. I can point nslookup at the Norton DNS server that my failing server uses as a forwarding server (198.153.192.1), and it resolves fine. All of my other servers use that same forwarding address, too. I'm kind of going crazy here... My users desperately need to get to this site. I can't figure out what's wrong, but that's no surprise because I'm not an expert when it comes to DNS. Can anyone offer any troubleshooting pointers? John Hornbuckle, MSMIS, PMP MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin