If you don't have any old equipment with static listings of the older IP address of the DC, remove the older IP address.
If you do have older equipment with static listings, but don't have any newer equipment with static listings, and want to preserve the old address, then during off-hours remove the newer address and reboot. If you have different sets of equipment that points to both addresses, you'll need to fix one or the other set of equipment. Kurt On Wed, Aug 15, 2012 at 9:14 AM, John Hornbuckle <john.hornbuc...@taylor.k12.fl.us> wrote: > And we have a winner!!! > > > > So, I was totally unfamiliar with conditional forwarding. I just tried what > you suggested, and voila—it works. > > > > I realize this is a workaround, and I still want to tackle the root of the > problem. But this at least buys me some time. > > > > > > > > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Wednesday, August 15, 2012 11:09 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > Another option is to set up conditional forwarding on the ‘bad’ dns server > to one of your ‘good’ dns servers for just studyisland.com > > > > That way you will be out of the business of manually working on that zone as > studyisland moves or changes things. > > > > > > From: Michael B. Smith [mailto:mich...@smithcons.com] > Sent: Wednesday, August 15, 2012 11:06 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > While officially supported, having multiple IP addresses on a single DC is > not recommended and has caused problems all the way back to NT 3.5. > > > > If you just want to make this work – host the domain locally. Create it in > your DNS servers. Probably the quickest way to fix the problem. > > > > Meinolf Weber wrote a very lengthy response to someone’s question, a few > years ago, about what can go wrong on a DC with multiple IP addresses. Took > me a few minutes to find it, link below. Much of it doesn’t apply in your > case, of course, but still a worthwhile read. > > > > http://www.winvistatips.com/domain-controller-multiple-nic-dns-problem-t705909.html > > > > I can surmise that what is happening here is that you are having to talk to > a server that doesn’t like asynchronous routing of DNS replies and requests. > That’s becoming more and more common as DNS spoofing becomes more and more > common. Couldn’t verify that without a network trace (wireshark / netmon). I > probably would’ve done that by now and if you really want to track the issue > down, that’s the next best step IMO. > > > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] > Sent: Wednesday, August 15, 2012 10:43 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > And I did consider that. > > > > :) > > > > However, (A.) this server’s configuration hasn’t changed in the years since > it was deployed, (B.) we’ve done the same thing at our other sites that > aren’t having problems, and (C.) DNS is working 100% correctly at the site > in question except for the failure of lookups against this one single domain > name. > > > > So while I’m open to all possibilities (honestly—I’m getting desperate), my > gut instinct is that this isn’t the cause of the problem. > > > > > > John > > > > > > From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] > Sent: Wednesday, August 15, 2012 10:36 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > I have a theory. Often when Mr. Smith asks a question he isn’t looking for > an answer to that question, he is pointing you towards the answer for your > problem. > > > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] > Sent: Wednesday, August 15, 2012 10:33 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > Yup. When we decommissioned the old server this server replaced, some > devices were still looking for it for DNS (they had static settings). So we > assigned the old server’s address to the new one as a second address. > > > > > > John > > > > From: Michael B. Smith [mailto:mich...@smithcons.com] > Sent: Wednesday, August 15, 2012 10:05 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > Your DC has multiple IP addresses? > > > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] > Sent: Wednesday, August 15, 2012 9:08 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > Oh, and to add… Each of my sites has its own DNS server. All other DNS > servers are resolving this address fine. All servers are behind the same > firewall. > > > > Curiouser and curiouser. > > > > > > From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] > Sent: Wednesday, August 15, 2012 8:50 AM > > > To: NT System Admin Issues > Subject: RE: DNS Lookup Failing for One Address > > > > Per the suggestions from the list, I put dig on my squirrely DNS server and > ran dig +trace www.studyisland.com. Results are: > > > > === > > ; <<>> DiG 9.3.2 <<>> +trace www.studyisland.com > > ;; global options: printcmd > > . 19740 IN NS b.root-servers.net. > > . 19740 IN NS c.root-servers.net. > > . 19740 IN NS d.root-servers.net. > > . 19740 IN NS e.root-servers.net. > > . 19740 IN NS f.root-servers.net. > > . 19740 IN NS g.root-servers.net. > > . 19740 IN NS h.root-servers.net. > > . 19740 IN NS i.root-servers.net. > > . 19740 IN NS j.root-servers.net. > > . 19740 IN NS k.root-servers.net. > > . 19740 IN NS l.root-servers.net. > > . 19740 IN NS m.root-servers.net. > > . 19740 IN NS a.root-servers.net. > > ;; Received 449 bytes from 127.0.0.1#53(127.0.0.1) in 15 ms > > > > com. 172800 IN NS g.gtld-servers.net. > > com. 172800 IN NS m.gtld-servers.net. > > com. 172800 IN NS e.gtld-servers.net. > > com. 172800 IN NS j.gtld-servers.net. > > com. 172800 IN NS k.gtld-servers.net. > > com. 172800 IN NS d.gtld-servers.net. > > com. 172800 IN NS a.gtld-servers.net. > > com. 172800 IN NS c.gtld-servers.net. > > com. 172800 IN NS f.gtld-servers.net. > > com. 172800 IN NS h.gtld-servers.net. > > com. 172800 IN NS b.gtld-servers.net. > > com. 172800 IN NS l.gtld-servers.net. > > com. 172800 IN NS i.gtld-servers.net. > > ;; Received 509 bytes from 192.33.4.12#53(c.root-servers.net) in 46 ms > > > > studyisland.com. 172800 IN NS > aldfwprdinf001.archipelagolearni > > ng.com. > > studyisland.com. 172800 IN NS > aldfwcrpinf001.archipelagolearni > > ng.com. > > ;; Received 147 bytes from 192.42.93.30#53(g.gtld-servers.net) in 93 ms > > > > www.studyisland.com. 0 IN CNAME vip1.studyisland.com. > > vip1.studyisland.com. 28800 IN A 72.249.13.58 > > ;; Received 72 bytes from > 207.210.237.70#53(aldfwprdinf001.archipelagolearning.c > > om) in 46 ms > > === > > > > Now, I’m not a DNS expert. But to me, this looks right because I know that > www.studyisland.com = vip1.studyisland.com = 72.249.13.58. > > > > But when I use nslookup against that same DNS server, my queries still fail. > I enabled debugging in nslookup and got this: > > > > === > >> set db2 > >> www.studyisland.com. > > Server: aoc-pet300.taylor.k12.fl.us > > Addresses: 10.11.7.19 > > 10.11.7.13 > > > > ------------ > > Got answer: > > HEADER: > > opcode = QUERY, id = 8, rcode = SERVFAIL > > header flags: response, want recursion, recursion avail. > > questions = 1, answers = 0, authority records = 0, additional = 1 > > > > QUESTIONS: > > www.studyisland.com, type = A, class = IN > > ADDITIONAL RECORDS: > > -> (root) > > ??? unknown type 41 ??? > > ttl = 0 (0 secs) > > > > ------------ > > DNS request timed out. > > timeout was 2 seconds. > > timeout (2 secs) > > *** aoc-pet300.taylor.k12.fl.us can't find www.studyisland.com.: Server > failed > > === > > > > Found someone reporting a similar issue (but no real solution) here: > > > > http://forums.msexchange.org/m_1800553796/printable.htm > > > > Also, when I run nslookup I *can* resolve studyisland.com—just not > www.studyisland.com. > > > > Still researching… > > > > > > From: John Hornbuckle > Sent: Tuesday, August 14, 2012 1:42 PM > To: NT System Admin Issues (ntsysadmin@lyris.sunbelt-software.com) > Subject: DNS Lookup Failing for One Address > > > > Okay, DNS wizards… I need some input. > > > > One of my DNS servers (Server 2008) is failing to resolve > www.studyisland.com like so: > > > > C:\>nslookup > > Default Server: aoc-pet300.taylor.k12.fl.us > > Address: 10.11.7.13 > > > >> www.studyisland.com. > > Server: aoc-pet300.taylor.k12.fl.us > > Address: 10.11.7.13 > > > > DNS request timed out. > > timeout was 2 seconds. > > DNS request timed out. > > timeout was 2 seconds. > > *** Request to aoc-pet300.taylor.k12.fl.us timed-out > > > > But I can point nslookup at one of my other servers (also Server 2008), and > it resolves fine. Which kind of sounds like a server problem--but this > server has resolved every other name I’ve thrown at it, though. Only this > one is failing. > > > > I can point nslookup at the Norton DNS server that my failing server uses as > a forwarding server (198.153.192.1), and it resolves fine. All of my other > servers use that same forwarding address, too. > > > > I’m kind of going crazy here… My users desperately need to get to this site. > I can’t figure out what’s wrong, but that’s no surprise because I’m not an > expert when it comes to DNS. > > > > Can anyone offer any troubleshooting pointers? > > > > > > > > John Hornbuckle, MSMIS, PMP > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
