Very intriguing. How do you accomplish the loading of the domain list? Using a boot file per the directions here: http://www.malwaredomains.com/wordpress/?page_id=6#MS? Do you refresh the list manually every once and a while?
Thanks, RS On Tue, Mar 9, 2010 at 3:58 PM, Tim Evans <tev...@sparling.com> wrote: > FWIW, I load the entire domain list from http://www.malwaredomains.com/into > my AD integrated DNS without any problems. over 18000 domains are > currently included. I've got a 2003 native domain/forest too. DC's include > WS08R2, WS08, & WS03 SP2. I have not seen anything like this here. > > > > ...Tim > > > > *From:* Carl Houseman [mailto:c.house...@gmail.com] > *Sent:* Tuesday, March 09, 2010 11:53 AM > > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > It appears that background zone loading is a feature of 2008 and later... > maybe I just need to hurry up the upgrade to 2008. > > > > Carl > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Tuesday, March 09, 2010 2:44 PM > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > Oh! Yes, now that you say that…. > > > > I bet what’s happening is that it’s timing out. > > > > There is a flag (and I’m sorry that I don’t remember the details) that says > “do the initial zone load in the background”. You probably need to set that. > That should be enough to biggle with… > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Carl Houseman [mailto:c.house...@gmail.com] > *Sent:* Tuesday, March 09, 2010 2:40 PM > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > "Debug logging" will log DNS packets to a text file. I guess the last DNS > packet received before the shutdown could tell me something if it was > shutting down randomly at any time. But the fact that the service stays > running forever after restarting suggests that bad DNS packets on the wire > aren't likely causing this. So if bad DNS traffic is the problem, the only > explanation would be a DNS query from the DC to itself. DC DOS's its own > DNS server service? > > > > One thing I may have that is less common is a lot of DNS authoritative > zones for well known bad (malware hosting) domain names. There's over 1000 > of 'em. > > > > I have to say I'm not up for an extended debugging journey on this one, > just wondering if this behavior triggered any memories for anyone. > > > > Carl > > > > *From:* Brian Desmond [mailto:br...@briandesmond.com] > *Sent:* Tuesday, March 09, 2010 1:53 PM > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > *It should be able to kick out more info to a text file.* > > * * > > *The scenario you mention of branch DCs not having connectivity is > completely normal. * > > * * > > *Thanks,* > > *Brian Desmond* > > *br...@briandesmond.com* > > * * > > *c – 312.731.3132* > > * * > > *From:* Carl Houseman [mailto:c.house...@gmail.com] > *Sent:* Tuesday, March 09, 2010 12:46 PM > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > Good idea, but the DNS Server's event logging option has been on "all > events" all this time. That must be the default, I don't recall ever > changing it. > > > > Carl > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Tuesday, March 09, 2010 1:39 PM > *To:* NT System Admin Issues > *Subject:* RE: DNS Server service shuts down shortly after the DC boots > > > > This would seem to indicate to me that while the DNS Server service was > initiated, it never actually finished initializing. > > > > Aren’t there some logging options on the DNS server property tab? I’d > probably ratchet those up to max for a while and see if they helped gather > more info… > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Carl Houseman [mailto:c.house...@gmail.com] > *Sent:* Tuesday, March 09, 2010 1:22 PM > *To:* NT System Admin Issues > *Subject:* DNS Server service shuts down shortly after the DC boots > > > > Curious thing, started a few months ago after I moved the FSMO roles from > this DC to another one. This DC frequently boots "in a vacuum" – no other > DC's can be contacted, so it takes a long time sniffing around before it > finally starts Active Directory and its own DNS Server service. A few > minutes after that, the DNS Server service shuts down. There's nothing in > the System or Application event log to explain it, and the DNS Server event > log records simply that " The DNS server has shutdown." (event ID 3). > > > > The recovery options are set to restart the service, but that doesn't > happen because the service appears to have been shut down on purpose. But > no human (for sure) and 99.9% sure no software is issuing the command. > > > > Another interesting thing from the event logs, under System, when I start > the service there's an event 7036 logged "The DNS Server has entered the > running state". But I see NO event 7036 for DNS at the time of booting. > Obviously, it must be started, else the DNS event log wouldn't record that > it had shut down! And I see no 7036 events for it stopping either. > > > > When this happens, I can manually start the DNS Server service and all is > well until the next boot, which may or may not have the problem. I think > it's happening about 50% of the time. > > > > I've scripted a solution to recover from the problem, but I'm just curious > if anyone has noticed something similar. I'm guessing the instances of > branch offices booting their DC without network connectivity back to the > FSMO holder at HQ is fairly rare, but not unheard of. > > > > And this is Windows 2003 SP2, native 2003 domain/forest. Almost left that > off, yikes! > > > > TIA, > > Carl > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
