Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,228
Midwest America.
I've used a local DNS server for decades, and it's been our Windows Server, and the current one is Windows 2008, and it's worked for YEARS flawlessly.

Until Monday.

It stopped answering DNS queries.

I've reset it, I've reinstalled it, I've gone through all of the hair brained (well most) solutions I can find, but it's still not working. At first it was popping errors about not being able to access the Domain for replication, fixed that. Now I get a message, which just started to popup, that says that DNS Server received a bad message from X.X.X.X, which is my Mac.

I would try Windows Update, but the server can't get outside the local network because it apparently can't do anything DNS. Pings don't work, NSLOOKUP fails, it's just FUBAR. Now I can't remote into it at all. I'll have to trudge downstairs and see what's up now. Talk about drama. It's been up for 9 years! What a time to do a face plant...
 
Have you checked all DNS settings — root hints, forwarders, etc?

Any weird firewall or antivirus stuff going on?
+1 for this. Something about how DNS is implemented in Windows results in it not always even trying to access the next entry in the list in certain circumstances. Re-ordering the entries may be a valid workaround.
 
Have you considered running MacOS server and replacing the flakey Windows server with it ?
I haven't had a problem with mac server app at all for the last 6 years I've used it.
 
You are running a domain or is this just a stand alone dns server? As others have mentioned, make sure you check firewall settings first before you start tearing things apart.
 
Have you checked all DNS settings — root hints, forwarders, etc?

Any weird firewall or antivirus stuff going on?

I was told that part of the problem is that Windows DNS doesn't need forwarders and will work (*SHOULD* work) just fine without them. I've tried with, and without. No difference.

DCDiag isn't quite happy with Active Directory, but the errors showing, for the most part, are NBD and ignorable. It's almost like Windows Firewall is blocking its own service, DNS. I would have thought that an uninstall/reinstall dance would have fixed that if it were the case.

As far as weird, no. No weirder than OOB...

This all seems to have started when a wiring problem happened in the huge cabinet down the road. One pair was disconnected and jammed into an other set of contacts in there resulting in our losing the 'bonded pair'. That and the 'medem' was replaced a few times by helpful field minions, and a transcription error on my part with the DNS addresses from the modem to the DNS server, which is probably what happened as apparently the DNS server can't be depended on to alter its own settings. *SIGH*
[doublepost=1497522547][/doublepost]
+1 for this. Something about how DNS is implemented in Windows results in it not always even trying to access the next entry in the list in certain circumstances. Re-ordering the entries may be a valid workaround.

I have had that happen at a client site. I believe it was Charter had one DNS server that was always unavailable. After an 'upgrade', the notorious IP was given as 'The Server To Use', and it never worked, and Windows DNS seemed to ignore the secondary address. I just swapped them manually, and peace and tranquility reigned until that DNS went down a month or so later. Drama...
[doublepost=1497522707][/doublepost]
Have you considered running MacOS server and replacing the flakey Windows server with it ?
I haven't had a problem with mac server app at all for the last 6 years I've used it.

Yes I have. I also have an old Cobalt rack system that I have thought of using. I used our own DNS for convenience because the ISP ones would occasionally go missing. It seemed faster too...
[doublepost=1497522811][/doublepost]
You are running a domain or is this just a stand alone dns server? As others have mentioned, make sure you check firewall settings first before you start tearing things apart.

Full Active Directory Domain. I once had nearly a dozen Windows systems on that network before I retired. Now I keep the server for the DNS and also one email account I have to have because it's tied to my Apple ID. *sigh*
 
So I killed all the root hints, and recreated them. I am chasing errors from 'dcdiag /testdns'.

Even with forwarders, I have zero internet connectivity from the server, yet I can still ping the server IP, and remote into it from my mac.

Wishing I had an extra Mac Mini to donate to the cause. I'd be thinking of putting SUNOS on a PeeCee box and running that just to have *something*...

I still can't even begin to think about what hammered the NIC. I mean, it works. Sort of...
[doublepost=1497565851][/doublepost]Windows firewall is correctly configured too. Odd...
[doublepost=1497567795][/doublepost]I thought it was my firewall appliance, but it can resolve url's. Strange...
 
So I fixed it. Don't know why this worked.

I changed the subnet mask on the firewall to a full class c (255.255.255.0). Strange, but I'm not the planet's best network engineer.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.