Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

HELP! I killed the DNS server on my Windows server.

PinkyMacGodess

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,227
Midwest America.
I've used a local DNS server for decades, and it's been our Windows Server, and the current one is Windows 2008, and it's worked for YEARS flawlessly.

Until Monday.

It stopped answering DNS queries.

I've reset it, I've reinstalled it, I've gone through all of the hair brained (well most) solutions I can find, but it's still not working. At first it was popping errors about not being able to access the Domain for replication, fixed that. Now I get a message, which just started to popup, that says that DNS Server received a bad message from X.X.X.X, which is my Mac.

I would try Windows Update, but the server can't get outside the local network because it apparently can't do anything DNS. Pings don't work, NSLOOKUP fails, it's just FUBAR. Now I can't remote into it at all. I'll have to trudge downstairs and see what's up now. Talk about drama. It's been up for 9 years! What a time to do a face plant...
 
M

Mikael H

macrumors 6502a
Sep 3, 2014
864
539
DJLC said:
Have you checked all DNS settings — root hints, forwarders, etc?

Any weird firewall or antivirus stuff going on?
Click to expand...
+1 for this. Something about how DNS is implemented in Windows results in it not always even trying to access the next entry in the list in certain circumstances. Re-ordering the entries may be a valid workaround.
 
kiwipeso1

kiwipeso1

Suspended
Sep 17, 2001
646
168
Wellington, New Zealand
Have you considered running MacOS server and replacing the flakey Windows server with it ?
I haven't had a problem with mac server app at all for the last 6 years I've used it.
 
D

daflake

macrumors 6502a
Apr 8, 2008
920
4,329
You are running a domain or is this just a stand alone dns server? As others have mentioned, make sure you check firewall settings first before you start tearing things apart.
 
PinkyMacGodess

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,227
Midwest America.
DJLC said:
Have you checked all DNS settings — root hints, forwarders, etc?

Any weird firewall or antivirus stuff going on?
Click to expand...

I was told that part of the problem is that Windows DNS doesn't need forwarders and will work (*SHOULD* work) just fine without them. I've tried with, and without. No difference.

DCDiag isn't quite happy with Active Directory, but the errors showing, for the most part, are NBD and ignorable. It's almost like Windows Firewall is blocking its own service, DNS. I would have thought that an uninstall/reinstall dance would have fixed that if it were the case.

As far as weird, no. No weirder than OOB...

This all seems to have started when a wiring problem happened in the huge cabinet down the road. One pair was disconnected and jammed into an other set of contacts in there resulting in our losing the 'bonded pair'. That and the 'medem' was replaced a few times by helpful field minions, and a transcription error on my part with the DNS addresses from the modem to the DNS server, which is probably what happened as apparently the DNS server can't be depended on to alter its own settings. *SIGH*
[doublepost=1497522547][/doublepost]
Mikael H said:
+1 for this. Something about how DNS is implemented in Windows results in it not always even trying to access the next entry in the list in certain circumstances. Re-ordering the entries may be a valid workaround.
Click to expand...

I have had that happen at a client site. I believe it was Charter had one DNS server that was always unavailable. After an 'upgrade', the notorious IP was given as 'The Server To Use', and it never worked, and Windows DNS seemed to ignore the secondary address. I just swapped them manually, and peace and tranquility reigned until that DNS went down a month or so later. Drama...
[doublepost=1497522707][/doublepost]
kiwipeso1 said:
Have you considered running MacOS server and replacing the flakey Windows server with it ?
I haven't had a problem with mac server app at all for the last 6 years I've used it.
Click to expand...

Yes I have. I also have an old Cobalt rack system that I have thought of using. I used our own DNS for convenience because the ISP ones would occasionally go missing. It seemed faster too...
[doublepost=1497522811][/doublepost]
daflake said:
You are running a domain or is this just a stand alone dns server? As others have mentioned, make sure you check firewall settings first before you start tearing things apart.
Click to expand...

Full Active Directory Domain. I once had nearly a dozen Windows systems on that network before I retired. Now I keep the server for the DNS and also one email account I have to have because it's tied to my Apple ID. *sigh*
 
PinkyMacGodess

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,227
Midwest America.
PinkyMacGodess

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,227
Midwest America.
So I killed all the root hints, and recreated them. I am chasing errors from 'dcdiag /testdns'.

Even with forwarders, I have zero internet connectivity from the server, yet I can still ping the server IP, and remote into it from my mac.

Wishing I had an extra Mac Mini to donate to the cause. I'd be thinking of putting SUNOS on a PeeCee box and running that just to have *something*...

I still can't even begin to think about what hammered the NIC. I mean, it works. Sort of...
[doublepost=1497565851][/doublepost]Windows firewall is correctly configured too. Odd...
[doublepost=1497567795][/doublepost]I thought it was my firewall appliance, but it can resolve url's. Strange...
 
PinkyMacGodess

PinkyMacGodess

Suspended
Original poster
Mar 7, 2007
10,271
6,227
Midwest America.
So I fixed it. Don't know why this worked.

I changed the subnet mask on the firewall to a full class c (255.255.255.0). Strange, but I'm not the planet's best network engineer.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom