Labels

Common DNS issues and concepts

DNS 

DNS is  a worldwide distributed hierarchical database controlled by ICANN(Internet Corporation for Assigned Names and Numbers). Its primary function is to resolve names to ip addresses.

When a user enters a DNS name in an application, DNS services can resolve the name to an IP address.

root-servers are the Top Level Domains. There are thirteen root servers on the internet, they are named A to M. The root servers are not thirteen physical machines, they are many more.
Every dns server software will come with a list of root hints to locate the root servers.

DNS Queries

A query is a request for name resolution and is directed to a DNS server.
Both DNS clients and DNS servers initiate queries
Queries are recursive or iterative 

  • A recursive query is sent to a DNS server and requires a complete answer or an error message  
  • Recursive queries are generally made by a DNS client to a DNS server, or by a DNS server that is configured to pass unresolved name queries to another DNS server ( DNS server configured to use a forwarder.

  • An iterative query directed to a DNS server may be answered with a referral to another DNS server
  • An iterative query is one in which a DNS client allows the DNS server to return the best answer it can give based on its cache or zone data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return it as referral (that is, a pointer to a DNS server authoritative for a lower level of the domain namespace). The DNS client can then query the DNS server for which it obtained a referral. It continues this process until it locates a DNS server that is authoritative for the queried name, or until an error or time-out condition is met. 
  • Iterative query is typically initiated by a DNS server that attempts to resolve a recursive name query for a DNS client.

DNS Zone Types

primary zone 

  • responsible for maintaining all the records for the DNS zone. It contains the primary copy of the DNS database. All record updates occur on the primary zone. 
  • You will want to create and add primary zones whenever you create a new DNS domain.
  • There are two types of primary zone:
  1. Primary zone
  2. Primary zone with Active Directory-integrated
  • Because Active Directory depends on DNS, each domain controller must be a DNS server (Microsoft recommends that you use Active Directory-integrated zones).

Secondary zone 

  • Secondary zones are noneditable copies of the DNS database.
  • A secondary zone gets its database from a primary zone.
  • All record updates occur on the primary zone.
  • A secondary zone contains a database with all the same information as the primary zone
  • On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the secondary DNS server.

Stub zone 

  • Stub zones work a lot like secondary zones, the database is a noneditable copy of a primary zone.
  • The difference is that that the stub zone’s database contains only the information necessary to identify the authoritative DNS servers.
  • You should not use stub zones for redundancy and load balancing.

DNS Zone Delegation

Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones.

  • When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:
  • You want to delegate management of part of your DNS namespace to another location or department in your organization.
  • You want to divide one large zone into smaller zones to distribute traffic loads among multiple servers, and improve DNS name resolution performance.
  • You want to extend the namespace by adding subdomains ,for example, to accommodate the opening of a new branch or site
  • To perform Delegation , you must be a member of the Enterprise Admins group.
  • Three steps are required
  1. Join the new server to the parent domain
  2. Adding New Delegation in a parent domain DNS server.
  3. Installing a New Child Domain , in the new server.

DNS issue

DNS errors occur essentially because you’re unable to connect to an IP address, signaling that you may have lost network or internet access. DNS stands for Domain Name System. It is the network of servers that tracks alphanumeric names for every internet-connected device, and every website in the world, and matches them with the correct numerical IP addresses.

In other words, the DNS translates your web domain name into an IP address and vice versa. Without DNS, if you entered “www.google.com” into your browser, the servers would have no idea what that means and would not know where to direct you.

DNS is a hierarchical tree data structure. At the top are root name servers. Network administrators can delegate and subdelegate several layers down. Every DNS zone has an authoritative server which answers queries only with original dynamic data; nonauthoritative servers may have only caches. If a DNS error occurs, you may have to investigate at a few different levels to understand precisely what is causing the problem and how you can quickly get users back online.

DNS uses TCP Port 53 for zone transfers
DNS uses UDP Port 53 for queries

Basic troubleshooting for a DNS issue

Web browsers tend to blame any connectivity issues on DNS issues. For example, a physical router plug failure is not a “DNS issue,” but your browser might tell you it is. If a user is complaining about a DNS issue, you may want to go through basic troubleshooting for them first. It could solve many problems before you spend time on a more in-depth network investigation.

  • Check your cables and connections: If you have wired connections, make sure everything is plugged in properly. If you are on a wireless network, make sure your Wi-Fi is on and you are connected. Make sure your router is plugged in and functional.
  • Reboot your router: Wait a minute before turning it back on again and wait until the indicator lights stop blinking before trying to connect.
  • Run a malware scan: In some cases, a virus may be blocking internet access. In this case, you may have bigger issues to deal with before you address IP connectivity.
  • Check the site: If you are having trouble accessing a particular website (your own or someone else’s), confirm that the problem is with DNS and not the site itself. One way to do this is with a website like DownForEveryoneOrJustMe. Similarly, you can issue the ping command for your web address with the command prompt. If it responds, it means the site is live and you just can’t access it, which suggests that the problem is indeed with your DNS. If the result of the ping is that “request could not find host,” it suggests the website is down, which is not necessarily a DNS problem.

What is the DNS problem? 

If basic troubleshooting didn’t solve your problems, it may be time for more in-depth DNS troubleshooting. The following are some common DNS problems that could be causing the blockage:

  • Check the TCP/IP settings: These settings define how your computer communicates with others. You may have recently changed these settings and tried to input them manually. Go to your computer’s networking or control panel and find “Manage network connections.” Under “Local Area Connections,” “Properties,” find and click on both IPv6 and IPv4 “Properties.” Make sure that each is set to “Obtain an IP address automatically” and “Obtain DNS servers address automatically.”
  • Flush your DNS cache: The DNS cache is where your computer stores networking information on recent visits and attempts to connect to web domains. The cache can become corrupted with inaccurate information. To flush, or clear, this cache, enter ipconfig /flushdns into the command prompt. The next time you revisit a website, the DNS cache will have to renew the DNS information.
  • Renew your domain name: Is your web address working but redirecting to a strange website? It’s likely you forgot to renew your domain name. It happens to the best of us—even Google briefly lost “google.com” in 2015 when it forgot to renew. Your best bet is to quickly contact the registrar, as many will wait 20 – 30 days after a domain expires before auctioning it off.

How do I fix a DNS server not responding?

If your Windows DNS server is still not responding, it may be necessary to dig more deeply to understand errors or misconfigurations that could be causing the issues. To do so you may need to utilize nslookup, a tool built into Windows (and commonly used for DNS probes by hackers). Nslookup is integral to various software solutions, including SolarWinds Remote Monitoring and Management, and you can use nslookup DNS troubleshooting commands to determine specific internal or external issues.

Nslookup was one of the original DNS diagnostics. It is available in both interactive and noninteractive modes. For our purposes, it is generally more useful in interactive mode. Most commonly, it can be used to confirm both your IP address and that of the DNS server you are on. To find the IP address of a host, enter the command prompt and type nslookup followed by your domain. This will likely return a local server. To find the authoritative server, set the query type to NS and enter the domain name.

These commands allow you to look up your DNS records. Here are the most common and important kinds of DNS records that could cause DNS issues:

  • A record: A records are the very basic DNS data that matches a domain with an IP address. To check an A record, use the nslookup command followed by the domain. Then, you can confirm that the domain is going to the right IP address and vice versa. An AAAA record is the same as an A record but for IPv6.
  • CNAME: CNAME stands for Canonical Name. This record is used to point one domain name at another domain name. (The latter domain name will presumably have an A record that points it toward an IP address.) CNAME records can sometimes cause trouble with emails. In any case, verify that the domains are pointing to the right places. For nslookup, the command is “set type=cname” followed by your domain.
  • MX: The Mail Exchange (MX) Record directs email from your domain to a host server. If this is incorrect, it could explain why users are having trouble sending email to addresses at your domain. Be sure the MX maps to your domain (A or AAAA record) and not a CNAME record. The command is “set type=mx” followed by your domain.
  • TXT Records: This is used to store text-based information of the outside domain for the configured domain, deliver security, verification, and data analysis information.

What are some common causes of DNS issues?

When it comes to network performance, a few common issues may affect user connectivity and lead to DNS errors. For troubleshooting DNS issues, you may want to consider how the following factors could be impacting your clients:

1) Time to live (TTL)

Time to live is the expiration date attached to data in networking. When a caching (recurring) server queries the authoritative name server for any DNS records, the authoritative name server tells the caching server how long those records are good for—which is usually between a few minutes and one day. Until the TTL expires, the caching server will not query the authoritative name server for that same data again but will assume the records are still good.

You can see how this could affect DNS issues. If your DNS records change but your TTL is too high, there will be a delay as the caching server continues to send incorrect records to users until the TTL expires. On the other hand, if the TTL is too low it could overwhelm the authoritative name server with unnecessary queries.

If you are planning on updating DNS records, lower your TTL temporarily before you do so to ensure that users will receive updated data quickly. Servers sometimes don’t recognize a TTL of less than 30 seconds; five minutes (300s) is a typical short TTL.

In general, use short TTLs for records that are updated frequently, and longer TTLs for more steady records. Records that rarely change and should have longer TTLs of a day (86400s) include MX and TXT.

2) DNS latency

Latency refers to the time it takes queries to be transmitted and returned. When users complain of “the internet being slow today,” they are talking about high latency. DNS issues can be a big part of latency.

One major factor affecting your network speeds is simply the distance that data must travel, but you can potentially improve latency by checking on whether your DNS servers have a centralized or decentralized structure. Consider other providers if your DNS servers are all located significantly far from your users.

TTL also plays a role in latency. As mentioned before, keep TTLs high for consistent DNS records to reduce unnecessary queries.

3) DDOS attack

If you’ve thoroughly checked your network and don’t think the problems are on your end, it might be a problem with your ISP’s DNS servers. Give them a call and let them know. If they confirm a problem with their DNS servers, don’t be afraid to be persistent in following up until the problem is solved.

This might be the worst-case scenario, but if a sudden surge of traffic crashes your site, you may be the victim of a distributed denial of service attack. This is essentially a DNS issue in the sense that it overwhelms the servers. Contact your web host immediately and ask for a new IP. Clear your logs and make sure that your new records match the new IP.

DNS issues are just one type of problem that could interrupt your service. Need help with more than DNS troubleshooting? Explore our resources center for other troubleshooting information.

Labels:

Comments

Post a Comment

Popular Posts

Disclaimer

This blog is not intended to be advice on how to manage your environment. these accounts are based on experiences of my own lab. Always approach information you find outside official documentation with skepticism and follow the golden rule: Never test in production.