Getting Started: Ten Tips for Troubleshooting DNS Failures

DNS is one of the most important services for all Windows-based networks. Active Directory does not work without DNS support, and it uses more features than any other type of network. Therefore, solving the problem as soon as possible in the DNS becomes a very critical task. Fortunately, this process is usually easier under normal circumstances. In this article, the author lists his favorite ten DNS troubleshooting techniques.

1: Verifying Network Connections

When you find a problem with the DNS service, the first thing you should do is verify the network connection of the DNS server. After all, if the actual problem is just a network card failure, the amount of time spent on a full inspection of the device from scratch can be saved.

The easiest way to verify the connection is to log in to the DNS server and use the ping command to check the connection status with other machines. What should still be done is to try to use a random machine to ping the DNS server. It is important to remember that the ping command works only if Internet Protocol Control Protocol (ICMP) packets are allowed in the firewall configuration.

2: Determining the extent of the problem

In the case of determining that the basic connection is normal, the next step is to determine the scope of the problem. The actual situation is that the Internet name resolution service fails, or the local name resolution service fails. For different problems, the solution adopted is also very different. For example, if the local name resolution service is normal and the Internet name resolution service fails, the problem may be that it is on the Internet service provider's DNS server.

3: Confirm that all users are affected

The next thing to consider is whether all users on the network are affected, or only limited to some users. If you confirm that only some users are affected, check the location of the network segments where these users are located to see if they belong to the same scope. If the answer is yes, the problem may be related to a router failure or a Dynamic Host Configuration Protocol (DHCP) configuration error.

4: Confirm that the load balancing processing technology is running on the DNS server

In some cases, the company's great demand for network server resources will cause the DNS server to be distributed to multiple identical servers. A load balancing technology that uses DNS round-robin technology to achieve workload on the network server is put into use. A typical problem with this technology is that the DNS server does not know that the actual situation has changed in the event that one of the servers has been down. Therefore, although one of the servers is already offline, input traffic is evenly distributed to all servers in the loop. The result is that load balancing resources have problems with intermittent connections.

5: Checking the DNS server forwarder

If you have confirmed that the local name resolution service is working properly, but the Internet name resolution service is not working, the following is to check whether the DNS server is in use. Forwarder. Although many DNS servers use root hints to provide Internet name resolution services, there are also some DNS servers that use a repeater to connect to an Internet service provider. If there is a problem with the Internet Service Provider's DNS server, the Internet Name Resolution Service will fail if the entry in the resolver cache expires. If you confirm that the DNS server is not using a forwarder, you can also try pinging the server to see if it is online. What may need to be done is to call the Internet Service Provider to find out if there are any DNS issues and to ensure that the network IP address used in the forwarder is still valid.

6: Try to use a host for ping test If there is a problem with the name resolution service on the local network, you should choose to try to ping other servers on the network. First, you can use the server's network IP address for ping testing. In this case, you can confirm whether the server is still connected. Next, all you have to do is ping the computer with the computer name and the fully qualified domain name of the server. If the network IP address can pass the ping test, but the domain name cannot pass, the DNS server should be checked to ensure the existence of the host (A) record. If there is no host (A) record, the DNS server will not be able to resolve the host's name. 7: Using NSLookup to Query Domain Name Commands One of the most convenient tools for troubleshooting DNS failures is NSLookup query domain name commands. It can be used in the Windows Command Prompt window. Just enter NSLookup plus the host name that needs to test the name resolution service, and Windows can return the DNS server's network IP address and resolve the name (although under normal circumstances, the DNS server name is unknown). It can also provide a fully qualified domain name and network IP address for the specified host. The NSLOOKUP command is very useful for two things. First, it allows for proper validation of the name resolution service. Second, if the name resolution service is not working, it can help confirm which server is being used. It's important to keep in mind that Nslookup's query results only list the DNS servers it was originally connected to. If the name resolution request is forwarded to another DNS server, these servers will not be listed. 8: Try to use an alternate DNS server Most companies have at least two DNS servers. If there is a problem with the primary DNS server, try using an alternate DNS server. If the name resolution service works fine after switching the DNS server, you can confirm that the problem is indeed related to the DNS server, not some external factors. 9: Scanning the virus about a week ago, someone asked me for help. There is a problem in their network, the phenomenon is that whenever they try to access a particular website, they will be redirected to a malicious site. My earliest suspicion was a DNS poisoning attack, but after discovering that the actual situation was that only one computer was affected, this possibility was ruled out. Finally, I found the problem is that a virus occupies the TCP/IP stack and intercepts all name resolution requests. Although this problem may seem like a DNS problem at first, the virus actually has to bear the ultimate responsibility. 10: Restarting the DNS server I know that this kind of measure looks like a cliché, but when all the solutions are not successful, choosing to restart the DNS server is also a way out. In so many years of work experience, I have seen many cases where the name resolution service failed due to unknown reasons, but everything is normal after restarting the DNS server. Similarly, I have encountered at least two consumer routers that have stopped forwarding DNS requests and other types of traffic are still normal. In one of these cases, restarting the router will solve the problem. In another case, the router must be replaced. According to analysis, the router may have been damaged in the power outage that occurred the previous day.