nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

DNS issue?

motherwolf

Hey everyone,
Having some intermittent internet connectivity issues. I'm able to get out for 7-10 minutes at a time and then it crashes, allowing me back out 10 or so minutes later, sometimes longer. We just swithched to a T1 line and have a new service provider. I have put the ISP DNS server addresses as forwarders but still have the same problems. I can ping public IP addresses while we're down but not host names which suggests DNS resolution problems. Anyone have any suggestions or advice? Thanks in advance.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Inc

Try alternate DNS servers. Also check local dns cache and static mappings.

JDMurray

Yeah, try the Level 3 DNS servers (4.2.2.1, 4.2.2.2, 4.2.2.3) or the OpenDNS servers (208.67.222.222, 208.67.220.220) and see if the problem disappears.

motherwolf

Hey guys,
Thanks for the tips, unfortunately still having the same issues this morning. Connection to the Internet is very intermittent, every 5-10 minutes or so. I looked in the DNS event log and found this: "The DNS server could not signal the service " NAT". The error was 1168." Thing is, it's not a Red X error, rather an Information bubble. I went to eventID and tried to research it but I only have a 5 minute window before I'm kicked off. We are running NAT on our firewall but I didn't configure it and wouldn't know really what to look for if I had a look. Any advice is appreciated, thanks.

JDMurray

DNS error 1168 turns up a lot in Google, and it seems to be caused by several different problems. Did you recently make a configuration change just before this problem started occurring, like start using ICS to access the Internet?

motherwolf

Not that I know of. The only configuration change is Verizon's new router on our network for our T1. Other than that I am completely at a loss.

sprkymrk

Can you give us a few more details about your current setup?
Have you contacted your new ISP about the problem?
Are your clients using DHCP from a server or router, or are they hard coded?
It looks like you are running your own internal DNS servers, are they also Domain Controllers?
You did say that you set up the ISP DNS as forwarders, did you remove the old forwarders?
What is your current firewall, and does it have rules for DNS that may need to be modified now that you are using different DNS servers externally? Seeing as how the problem is intermettent I doubt rules are your issue though.

motherwolf

We have one DC running exchange/DNS. All IP's are static, no DHCP. The old forwarders were deleted and the new ones(our ISP) were put in along with the ones JD and Inc. suggested. Our Cisco ASA firewall does the NAT for us. Our ISP is aware of the problem but say nothing is wrong on their end. They have monitored the line and said everything looks fine. We ran a few PING tests, them to us and us to them and all seem OK, no lost packets. I'm thinking it's definitely a DNS issue because I can ping yahoo, msn, etc. by IP address when we're down but obviously can't resolve the name. Any other info. I can give you guys let me know, thanks.

motherwolf

I noticed the DHCP service is running on our DC, but as I stated before we don't use it. I stopped the service in the DHCP console but recieved an error message saying it couldn't find the specified machine or something to that effect. I looked in the services console and it is started and configured to start-up automatically. I think this could be the problem, but not sure.

sprkymrk

motherwolf wrote:

I noticed the DHCP service is running on our DC, but as I stated before we don't use it. I stopped the service in the DHCP console but recieved an error message saying it couldn't find the specified machine or something to that effect. I looked in the services console and it is started and configured to start-up automatically. I think this could be the problem, but not sure.

It might be running the service but unless it is authorized it won't actually work. How many clients/workstations are affected? And are you saying that all your servers AND workstations are hard coded?

Have you run a continuous ping test from you to their DNS server? Is your ASA doing any DNS related security stuff, like reverse lookups?

I'm just tossing out ideas. I am sure you're on the right track with name resolution being the problem, just hard to find where it's broken isn't it?

How about ipconfig /all on your servers/workstations. Also netdiag on the servers might help.

Silver Bullet

Just a few more things to add to the already wonderful suggestions...

Can you verify that the DNS Server Service is running during these outages?

Have you tried restarting the DNS Server Service?

Is the DNS Server configured to listen on the correct interface?

Is the Windows Firewall enabled on that interface? (doubt this is the case since your problem is intermittent in nature)

Have you tried Name Resolution from the DNS Server itself when the problems occur?

Are there any IP Address Conflicts with the DNS Server?

motherwolf

Hey guys,
Looks like something has fixed the problem, unfortunately I don't think it was me. Have had good connectivity for about an hour now, hopefully it'll stay that way. the only changes I made were stopping the DHCP server service(since we don't use it ) and deleting 2 forwarders that I couldn't ping. Who knows what is was? Kinda fun (and frustrating) to troubleshoot though. Thanks for all the advice, much appreciated!

sprkymrk

motherwolf wrote:

Hey guys,
Looks like something has fixed the problem, unfortunately I don't think it was me. Have had good connectivity for about an hour now, hopefully it'll stay that way. the only changes I made were stopping the DHCP server service(since we don't use it ) and deleting 2 forwarders that I couldn't ping. Who knows what is was? Kinda fun (and frustrating) to troubleshoot though. Thanks for all the advice, much appreciated!

My guess is the forwarders you couldn't ping were the problem. Glad it's all working now.