DNSWalk : Help Resolve Microsoft Windows DNS Issues And Resolution Failures

On April 9, 2013, in How-to, by Cubert aka (Cube Dweller)

Microsoft DNS Server Cannot Resolve Some Domain Names Externally

DNSWalk is a small windows application that queries all ROOT servers and all returned Top Level Domain (TLD) servers for the FQDN requested. This allows you to see what is being returned to you from all root hint servers and all Top level DNS server.

Download -> DNSWalk-1.0

If you run DNSWalk on a Windows DNS server it will automatically read in the root hints file and use that. If you want to run it on another server you can specify the root hints file to use.

To use it unzip the attachment and at the command line type DNS.exe test=www.google.com substitute www.google.com with the domain you want to test resolution of.

If you want to compare the results from a client to what were seeing, copy there root hints file to your pc and run the command like this

DNS.exe test=www.google.com hints=c:\copiedhintsfile

By default in c:\windows\system32\dns\cache.dns. The tool will output a file called report.html in the same folder it was run from. Attached is an example.

 

Microsoft DNS has 2 big issues I have seen with DNS

    1. Some DNS name queries are unsuccessful after you deploy a Windows Server 2003 or Windows Server 2008 R2-based DNS server
      This issue occurs because of the Extension Mechanisms for DNS (EDNS0) functionality that is supported in Windows Server 2003 DNS. EDNS0 permits the use of larger User Datagram Protocol (UDP) packet sizes. However, some firewall programs may not permit UDP packets that are larger than 512 bytes. As a result, these DNS packets may be blocked by the firewall.To fix, Open up CMD windows and type the following ->
    2. dnscmd /config /enableednsprobes 0  then retry your query.

 

  1. Microsoft DNS Server Cannot Resolve Some Domain Names When External DNS has different source IP address.
    This problem occurs because some implementations of DNS include a load balancing feature. In implementations such as this, the server that answers a query outside the firewall can be different than the server to which the query was originally addressed. Under these circumstances, a firewall may discard the reply from the external DNS server. The packet is discarded because the internal host (the DNS server inside the firewall) originally opened the connection to a different destination IP address than the IP address the reply was received on (the first external DNS server). This causes the reply from the external DNS server to never be received on the DNS server on the inside of the firewall.

To fix:  Either add a Forwarder to your DNS or at your Firewall add NAT rul to send all port 53 traffic to internal DNS server. This will then negate the firewall blocks.

 

 

A example of the DNS report DNSWalk reports back:

DNS REPORT

Root hint servers

A.ROOT-SERVERS.NET. – 198.41.0.4

B.ROOT-SERVERS.NET. – 128.9.0.107

C.ROOT-SERVERS.NET. – 192.33.4.12

D.ROOT-SERVERS.NET. – 128.8.10.90

E.ROOT-SERVERS.NET. – 192.203.230.10

F.ROOT-SERVERS.NET. – 192.5.5.241

G.ROOT-SERVERS.NET. – 192.112.36.4

H.ROOT-SERVERS.NET. – 128.63.2.53

I.ROOT-SERVERS.NET. – 192.36.148.17

J.ROOT-SERVERS.NET. – 192.58.128.30

K.ROOT-SERVERS.NET. – 193.0.14.129

L.ROOT-SERVERS.NET. – 198.32.64.12

M.ROOT-SERVERS.NET. – 202.12.27.33

 

Top Level servers from A.ROOT-SERVERS.NET.

– m.gtld-servers.net

192.55.83.30

com

– l.gtld-servers.net

192.41.162.30

com

– k.gtld-servers.net

192.52.178.30

com

– j.gtld-servers.net

192.48.79.30

com

– i.gtld-servers.net

192.43.172.30

com

– h.gtld-servers.net

192.54.112.30

com

– g.gtld-servers.net

192.42.93.30

com

– f.gtld-servers.net

192.35.51.30

com

– e.gtld-servers.net

192.12.94.30

com

– d.gtld-servers.net

192.31.80.30

com

 

Top Level servers from B.ROOT-SERVERS.NET.

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 128.9.0.107

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

 

Top Level servers from C.ROOT-SERVERS.NET.

– l.gtld-servers.net

192.41.162.30

com

– g.gtld-servers.net

192.42.93.30

com

– k.gtld-servers.net

192.52.178.30

com

– f.gtld-servers.net

192.35.51.30

com

– j.gtld-servers.net

192.48.79.30

com

– i.gtld-servers.net

192.43.172.30

com

– e.gtld-servers.net

192.12.94.30

com

– d.gtld-servers.net

192.31.80.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

2001:503:231d::2:30

com

 

Top Level servers from D.ROOT-SERVERS.NET.

– c.gtld-servers.net

192.26.92.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– h.gtld-servers.net

192.54.112.30

com

– d.gtld-servers.net

192.31.80.30

com

– e.gtld-servers.net

192.12.94.30

com

– j.gtld-servers.net

192.48.79.30

com

– m.gtld-servers.net

192.55.83.30

com

– g.gtld-servers.net

192.42.93.30

com

– k.gtld-servers.net

192.52.178.30

com

– l.gtld-servers.net

192.41.162.30

com

 

Top Level servers from E.ROOT-SERVERS.NET.

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– i.gtld-servers.net

192.43.172.30

com

– k.gtld-servers.net

192.52.178.30

com

– l.gtld-servers.net

192.41.162.30

com

– f.gtld-servers.net

192.35.51.30

com

– d.gtld-servers.net

192.31.80.30

com

– j.gtld-servers.net

192.48.79.30

com

– c.gtld-servers.net

192.26.92.30

com

– e.gtld-servers.net

192.12.94.30

com

– h.gtld-servers.net

192.54.112.30

com

 

Top Level servers from F.ROOT-SERVERS.NET.

– m.gtld-servers.net

192.55.83.30

com

– i.gtld-servers.net

192.43.172.30

com

– e.gtld-servers.net

192.12.94.30

com

– f.gtld-servers.net

192.35.51.30

com

– d.gtld-servers.net

192.31.80.30

com

– b.gtld-servers.net

192.33.14.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– l.gtld-servers.net

192.41.162.30

com

– g.gtld-servers.net

192.42.93.30

com

– c.gtld-servers.net

192.26.92.30

com

 

Top Level servers from G.ROOT-SERVERS.NET.

– e.gtld-servers.net

192.12.94.30

com

– g.gtld-servers.net

192.42.93.30

com

– b.gtld-servers.net

192.33.14.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– j.gtld-servers.net

192.48.79.30

com

– h.gtld-servers.net

192.54.112.30

com

– m.gtld-servers.net

192.55.83.30

com

– d.gtld-servers.net

192.31.80.30

com

– c.gtld-servers.net

192.26.92.30

com

– l.gtld-servers.net

192.41.162.30

com

 

Top Level servers from H.ROOT-SERVERS.NET.

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

com

– c.gtld-servers.net

192.26.92.30

com

– d.gtld-servers.net

192.31.80.30

com

– e.gtld-servers.net

192.12.94.30

com

– f.gtld-servers.net

192.35.51.30

com

– g.gtld-servers.net

192.42.93.30

com

– h.gtld-servers.net

192.54.112.30

com

– i.gtld-servers.net

192.43.172.30

com

– j.gtld-servers.net

192.48.79.30

com

 

Top Level servers from I.ROOT-SERVERS.NET.

– c.gtld-servers.net

192.26.92.30

com

– f.gtld-servers.net

192.35.51.30

com

– j.gtld-servers.net

192.48.79.30

com

– l.gtld-servers.net

192.41.162.30

com

– e.gtld-servers.net

192.12.94.30

com

– h.gtld-servers.net

192.54.112.30

com

– m.gtld-servers.net

com

– i.gtld-servers.net

192.43.172.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

2001:503:231d::2:30

com

 

Top Level servers from J.ROOT-SERVERS.NET.

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

com

– c.gtld-servers.net

192.26.92.30

com

– d.gtld-servers.net

192.31.80.30

com

– e.gtld-servers.net

192.12.94.30

com

– f.gtld-servers.net

192.35.51.30

com

– g.gtld-servers.net

192.42.93.30

com

– h.gtld-servers.net

192.54.112.30

com

– i.gtld-servers.net

192.43.172.30

com

– j.gtld-servers.net

192.48.79.30

com

 

Top Level servers from K.ROOT-SERVERS.NET.

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

com

– c.gtld-servers.net

192.26.92.30

com

– d.gtld-servers.net

192.31.80.30

com

– e.gtld-servers.net

192.12.94.30

com

– f.gtld-servers.net

192.35.51.30

com

– g.gtld-servers.net

192.42.93.30

com

– h.gtld-servers.net

192.54.112.30

com

– i.gtld-servers.net

192.43.172.30

com

– j.gtld-servers.net

192.48.79.30

com

 

Top Level servers from L.ROOT-SERVERS.NET.

DNS request timed out.

timeout was 2 seconds.

Server: UnKnown

Address: 198.32.64.12

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

DNS request timed out.

timeout was 2 seconds.

 

Top Level servers from M.ROOT-SERVERS.NET.

– l.gtld-servers.net

192.41.162.30

com

– g.gtld-servers.net

192.42.93.30

com

– j.gtld-servers.net

192.48.79.30

com

– a.gtld-servers.net

192.5.6.30

2001:503:a83e::2:30

com

– b.gtld-servers.net

192.33.14.30

com

– c.gtld-servers.net

192.26.92.30

com

– d.gtld-servers.net

192.31.80.30

com

– k.gtld-servers.net

192.52.178.30

com

– m.gtld-servers.net

192.55.83.30

com

– f.gtld-servers.net

192.35.51.30

com

Third Level servers

192.55.83.30

192.41.162.30

192.52.178.30

192.48.79.30

192.43.172.30

192.54.112.30

192.42.93.30

192.35.51.30

192.12.94.30

192.31.80.30

192.5.6.30

192.33.14.30

192.26.92.30

 

Third Level servers from 192.55.83.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.41.162.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.52.178.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.48.79.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.43.172.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.54.112.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.42.93.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.35.51.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.12.94.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.31.80.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.5.6.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.33.14.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Third Level servers from 192.26.92.30

– ns2.google.com

216.239.34.10

google.com

– ns1.google.com

216.239.32.10

google.com

– ns3.google.com

216.239.36.10

google.com

– ns4.google.com

216.239.38.10

google.com

 

Tagged with:
 

Leave a Reply

*



%d bloggers like this: