Blame one of the Current Situations: In a LAN that uses the ADSL modem that enables Nat routing as the gateway device, when a host accesses a very stable site, the page cannot be displayed, refresh is not normal for multiple times, while logon is normal on other hosts at the same time. After a few minutes, the faulty host was inexplicably ready. Everything went fine when I visited the site.
Analysis: in this case, other network operations are normal and faults do not often occur. Generally, users may think that there is a conflict between their systems, ie browsers, and firewall settings. In fact, this fault is caused by the DNS Cache service of the local system.
In MS systems above Win2000, the system automatically saves the query results from the DNS server in the local DNS cache (each time the DNS cache is enabled, the records in the hosts file will also be loaded into the cache), so the system will first query the local cache for repeated query requests next time. If there are already matched entries, no request will be sent to the DNS server, the DNS server is queried only when no record is in the cache. The purpose of setting this DNS cache is to reduce the load on the DNS server. You do not need to resolve the same domain name multiple times, but also speed up access on the client host. Record entries in the DNS cache will be updated at intervals of time, and unused entries will be discarded. This interval is called TTL ). By default, the TTL value of the response is 86,400 seconds (1 day), and the TTL value of the response is 300 seconds (5 minutes ), in WINXP and 2003, it is 900 seconds (15 minutes ). It is because of the existence of the TTL time of the negative response that the faulty host cannot be queried on the DNS server for a period of time after obtaining a negative DNS resolution, this negative record can be restored only after the TTL time is reached.
In this case, the simplest method we can take is to refresh the DNS, that is, to delete entries in the DNS parser cache. Click "start"-"run"-Enter cmd and click "OK". In the Command Prompt window, Type ipconfig/flushdns, and press Enter. You will receive the "successfully flushed the DNS resolver cache." prompt, your DNS Cache has been reset, and the query request initiated by the host will be sent to the DNS server again.
Note: The command for viewing the local DNS Cache records is ipconfig/displaydns. You will see all DNS records including local hosts file records and accessed sites. 1:
Figure 1
If too many records are not displayed completely, you can save them as text files using the following command:
Ipconfig/displaydns> log.txt
This log.txt file is generated in the path folder where the command is entered.
We can also adjust the key value set by TTL in the Registry to improve this fault. The key values set for the DNS cache mechanism are in the following path:
HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/Dnscache/parameters
Click "start"-run-type regedit and confirm. Expand the registry to the above path. The key value shown in 2 is displayed in the right window:
Figure 2 DNS Cache setting key value in Windows2000
Maxcacheentryttllimit indicates the maximum TTL value of DNS Cache entries. In XP and 2003 systems, this item is named maxcachettl. The TTL of the response entry is determined by the number of seconds specified in the query response received by the DNS parser and the minimum value of the value. If you set this key value to 1 second, the DNS Cache looks disabled. In the figure, negativecachetime is the TTL of the negative response entry. In XP and 2003, this item is named maxnegativecachettl. You can change the key value to a smaller value or directly to 0, so that no negative response is cached. The netfailurecachetime subitem is the control time for the failure of the regular network cache. The default value is 30 seconds. If the system repeatedly sends DNS requests but does not receive any response from the DNS server, the system considers the network connection to be invalid, no DNS query requests will be sent out in the default 30 seconds. This option can also be reduced or set to 0.
In addition, the "subnet priority division" mechanism is also used in XP. If the queried domain name receives multiple IP address ing from the DNS server and records the IP addresses in the direct connection CIDR block range of the client host, the System DNS parser preferentially places this record in the cache. In other words, in actual access, the client will first use this IP address as the DNS resolution for a positive response, which forces the client to connect to network resources that are closer to them, this reduces network traffic between subnets. If you do not want the system to do this, you can add a prioritizerecorddata registry entry with a value of 0 (REG_DWORD data type) to the registry entry in this path to disable the "subnet priority division" function.
Of course, you can also temporarily stop and restart the DNS Cache service by typing "net stop Dnscache" and "Net start Dnscache" at the command prompt. To permanently stop the service, you need to right-click the "my computer" icon and choose "manage"> Expand "services and applications"> "services" (03 ), in the right window, right-click the "DNS Client" service item and choose "properties" from the shortcut menu. Then, select "disabled" in "Startup type. In systems such as WINXP, this service name may also be displayed as "DNS cache ". It should be noted that disabling the DNS cache will send each query to the specified DNS server, which is not conducive to access speed.
Figure 3
Figure 4
Solution: when the host encounters the same fault again, it uses the refresh DNS Cache command to quickly solve the problem. It must be caused by DNS resolution. After adjusting the registry key value, the fault duration is indeed improved. However, according to the specific analysis, almost all such faults are concentrated on this host, and no similar situation occurs on other hosts at the same time, in addition, the DNS server of the ISP is generally stable, so it is suspected that the "local connection" attribute of the Host-"Internet connection (TCP/IP) "There is a problem with the" DNS server address "setting in the attribute. After checking, other hosts directly set the DNS server address specified by the local ISP, And the DNS of the faulty host is set with the gateway IP address, that is, it directs to the ADSL modem with the route enabled. In this case, the ADSL modem acts as a DNS proxy, that is, a DNS proxy or a DNS forwarding role (after the route is enabled, DNS Forwarding is generally supported by default, and manual enabling is required for some modem ). It forwards the DNS requests sent by the client to the DNS server that it knows. However, it is likely that the software performance of this ADSL modem is unstable, causing occasional errors during DNS forwarding, the customer's host system considers DNS resolution to be denied or failed. It is easy to understand the cause of the fault. Change the DNS settings of this host to the IP address of the public network local DNS server specified by the ISP. the same fault will no longer occur in the future, and this strange situation has been completely solved.
Blame status quo II: A friend's LAN has a Windows 2000 DNS server. Since he upgraded it to Windows Server 2003, he has been unable to access some websites, but no errors have occurred during the upgrade.
Analysis: based on experience, this is probably because the root cache file is lost or damaged. In this case, you can use the DNS Management Unit to manually add the root directory prompt and cache the hard disk. replace the DNS file with the backup cache. replace the DNS file with the original version cache in the Windows Server 2003 CD. DNS file. The recovery method is as follows:
Step 1: Use the DNS Management Unit to update the root directory prompt
On a non-Domain Controller:
1. Click start to point to Administrative Tools-DNS ".
2. In the console tree, right-click "server name"-properties ". ("Server name" refers to the name of the server)
3. Click the "root directory prompt" tab and click "add ".
4. Specify the Fully Qualified Domain Name (FQDN) and IP address of the root server to be added, and then click OK ".
On the domain controller:
1. Click "start"-"run ". In the open box, type cmd, and then click OK to open the Command Prompt window.
2. Stop the DNS service. At the command prompt, type net stop DNS and press Enter.
3. Copy the cache. DNS file from the % SystemRoot %/system32/DNS/samples folder to the % SystemRoot %/system32/DNS folder. Enter the following line at the command prompt and press Enter:
Copy % SystemRoot %/system32/DNS/samples/cache. DNS % SystemRoot %/system32/DNS
If the system prompts you to rewrite the existing file, Type Y and press Enter. (Here % SystemRoot % refers to the root directory of the local system folder, such as C:/Windows)
4. Click Start, point to administrative tools, and click Active Directory users and computers ".
5. Click Advanced functions on the View menu ". Expand system, expand Microsoft DNS, right-click root DNS servers, and then click Delete ". When you are prompted to confirm the deletion, click "yes ". Log out of the Active Directory Service User and computer MMC snap-in.
6. Start the DNS service. Type Net start DNS at the command prompt and press Enter.
7. Click Start, point to administrative tools, and click DNS ".
8. In the console tree, right-click "server name" and click "properties ". Click the "root directory prompt" tab and confirm whether the root server is displayed in the "name server" list.
9. Click Start, point to administrative tools, and click Active Directory users and computers ".
10. Expand "system", expand "Microsoft DNS", and then confirm that the "root DNS servers" container has been re-created, and whether the container contains the root server list.
Step 2: copy the cache. DNS file in Windows Server 2003 CD to overwrite the damaged file
1. Add win2003 CD. Click Start, and then click Run ". Type CMD and click OK ".
2. In the Command Prompt window, type the following command and press Enter next to each line:
Drive letter (e ):
CD i386
Expand cache. DN _ % SystemRoot %/system32/DNS/cache. DNS
3. Exit the command prompt.
NOTE: If it is recovered from the backup cache. DNS file. First stop the DNS service with net stop DNS, rename the current cache. DNS file with Ren cache. DNS Cache. Old, and copy the backup file to the DNS directory. Finally, Use Net start DNS to restart the DNS service.
However, after the cache file is restored, the problem still cannot be solved. And the most strange thing is that, in this case, these websites can still be pinged, and the problem is deadlocked. Finally, after a wide range of data queries, I learned that extension mechanisms was embedded in DNS in Windows2003. By default, this edns is started, it can improve performance by using UDP packets larger than kb. Many firewalls, based on security considerations, do not allow such a large UDP packet to directly reject or discard them. This makes the network and DNS services unable to access some websites under normal circumstances.
Solution: Now that you understand the cause of the fault, it is easy to handle it. First, you can check whether the firewall supplier has released a patch for this problem. If there is a direct upgrade, the solution will be solved. If not, you can temporarily disable this edns and wait for the patch to be released. To disable edns, first install the command line tool mongodnscmd.exe in the win2003 Cd' support tool ". Then, enter dnscmd/config/enableednsprobes 0 in the Command Prompt window and press enter to disable edns. After the firewall is upgraded and corrected, enable edns again. Enter dnscmd/config/enableednsprobes 1 and press Enter. So far, this strange situation has been completely solved.
Note: For more information about edns, see ietf rfc 2671 documentation (http://www.ietf.org/rfc/rfc2671.txt? Number = 2671) and Microsoft official documentation (http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp? Url =/resources/documentation/windowsserv/2003/standard/proddocs/en-US/sag_dns_imp_ednssupport.asp ).
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
