Windows DNS randomly responds with SOA NS

Asked Feb 10 '23 at 21:37

Active Feb 10 '23 at 21:39

Viewed 112 times

Strange behavior at the client.

Monitoring software is set to ping a hostname every minute

Checks with Windows DNS server, which forwards the query to F5 GTM if needed.

It resolves hostname successfully 95% of the time.

I ran packet capture and on failed attempts, I see this:

3666460 10:58:45.307259 172.21.16.15 172.16.124.26 DNS 95 Standard query 0xc03d A ssotool.shared.00.prod.vip.internal

3666467 10:58:45.307434 172.16.124.26 172.21.16.15 DNS 146 Standard query response 0xc03d A ssotool.shared.00.prod.vip.internal SOA ns1.vip.internal

This is reported as no such host in monitoring software (Elastic/Kibana)

Few minutes later, success:

5249235 11:04:45.312721 172.21.16.15 172.16.124.26 DNS 95 Standard query 0x6806 A ssotool.shared.00.prod.vip.internal

5249237 11:04:45.312798 172.16.124.26 172.21.16.15 DNS 111 Standard query response 0x6806 A ssotool.shared.00.prod.vip.internal A 172.21.206.144

Any ideas why this is happening randomly? Where should I look?

edited Feb 10 '23 at 21:39

asked Feb 10 '23 at 21:37

Robert X

I know this is not much help, but I've had issues with MS-Win DNS in the past, after testing a large=ish sample set on both MS-Win and Bind on Linux, I switched to the latter. – symcbean Feb 11 '23 at 01:44

0 Answers0