Windows Server 2016 DNS Server cannot resolve some external sites

[Najib br]

Since last week we had an issue on our local DNS server. It stopped processing a specific site: login.zscaler.net

• DNS lookup times out after two retries it seems
• All ports are open for this server on the firewall
• There is no entry for this record in the dns server cache, there are entries for its name servers though
• gateway.zscaler.net works fine while they use the same name servers
• No DNS forwarders are set, only root hint servers are used
• No Conditional Forwarders are set for this domain
• DNS debugging logs shows a SERVFAIL error code:

2/23/2018 1:27:06 PM 2D40 PACKET 00000142ADE560F0 UDP Snd xx.xx.xx.xx 000a R Q [8281 DR SERVFAIL] A (5)login(7)zscaler(3)net(0)
UDP response info at 00000142ADE560F0
Socket = 804
Remote addr xx.xx.xx.xx, port 56575
Time Query=11735974, Queued=11735982, Expire=11735985
Buf length = 0x0200 (512)
Msg length = 0x0023 (35)
Message:
XID 0x000a
Flags 0x8182
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 1
Z 0
CD 0
AD 0
RCODE 2 (SERVFAIL)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(5)login(7)zscaler(3)net(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty

*ip's have been redacted

Continue reading...