Score:0

Windows DNS randomly responds with SOA NS

ma flag

Strange behavior at the client.

Monitoring software is set to ping a hostname every minute

Checks with Windows DNS server, which forwards the query to F5 GTM if needed.

It resolves hostname successfully 95% of the time.

I ran packet capture and on failed attempts, I see this:

3666460 10:58:45.307259 172.21.16.15 172.16.124.26 DNS 95 Standard query 0xc03d A ssotool.shared.00.prod.vip.internal

3666467 10:58:45.307434 172.16.124.26 172.21.16.15 DNS 146 Standard query response 0xc03d A ssotool.shared.00.prod.vip.internal SOA ns1.vip.internal

This is reported as no such host in monitoring software (Elastic/Kibana)

Few minutes later, success:

5249235 11:04:45.312721 172.21.16.15 172.16.124.26 DNS 95 Standard query 0x6806 A ssotool.shared.00.prod.vip.internal

5249237 11:04:45.312798 172.16.124.26 172.21.16.15 DNS 111 Standard query response 0x6806 A ssotool.shared.00.prod.vip.internal A 172.21.206.144

Any ideas why this is happening randomly? Where should I look?

pcap1

pcap2

ws flag
I know this is not much help, but I've had issues with MS-Win DNS in the past, after testing a large=ish sample set on both MS-Win and Bind on Linux, I switched to the latter.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.