DNS is a reasonably simple system, although it does have some specific quirks that can make troubleshooting difficult.
One way to troubleshoot DNS problems is to use Network Monitor or a similar packet-capture tool to capture the client's DNS queries. Also look for the DNS server's replies. If your network has a firewall, attempt to capture the requests and replies on both sides of the firewall. Figure 25.1 shows a sample DNS communication in Network Monitor; the top pane shows the flow of responses and queries, and the bottom pane shows the detail of one response.
Figure 25.1: Sample DNS query response.
Fortunately, there's not much that can go wrong with DNS, and examining these packets will allow you to quickly narrow the source of the problem. Check the following:
Nslookup is a command-line tool that is included with every Windows NT-based Windows operating system (OS) from NT 4.0 on up, and can be used to verify the workings of DNS. As Figure 25.2 shows, you can simply type any host or domain name to receive a list of records through DNS. This query shows a non-authoritative answer, meaning that the answer was provided from a DNS server other that Microsoft.com's own authoritative one. The server delivering the answer was SERVER1.mshome.net, which looks suspiciously like a gateway. The gateway probably forwarded the request to an ISP, which returned the reply. The actual record came from www.Microsoft.akadns.net, which is a DNS hosting service that probably helps Microsoft load-balance its DNS requests. This illustration shows how most replies on most corporate networks are received.
Figure 25.2: Nslookup results.
Notice that the reply returned five unique IP addresses. It's likely that the DNS server is using round-robin to reorder these addresses on each query, helping to balance incoming traffic to this busy Web site. A second query, which Figure 25.3 shows, confirms this—notice that the first IP address in the second query was the second address in the first query.
Figure 25.3: Seeing round robin in action.
Nslookup can be a valuable tool for seeing the details of how DNS is working. You can type ? at any Nslookup prompt (>) for a list of available commands.