CoraxGet Started
Back to All Scenarios
PASSEDserver / windows_dns_conditional_forwarder_failure

Windows DNS Conditional Forwarder Failure

The Windows DNS server's conditional forwarder for a partner domain stops resolving after the partner changes their DNS server IPs. All lookups for the partner domain fail, breaking the federated application integration.

Pattern
DNS_FAILURE
Severity
CRITICAL
Confidence
85%
Remediation
Remote Hands

Test Results

MetricExpectedActualResult
Pattern RecognitionDNS_FAILUREDNS_FAILURE
Severity AssessmentCRITICALCRITICAL
Incident CorrelationYes6 linked
Cascade EscalationN/ANo
RemediationRemote Hands — Corax contacts on-site support via call, email, or API

Scenario Conditions

Windows Server 2022 DNS server. Conditional forwarder configured for partner.com pointing to old IPs 203.0.113.10/11. Partner migrated DNS to new IPs without notification. All partner.com lookups failing. Federated SSO and API integration broken.

Injected Error Messages (1)

Windows DNS server dns01 — dns resolution failed for partner.com zone, conditional forwarder targets 203.0.113.10 and 203.0.113.11 both unreachable, all queries for partner.com returning SERVFAIL, federated authentication and API integration broken, dns resolution failed for all subdomains of partner.com

Neural Engine Root Cause Analysis

The DNS server dns01 is experiencing a complete failure in resolving queries for the partner.com zone due to both conditional forwarder targets (203.0.113.10 and 203.0.113.11) being unreachable. This is causing all partner.com queries to return SERVFAIL, breaking federated authentication and API integrations that depend on partner.com domain resolution. The presence of 5 correlated incidents suggests this may be part of a broader network connectivity issue or upstream DNS infrastructure failure affecting multiple services.

Remediation Plan

1. Verify network connectivity to conditional forwarder IPs 203.0.113.10 and 203.0.113.11 from dns01 server. 2. Check if the partner organization's DNS servers are operational by testing from external sources. 3. Review DNS server logs on dns01 for additional error details. 4. Temporarily configure alternative DNS forwarders for partner.com if available. 5. Contact partner organization to verify their DNS infrastructure status. 6. Monitor federated authentication and API integration services for recovery once DNS resolution is restored.
Tested: 2026-03-30Monitors: 1 | Incidents: 1Test ID: cmncjybl705q9obqeld9mkdhn