• Citrix ADC is unable to resolve DNS.
• Effective state of the Name server could be down. 

Solution 1:

Add an SNIP in the NSIP subnet if you see below counters increasing indicating that ADC is not able to open a connection to the server due to port allocation errors:

   3295       0             58          4        0 dns_tot_ServerQueries  Wed Jul 20 08:04:55 2016
   3296       0              4          2        0 dns_err_NoDomains  Wed Jul 20 08:04:55 2016
   3297       0           5704          2        0 dns_tot_Queries  Wed Jul 20 08:04:55 2016
   3298       0              4          2        0 natpcb_tot_conn_refused  Wed Jul 20 08:04:55 2016 ( This counter value here is 2 and in the trace we can see that there are 2 DNS queries to the loopback IP)
   3303       0            453          2        0 natpcb_newconnection_free  Wed Jul 20 08:04:55 2016

Solution 2: 

Ensure that an appropriate SNIP is configured to reach the DNS Name Server added on the ADC.

If there is no SNIP to reach the Name Server, the probe relies on the route lookup through the default route so ensure that we have a proper route to the name server.

Problem Cause

Probable Problem 1:

ADC is running out of ports on the NSIP.

Probable Problem 2:

-You can run nstcpdump.sh host <IP> command from shell to verify the communication between NSIP/ SNIP and NameServer
-NetScaler trace can be captured for further analysis

NOTE:
When a name server is added on the NS, the effective state of that server is determined based on the probe that NS sends between the SNIP/MIP and the name server. The probe is an echo request from the SNIP and echo reply from the name server.
If the probe is successful, the effective state will be seen as UP

By Design,
If any one of the Name servers is UP, then Netscaler uses SNIP to query the DNS request to the Name servers.

If all the Name servers are down, then Netscaler will use NSIP to broadcast the query to the Name servers.

Below logs will help to track the same.

NSIP in my lab is 10.110.61.216 and SNIP is 10.110.61.218

When Name Server Effective State is DOWN, drill command from ADC shell prompt to a FQDN has below flow.
NSIP ==> 127.0.0.2:53 and then NSIP ==> Actual DNS server

16:09:52.707243 02:00:68:09:00:13 > 02:00:68:09:00:12, ethertype IPv4 (0x0800), length 76: 10.110.61.216.65053 > 127.0.0.2.53: 38530+ A? sf-01.balgan.lab. (34)
16:09:52.707275 02:00:68:09:00:13 > 02:00:25:8e:00:0c, ethertype IPv4 (0x0800), length 76: 10.110.61.216.65053 > 10.110.61.205.53: 38530+ A? sf-01.balgan.lab. (34)
16:09:52.708071 02:00:25:8e:00:0c > 02:00:68:09:00:13, ethertype IPv4 (0x0800), length 92: 10.110.61.205.53 > 10.110.61.216.65053: 38530* 1/0/0 A 10.110.61.206 (50)
16:09:52.708073 02:00:68:09:00:13 > 02:00:68:09:00:13, ethertype IPv4 (0x0800), length 92: 127.0.0.2.53 > 10.110.61.216.65053: 38530* 1/0/0 A 10.110.61.206 (50)

When Name Server Effective State is UP, drill command from ADC shell prompt to a FQDN has below flow.
NSIP ==> 127.0.0.2:53 and then SNIP ==> Actual DNS server

16:05:17.369554 02:00:68:09:00:13 > 02:00:68:09:00:12, ethertype IPv4 (0x0800), length 76: 10.110.61.216.23568 > 127.0.0.2.53: 48096+ A? sf-01.balgan.lab. (34)
16:05:17.369617 02:00:68:09:00:13 > 02:00:25:8e:00:0c, ethertype IPv4 (0x0800), length 76: 10.110.61.218.28323 > 10.110.61.205.53: 33754+ A? sf-01.balgan.lab. (34)
16:05:17.370515 02:00:25:8e:00:0c > 02:00:68:09:00:13, ethertype IPv4 (0x0800), length 92: 10.110.61.205.53 > 10.110.61.218.28323: 33754* 1/0/0 A 10.110.61.206 (50)
16:05:17.370540 02:00:68:09:00:13 > 02:00:68:09:00:13, ethertype IPv4 (0x0800), length 92: 127.0.0.2.53 > 10.110.61.216.23568: 48096*- 1/0/0 A 10.110.61.206 (50)

How to enable Citrix ADC to use DNS: CTX109556