DNS - The DNS server could not signal the service "NAT". The error was 1168.

Also this event appears just as often as the other:

------------------------------
Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      800
Date:            23/11/2004
Time:            15:35:04
User:            N/A
Computer:      LAYHER
Description:
The zone DOMAIN is configured to accept updates but the A record for the primary
server in the zone's SOA record is not available on this DNS server. This may
indicate a configuration problem. If the address of the primary server for the
zone cannot  be resolved DNS clients will be unable to locate a server to accept
updates for this zone. This will cause DNS clients to be unable to perform DNS updates.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
------------------------------

This refers to how to fix the 800 error:
http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=DNS&EvtID=800&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2

Here's a link with a possible fix for the first error:
http://eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase=1

Does this pertain to your setup?
From a newsgroup post: "Are you using ICS or NAT in RRAS? If it is ICS then disable ICS and use NAT in RRAS. If your are using NAT in RRAS then are you using the DNS proxy? If you have the DNS proxy enabled disable it."  

I have encountered a similar issue and I recreated my DNS zone ..  I made sure that my DNS server has itself as the primary server and had no issues since then...

Hi netwrkgirlygirl

I have recently had a similar DNS problem on another of my servers, and I recreated the DNS as the primary active directory server and it resolved that issue.  As you suggest the same for this problem I think I might give the same a go.  The symptoms of this problem and my other problem are very similiar; slow client logons and intermittent Internet access.

I shall recreate the DNS and post back how I did it and the result.

Please let me know...  if not helping there are some other things we can try...

Heather

Here is what I did:

1) Delete contents of Forward Lookup Zones
2) Delete contents of Reverse Lookup Zones
3) stop DNS Service
4) Stop NETLOGON Service
5) ipconfig /flushdns
6) Locate %Systemroot%\System32\config\Netlogon.dns, netlogon.dnb and delete both files
7) Locate %Systemroot%\System32\DNS and delete all files,but NOT the directories (backup and samples)
8) Locate %Systemroot%\System32\DNS\backup and delete all files in there
9) Restart DNS
10) Create new Zone and select Active Directory Integrated.
11) Allow secure Updates.
12) Restart NETLOGON.

This has recreated the DNS but nothing seems to have changed in the DNS manager.  There are no _msdsc or _tcp subfolders to the domain.  There werent any in the first place, but I assume they would be created, and the lack of them is causing the login problems.

However logins are a lot faster now so something has worked!

My copy of cache.dns in systemroot\system32\dns has all the IP addresses which seems to be the only difference to the version you posted.  Shall I replace it anyway?  The cache.dns in \samples\ is the same as you posted.

-----------------------------------------------------
;
;  Root Name Server Hints File:
;
;      These entries enable the DNS server to locate the root name servers
;      (the DNS servers authoritative for the root zone).
;      For historical reasons this is known often referred to as the
;      "Cache File"
;

@                       NS      a.root-servers.net.
a.root-servers.net      A      198.41.0.4
@                       NS      b.root-servers.net.
b.root-servers.net      A      192.228.79.201
@                       NS      c.root-servers.net.
c.root-servers.net      A      192.33.4.12
@                       NS      d.root-servers.net.
d.root-servers.net      A      128.8.10.90
@                       NS      e.root-servers.net.
e.root-servers.net      A      192.203.230.10
@                       NS      f.root-servers.net.
f.root-servers.net      A      192.5.5.241
@                       NS      g.root-servers.net.
g.root-servers.net      A      192.112.36.4
@                       NS      h.root-servers.net.
h.root-servers.net      A      128.63.2.53
@                       NS      i.root-servers.net.
i.root-servers.net      A      192.36.148.17
@                       NS      j.root-servers.net.
j.root-servers.net      A      192.58.128.30
@                       NS      k.root-servers.net.
k.root-servers.net      A      193.0.14.129
@                       NS      l.root-servers.net.
l.root-servers.net      A      198.32.64.12
@                       NS      m.root-servers.net.
m.root-servers.net      A      202.12.27.33
-----------------------------------------------------

I havent tried removing the DNS component or deleting the registry key yet, just want to check with you about the different versions of cache.dns so I can do the job in one go.

Will I need the Windows Server 2003 CD to do this?

Use the files that I have given you... try what I have recommended above first...


this machine is using a private IP addressing scheme correct?  

I believe this will solve your issue...

Heather

Would you believe I haven't found a good time to try this yet!  I will post when I do :)

Yeah I believe it...  You don't need the CD to do this... I'm eager to see your results...