Monroe406
asked on
DNS server encountered a packet addressed to itself
Whenever I boot up my Windows 2000 Server, I get the following entry in my DNS event log...
--------- start ---------
The DNS server encountered a packet addressed to itself -- IP address 63.100.100.100 {IP is intentionally
faked for this Expert's Exchange posting}
The DNS server should never be sending a packet to itself. This situation usually indicates a configuration
error.
Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also
on this server.
--------- stop -------
I have already check suggestion #1 above. It does not apply. I then am stumped, since I don't have
a clue how to follow through on suggestions #2, #3 and #4. Can someone give me instructions on how
to validate/check suggestions #2, 3 and 4?
--------- start ---------
The DNS server encountered a packet addressed to itself -- IP address 63.100.100.100 {IP is intentionally
faked for this Expert's Exchange posting}
The DNS server should never be sending a packet to itself. This situation usually indicates a configuration
error.
Check the following areas for possible self-send configuration errors:
1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also
on this server.
--------- stop -------
I have already check suggestion #1 above. It does not apply. I then am stumped, since I don't have
a clue how to follow through on suggestions #2, #3 and #4. Can someone give me instructions on how
to validate/check suggestions #2, 3 and 4?
ASKER
>> Is this DNS server primary, secondery
It is the primary DNS server.
>> Is there any zone configured for this DNS server?
Yes.
>>Why do you need to enable and configure this DNS server ?
Because it is a Web server, hosting dozens of domains, and a mail server.
It is the primary DNS server.
>> Is there any zone configured for this DNS server?
Yes.
>>Why do you need to enable and configure this DNS server ?
Because it is a Web server, hosting dozens of domains, and a mail server.
Example:
-> This DNS server dns1.mycompany.com is the primary for the zone
mycompany.com.
-> You have delegated the zone sales.mycompany.com to
salesdns.sales.mycompany.c
zone on this DNS (dns1.mycompany.com).
-> sales.mycompany.com MUST NOT have an NS record that points at
dns1.mycompany.com.
Note, you should make this check (with nslookup or DNS manager) both on this
DNS server and on the server(s) you delegated the subzone to. It is possible
that the delegation was done correctly, but that the primary DNS for the
subzone, has any incorrect NS record pointing back at this server. If this
incorrect NS record is cached at this server, then the self-send could
result. If found, the subzone DNS server admin should remove the offending NS
record.
-> This DNS server dns1.mycompany.com is the primary for the zone
mycompany.com.
-> You have delegated the zone sales.mycompany.com to
salesdns.sales.mycompany.c
zone on this DNS (dns1.mycompany.com).
-> sales.mycompany.com MUST NOT have an NS record that points at
dns1.mycompany.com.
Note, you should make this check (with nslookup or DNS manager) both on this
DNS server and on the server(s) you delegated the subzone to. It is possible
that the delegation was done correctly, but that the primary DNS for the
subzone, has any incorrect NS record pointing back at this server. If this
incorrect NS record is cached at this server, then the self-send could
result. If found, the subzone DNS server admin should remove the offending NS
record.
Example:
-> This DNS server dns1.mycompany.com is the primary for the zone
mycompany.com.
-> You have delegated the zone sales.mycompany.com to
salesdns.sales.mycompany.c
zone on this DNS (dns1.mycompany.com).
-> sales.mycompany.com MUST NOT have an NS record that points at
dns1.mycompany.com.
Note, you should make this check (with nslookup or DNS manager) both on this
DNS server and on the server(s) you delegated the subzone to. It is possible
that the delegation was done correctly, but that the primary DNS for the
subzone, has any incorrect NS record pointing back at this server. If this
incorrect NS record is cached at this server, then the self-send could
result. If found, the subzone DNS server admin should remove the offending NS
record.
-> This DNS server dns1.mycompany.com is the primary for the zone
mycompany.com.
-> You have delegated the zone sales.mycompany.com to
salesdns.sales.mycompany.c
zone on this DNS (dns1.mycompany.com).
-> sales.mycompany.com MUST NOT have an NS record that points at
dns1.mycompany.com.
Note, you should make this check (with nslookup or DNS manager) both on this
DNS server and on the server(s) you delegated the subzone to. It is possible
that the delegation was done correctly, but that the primary DNS for the
subzone, has any incorrect NS record pointing back at this server. If this
incorrect NS record is cached at this server, then the self-send could
result. If found, the subzone DNS server admin should remove the offending NS
record.
Monroe
I've tried to solve this same issue with MS and they suggested that the problem was some other DNS server did not recognize my server as authoritative. You need to determine who that server is and let it know that you are authoritative for the zone. MS suggests that you track the packets using DNS logging and look for the error message in the log. Once you see the message, the server just prior to the error in the log is your culprit. Careful! Those DNS logs grow rapidly!
Hope this helps. I was able to resolve the error coming from two of the three servers that were causing this problem on our network, but never could get my ISP to change the settings on the 3rd. Doesn't seem to effect performance.
I've tried to solve this same issue with MS and they suggested that the problem was some other DNS server did not recognize my server as authoritative. You need to determine who that server is and let it know that you are authoritative for the zone. MS suggests that you track the packets using DNS logging and look for the error message in the log. Once you see the message, the server just prior to the error in the log is your culprit. Careful! Those DNS logs grow rapidly!
Hope this helps. I was able to resolve the error coming from two of the three servers that were causing this problem on our network, but never could get my ISP to change the settings on the 3rd. Doesn't seem to effect performance.
ASKER
>>Note, you should make this check (with nslookup
>>or DNS manager) both on this DNS server and
>> on the server(s) you delegated the subzone to.
I know what nslookup is, and I know what DNS Manager is...but that's about all I know in regards to these tools. When you say "make this check", I don't follow you in regards to how I am to check whatever it is I am supposed to check.
BTW, the everything is one just one server... DNS, HTTP, Mail, FTP, etc.
>>or DNS manager) both on this DNS server and
>> on the server(s) you delegated the subzone to.
I know what nslookup is, and I know what DNS Manager is...but that's about all I know in regards to these tools. When you say "make this check", I don't follow you in regards to how I am to check whatever it is I am supposed to check.
BTW, the everything is one just one server... DNS, HTTP, Mail, FTP, etc.
> everything is one just one server... DNS, HTTP, Mail, FTP
Guess you don't need this DNS server at all.
Guess you don't need this DNS server at all.
ASKER
>> Guess you don't need this DNS server at all.
Explain what you mean.
Explain what you mean.
Monroe406:
You have many open questions. I will be posting this comment in all of them:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20254049
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20172013
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20139842
https://www.experts-exchange.com/jsp/qShow.jsp?ta=msaccess&qid=20265114
https://www.experts-exchange.com/jsp/qShow.jsp?ta=msaccess&qid=20239542
https://www.experts-exchange.com/jsp/qShow.jsp?ta=iis&qid=20154037
To assist you in your cleanup, I'm providing the following guidelines:
1. Stay active in your questions and provide feedback whenever possible. Likewise, when feedback has not been provided by the experts, commenting again makes them receive an email notification, and they may provide you with further information. Experts have no other method of searching for questions in which they have commented, except manually.
2. Award points by hitting the Accept Comment As Answer button located above and to the left of that expert's comment.
3. When grading, be sure to read:
https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp#3
to ensure that you understand the grading system here at EE. If you grade less than an A, you must explain why.
4. Questions that were not helpful to you should be PAQ'd (stored in the database for their valuable content?even if not valuable to you) or deleted. To PAQ or delete a question, you must first post your intent in that question to make the experts aware. Then, if no experts object after three full days, you can post a zero-point question at community support to request deletion or PAQ. Please include the link(s) to the question(s).
CS: https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
At that point, a moderator can refund your points and PAQ or delete the question for you. The delete button does not work.
5. If you fail to respond to this cleanup request, I must report you to the Community Support Administrator for further action.
Our intent is to get the questions cleaned up, and not to embarrass or shame anyone. If you have any questions or need further assistance at all, feel free to ask me in this question or post a zero-point question at CS. We are very happy to help you in this task!
thanks!
amp
community support moderator
You have many open questions. I will be posting this comment in all of them:
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20254049
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20172013
https://www.experts-exchange.com/jsp/qShow.jsp?ta=win2k&qid=20139842
https://www.experts-exchange.com/jsp/qShow.jsp?ta=msaccess&qid=20265114
https://www.experts-exchange.com/jsp/qShow.jsp?ta=msaccess&qid=20239542
https://www.experts-exchange.com/jsp/qShow.jsp?ta=iis&qid=20154037
To assist you in your cleanup, I'm providing the following guidelines:
1. Stay active in your questions and provide feedback whenever possible. Likewise, when feedback has not been provided by the experts, commenting again makes them receive an email notification, and they may provide you with further information. Experts have no other method of searching for questions in which they have commented, except manually.
2. Award points by hitting the Accept Comment As Answer button located above and to the left of that expert's comment.
3. When grading, be sure to read:
https://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp#3
to ensure that you understand the grading system here at EE. If you grade less than an A, you must explain why.
4. Questions that were not helpful to you should be PAQ'd (stored in the database for their valuable content?even if not valuable to you) or deleted. To PAQ or delete a question, you must first post your intent in that question to make the experts aware. Then, if no experts object after three full days, you can post a zero-point question at community support to request deletion or PAQ. Please include the link(s) to the question(s).
CS: https://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
At that point, a moderator can refund your points and PAQ or delete the question for you. The delete button does not work.
5. If you fail to respond to this cleanup request, I must report you to the Community Support Administrator for further action.
Our intent is to get the questions cleaned up, and not to embarrass or shame anyone. If you have any questions or need further assistance at all, feel free to ask me in this question or post a zero-point question at CS. We are very happy to help you in this task!
thanks!
amp
community support moderator
ASKER
I am giving notice that no one answered this question correctly, and I will be requesting that it be "PAQ'd"...whatever that means...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thanks Monroe for closing all the other questions.
Best regards,
ComTech
CS Admin @ EE
Best regards,
ComTech
CS Admin @ EE
Go to dnsmgmt and make sure your local ip is not listed in root hints this took care of my problem.
Is there any zone configured for this DNS server?
Or maybe a better way to ask is :
Why do you need to enable and configure this DNS server ?