Solved

2003 AD-integrated DNS problems

Posted on 2004-08-20
7
1,144 Views
Last Modified: 2007-12-19

I have two domain controllers in an AD network and I am trying to setup and configure DNS on dc1 properly before configuring and installing dns on dc2. I noticed the the wizard set my primary dns on dc1 as 127.0.0.1.Is this correct or should i set it to be the same ip address thats static'd into dc1's local area connection example: 128.0.2.5. Here's the output:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : computername
   Primary Dns Suffix  . . . . . . . : company.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : company.local

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP Network Team #1
   Physical Address. . . . . . . . . : 00-0F-20-D1-4D-6E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 128.0.2.5
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : 128.0.1.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
                                       198.6.1.3
                                       198.6.100.25

C:\>nslookup 128.0.2.5
Server:  localhost
Address:  127.0.0.1

*** localhost can't find 128.0.2.5: Non-existent domain

What am I doing wrong and why can't I resolve 128.0.2.5 (dc1)? Also should I be using secure dynamic updates or just dynamic updates?
0
Comment
Question by:SANG501
  • 4
  • 3
7 Comments
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11854261
which machine where you on when you did the above nslookup?

I wouldn't set the dns server to the loopback (127.0.0.1) just set it to the actual IP address of the DNS server that you want it to point to.

Also,  i wouldn't have your 2nd and 3rd dns servers listed as "real" public dns server b/c say your internal dns server is down, it will then give you results from a "public" dns server,, which of course will not have any info about your internal network,, so you will not get the disired results.
0
 
LVL 1

Author Comment

by:SANG501
ID: 11854288
I did the nslookup from 128.0.2.5(dc1)
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11854356
well change its dns server to 128.0.2.5 (itself) and then check the DNS MMC to see that if it has a reverse lookup zone for your domain and a reverse A record for DC1.  DO you even have reverse zones configured,, since you are doing nslookup 1.1.1.1 which is a reverse lookup??
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 1

Author Comment

by:SANG501
ID: 11854417

After changing the primary DNS to 128.0.2.5 i can now get the right results from nslookup. I also created a reverse lookup zone with 128.0 as the network id. However, the only items I see in this zone are: two NS files pointing to DC1 and DC2 respectively and a SOA record. Is this correct?
0
 
LVL 1

Author Comment

by:SANG501
ID: 11854444
nevermind, I did a refresh and got a pointer record. Thanks for the assistance.

Also, can you or someone enlighten me as to whcih dynamic update is recommended?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11854647
there are only 2 types of dynamic updates that i know of,, secure and not secure.

by default, clients will attempt to use unsecure first,, then if that fails they will attempt to use the secure method.  if you have 98/95 computers these clients will have to be added to the DNSProxyUpdate Group in active directory.  windows 2000/xp machines are in this group by default.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11854661
opps,,, i meant you will have to add your DHCP server to the DNSProxyUpdate Group
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now