Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS Issues!!!

Posted on 2004-08-23
14
Medium Priority
?
231 Views
Last Modified: 2010-04-11
greetings,

i have two questions.  the first one is, our SOA server died and had to be
rebuilt, we did that and in the mean time the secondary picked up duties of
SOA automatically. when i went in to look at it it said it was the
SOA....Great!!!  so i rebuilt the other server, and brought it online as a
secondary DNS.  went in through the console to change it to SOA, it seemed
to work until i refreshed it and it kept the old settings.  i did this a few
times to make sure it would not work, and it never did work.  the SOA would
never change.  what did change though was now both servers thought they were
SOA for the domain/zone. problem!!

so, i decided to blow away the DNS server that i did not want as SOA, and
recreate it as a secondary DNS.  i did that, however, i could not delete the
whole server from the console, so i killed the service, and blew away the
zone.  created a new zone, made it a secondary, and thought i was done.
well, the now only SOA eventually got an error message, and said that the
zone was deleted, and it deleted the zone as well.  not good.

so i made the seconday a primary, since it still had all the records, and
made the other server a secondary, which i did not want to do.

now we cant seem to create a reverse lookup zone on the SOA, and it is
looking to the other DNS server and says that it is the SOA for the reverse
lookup zone.  weired!!

any help or explanations would be wow....great!!
0
Comment
Question by:shrek2
  • 4
  • 4
  • 2
  • +2
13 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 11872026
Hi shrek2,

You seem to be getting confused between an "SOA" (which is a type of DNS record) and a primary nameserver.

Time to bombard you with questions:

Go to www.dnsreport.com and put in your domain name.  Let us know what it fails on.
At the very least, that'll make sure that your parent DNSs (registrar) are configured to point to your own DNS properly.

I assume that you're using Windows DNS here?  What version of Windows is it?

Is your DNS set up in AD mode or as a standalone server?
Do you control both the primary and secondary DNS servers?

.. and another thought, is this an Internal DNS problem (your PCs can't resolve) or an External DNS problem (other people can't resolve your IPs)?

I hope that this helps - let me know if you need any further help.
0
 
LVL 3

Expert Comment

by:tomv011397
ID: 11872874
Common confusions:

Primary DNS : The server with the actual host and record db (may or may not be the 1st authorative server)
Secondary DNS (also know as slave, contains a copy of the primary DNS entries, gets them from the Primary)
Cacheing DNS (Does the lookups and resolutions, and caches the results for faster lookups, but does not contains any records of its own)

Authorative server (This is the server that is in your domain record. This can be Primary or secondary, as the job is to resolve addresses, so it can be primary or secondary, it does not care)

Your primary should be where it is easy to edit. It does not even have to be in the authorative list, so long as the authorative server can get updated copies of the domain records from it when it updates (Called a zone transfer).

Tom
0
 

Author Comment

by:shrek2
ID: 11872905
This is a internal LAN, we have external DNS servers that handal our resolution outside our walls.  This is a W2k3 AD domain and yes i control both servers.  as far as the SOA, I am refering to the SOA records yes, however i am also speaking of the facility that MS has given to us in its DNS console, where you can change the start of authority for the domain. when i do that, the SOA records change approprieately, but when i refresh the zone, it returns back to the previous SOA, both the record and in the DNS MMC.

as far as resolving, there is not a problem, the DNS forward lookup zone is functioning properly, but the SOA for the domain is on a server i do not want it to be on.  

now the reverse lookup zone is not up, because we cant seem to create it because it wont let us delete the previous one we have there, which is not working properly because it is not populating.  the settings are right, but i think it is messed up from us changing SOA roles.  

hope that clarifies. . .oh and one more thing what the heck is msdcs_domain??  it seems to get created automatically and has its own serial number for the SOA and everything??
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 15

Expert Comment

by:scampgb
ID: 11873010
Sorry, this sounds like a DNS/AD screwup - I'm not very good at those.  I assumed that the problem was with external DNS resolution.

Sorry I couldn't help further.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 1000 total points
ID: 11873192
is the SOA being on the other server causing you any trouble?

if this is a w2k3 Ad domain,, it really was designed to be run as an AD integrated DNS zone, not a primary or secondary zone,, if you set it up as an AD integrated zone you will save yourself ALOT of headaches later on.
0
 

Author Comment

by:shrek2
ID: 11874149
i am running AD integrated secure transfers.  everything seems to be ok, after a while the reverse lookup zones deleted themselves, and i was able to create reverse zones and they are populating now.  

if i want to change the SOA for the domain, what is the rpocedure for that?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874233
is your SOA "primaary server" record currently pointed to  the local machine or another one?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874298
from command prompt run

nslookup -querytype=all domain.com

this will tell you what the actual primary name server is for the zone,, dont belive what is set in the "primary server" on the SOA tab on the DNS GUI,,, they will give you two different answers,,,, but go with whatever the nslookup -querytype=all domain.com command tells you.

0
 

Author Comment

by:shrek2
ID: 11874470
well, that gave me the answer i was looking for, the primary name server was what it was supposed to be.  now, if i want to change that, to make the other server the SOA, is it better to do this by command line or use the DNS GUI??

if so what is the command, and for the GUI dodi just change the SOA entry?

thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874520
as with anything else,, its always better to do anything from command line,,, but with windows,,, good luck finding what the actual command is
0
 

Author Comment

by:shrek2
ID: 11912587
so changing the SOA for our domain, what would be the procedure for that??
0
 
LVL 1

Expert Comment

by:wasteofspace101
ID: 12166354
1. open DNS management.
2. goto properties on forward lookup zone-domain name you want to change.
3. Click on Start of Authority (SOA) tab
4. Browse for new Primary Server.
5. Click OK

Ill loook for an MS CLI command for you as well.

0
 
LVL 3

Expert Comment

by:tomv011397
ID: 12573831
We need a better way to close abandoned issues. Especially when the original question was not concise, and a lot of replies came in arount the issues.

My $.02

Tom
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question