Solved

DNS Issues!!!

Posted on 2004-08-23
14
220 Views
Last Modified: 2010-04-11
greetings,

i have two questions.  the first one is, our SOA server died and had to be
rebuilt, we did that and in the mean time the secondary picked up duties of
SOA automatically. when i went in to look at it it said it was the
SOA....Great!!!  so i rebuilt the other server, and brought it online as a
secondary DNS.  went in through the console to change it to SOA, it seemed
to work until i refreshed it and it kept the old settings.  i did this a few
times to make sure it would not work, and it never did work.  the SOA would
never change.  what did change though was now both servers thought they were
SOA for the domain/zone. problem!!

so, i decided to blow away the DNS server that i did not want as SOA, and
recreate it as a secondary DNS.  i did that, however, i could not delete the
whole server from the console, so i killed the service, and blew away the
zone.  created a new zone, made it a secondary, and thought i was done.
well, the now only SOA eventually got an error message, and said that the
zone was deleted, and it deleted the zone as well.  not good.

so i made the seconday a primary, since it still had all the records, and
made the other server a secondary, which i did not want to do.

now we cant seem to create a reverse lookup zone on the SOA, and it is
looking to the other DNS server and says that it is the SOA for the reverse
lookup zone.  weired!!

any help or explanations would be wow....great!!
0
Comment
Question by:shrek2
  • 4
  • 4
  • 2
  • +2
14 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 11872026
Hi shrek2,

You seem to be getting confused between an "SOA" (which is a type of DNS record) and a primary nameserver.

Time to bombard you with questions:

Go to www.dnsreport.com and put in your domain name.  Let us know what it fails on.
At the very least, that'll make sure that your parent DNSs (registrar) are configured to point to your own DNS properly.

I assume that you're using Windows DNS here?  What version of Windows is it?

Is your DNS set up in AD mode or as a standalone server?
Do you control both the primary and secondary DNS servers?

.. and another thought, is this an Internal DNS problem (your PCs can't resolve) or an External DNS problem (other people can't resolve your IPs)?

I hope that this helps - let me know if you need any further help.
0
 
LVL 3

Expert Comment

by:tomv011397
ID: 11872874
Common confusions:

Primary DNS : The server with the actual host and record db (may or may not be the 1st authorative server)
Secondary DNS (also know as slave, contains a copy of the primary DNS entries, gets them from the Primary)
Cacheing DNS (Does the lookups and resolutions, and caches the results for faster lookups, but does not contains any records of its own)

Authorative server (This is the server that is in your domain record. This can be Primary or secondary, as the job is to resolve addresses, so it can be primary or secondary, it does not care)

Your primary should be where it is easy to edit. It does not even have to be in the authorative list, so long as the authorative server can get updated copies of the domain records from it when it updates (Called a zone transfer).

Tom
0
 

Author Comment

by:shrek2
ID: 11872905
This is a internal LAN, we have external DNS servers that handal our resolution outside our walls.  This is a W2k3 AD domain and yes i control both servers.  as far as the SOA, I am refering to the SOA records yes, however i am also speaking of the facility that MS has given to us in its DNS console, where you can change the start of authority for the domain. when i do that, the SOA records change approprieately, but when i refresh the zone, it returns back to the previous SOA, both the record and in the DNS MMC.

as far as resolving, there is not a problem, the DNS forward lookup zone is functioning properly, but the SOA for the domain is on a server i do not want it to be on.  

now the reverse lookup zone is not up, because we cant seem to create it because it wont let us delete the previous one we have there, which is not working properly because it is not populating.  the settings are right, but i think it is messed up from us changing SOA roles.  

hope that clarifies. . .oh and one more thing what the heck is msdcs_domain??  it seems to get created automatically and has its own serial number for the SOA and everything??
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11873010
Sorry, this sounds like a DNS/AD screwup - I'm not very good at those.  I assumed that the problem was with external DNS resolution.

Sorry I couldn't help further.
0
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 500 total points
ID: 11873192
is the SOA being on the other server causing you any trouble?

if this is a w2k3 Ad domain,, it really was designed to be run as an AD integrated DNS zone, not a primary or secondary zone,, if you set it up as an AD integrated zone you will save yourself ALOT of headaches later on.
0
 

Author Comment

by:shrek2
ID: 11874149
i am running AD integrated secure transfers.  everything seems to be ok, after a while the reverse lookup zones deleted themselves, and i was able to create reverse zones and they are populating now.  

if i want to change the SOA for the domain, what is the rpocedure for that?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874233
is your SOA "primaary server" record currently pointed to  the local machine or another one?
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874298
from command prompt run

nslookup -querytype=all domain.com

this will tell you what the actual primary name server is for the zone,, dont belive what is set in the "primary server" on the SOA tab on the DNS GUI,,, they will give you two different answers,,,, but go with whatever the nslookup -querytype=all domain.com command tells you.

0
 

Author Comment

by:shrek2
ID: 11874470
well, that gave me the answer i was looking for, the primary name server was what it was supposed to be.  now, if i want to change that, to make the other server the SOA, is it better to do this by command line or use the DNS GUI??

if so what is the command, and for the GUI dodi just change the SOA entry?

thanks
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 11874520
as with anything else,, its always better to do anything from command line,,, but with windows,,, good luck finding what the actual command is
0
 

Author Comment

by:shrek2
ID: 11912587
so changing the SOA for our domain, what would be the procedure for that??
0
 
LVL 1

Expert Comment

by:wasteofspace101
ID: 12166354
1. open DNS management.
2. goto properties on forward lookup zone-domain name you want to change.
3. Click on Start of Authority (SOA) tab
4. Browse for new Primary Server.
5. Click OK

Ill loook for an MS CLI command for you as well.

0
 
LVL 3

Expert Comment

by:tomv011397
ID: 12573831
We need a better way to close abandoned issues. Especially when the original question was not concise, and a lot of replies came in arount the issues.

My $.02

Tom
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now