Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


DNS Issues!!!

Posted on 2004-08-23
Medium Priority
Last Modified: 2010-04-11

i have two questions.  the first one is, our SOA server died and had to be
rebuilt, we did that and in the mean time the secondary picked up duties of
SOA automatically. when i went in to look at it it said it was the
SOA....Great!!!  so i rebuilt the other server, and brought it online as a
secondary DNS.  went in through the console to change it to SOA, it seemed
to work until i refreshed it and it kept the old settings.  i did this a few
times to make sure it would not work, and it never did work.  the SOA would
never change.  what did change though was now both servers thought they were
SOA for the domain/zone. problem!!

so, i decided to blow away the DNS server that i did not want as SOA, and
recreate it as a secondary DNS.  i did that, however, i could not delete the
whole server from the console, so i killed the service, and blew away the
zone.  created a new zone, made it a secondary, and thought i was done.
well, the now only SOA eventually got an error message, and said that the
zone was deleted, and it deleted the zone as well.  not good.

so i made the seconday a primary, since it still had all the records, and
made the other server a secondary, which i did not want to do.

now we cant seem to create a reverse lookup zone on the SOA, and it is
looking to the other DNS server and says that it is the SOA for the reverse
lookup zone.  weired!!

any help or explanations would be wow....great!!
Question by:shrek2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
LVL 15

Expert Comment

ID: 11872026
Hi shrek2,

You seem to be getting confused between an "SOA" (which is a type of DNS record) and a primary nameserver.

Time to bombard you with questions:

Go to www.dnsreport.com and put in your domain name.  Let us know what it fails on.
At the very least, that'll make sure that your parent DNSs (registrar) are configured to point to your own DNS properly.

I assume that you're using Windows DNS here?  What version of Windows is it?

Is your DNS set up in AD mode or as a standalone server?
Do you control both the primary and secondary DNS servers?

.. and another thought, is this an Internal DNS problem (your PCs can't resolve) or an External DNS problem (other people can't resolve your IPs)?

I hope that this helps - let me know if you need any further help.

Expert Comment

ID: 11872874
Common confusions:

Primary DNS : The server with the actual host and record db (may or may not be the 1st authorative server)
Secondary DNS (also know as slave, contains a copy of the primary DNS entries, gets them from the Primary)
Cacheing DNS (Does the lookups and resolutions, and caches the results for faster lookups, but does not contains any records of its own)

Authorative server (This is the server that is in your domain record. This can be Primary or secondary, as the job is to resolve addresses, so it can be primary or secondary, it does not care)

Your primary should be where it is easy to edit. It does not even have to be in the authorative list, so long as the authorative server can get updated copies of the domain records from it when it updates (Called a zone transfer).


Author Comment

ID: 11872905
This is a internal LAN, we have external DNS servers that handal our resolution outside our walls.  This is a W2k3 AD domain and yes i control both servers.  as far as the SOA, I am refering to the SOA records yes, however i am also speaking of the facility that MS has given to us in its DNS console, where you can change the start of authority for the domain. when i do that, the SOA records change approprieately, but when i refresh the zone, it returns back to the previous SOA, both the record and in the DNS MMC.

as far as resolving, there is not a problem, the DNS forward lookup zone is functioning properly, but the SOA for the domain is on a server i do not want it to be on.  

now the reverse lookup zone is not up, because we cant seem to create it because it wont let us delete the previous one we have there, which is not working properly because it is not populating.  the settings are right, but i think it is messed up from us changing SOA roles.  

hope that clarifies. . .oh and one more thing what the heck is msdcs_domain??  it seems to get created automatically and has its own serial number for the SOA and everything??
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

LVL 15

Expert Comment

ID: 11873010
Sorry, this sounds like a DNS/AD screwup - I'm not very good at those.  I assumed that the problem was with external DNS resolution.

Sorry I couldn't help further.
LVL 25

Accepted Solution

mikeleebrla earned 1000 total points
ID: 11873192
is the SOA being on the other server causing you any trouble?

if this is a w2k3 Ad domain,, it really was designed to be run as an AD integrated DNS zone, not a primary or secondary zone,, if you set it up as an AD integrated zone you will save yourself ALOT of headaches later on.

Author Comment

ID: 11874149
i am running AD integrated secure transfers.  everything seems to be ok, after a while the reverse lookup zones deleted themselves, and i was able to create reverse zones and they are populating now.  

if i want to change the SOA for the domain, what is the rpocedure for that?
LVL 25

Expert Comment

ID: 11874233
is your SOA "primaary server" record currently pointed to  the local machine or another one?
LVL 25

Expert Comment

ID: 11874298
from command prompt run

nslookup -querytype=all domain.com

this will tell you what the actual primary name server is for the zone,, dont belive what is set in the "primary server" on the SOA tab on the DNS GUI,,, they will give you two different answers,,,, but go with whatever the nslookup -querytype=all domain.com command tells you.


Author Comment

ID: 11874470
well, that gave me the answer i was looking for, the primary name server was what it was supposed to be.  now, if i want to change that, to make the other server the SOA, is it better to do this by command line or use the DNS GUI??

if so what is the command, and for the GUI dodi just change the SOA entry?

LVL 25

Expert Comment

ID: 11874520
as with anything else,, its always better to do anything from command line,,, but with windows,,, good luck finding what the actual command is

Author Comment

ID: 11912587
so changing the SOA for our domain, what would be the procedure for that??

Expert Comment

ID: 12166354
1. open DNS management.
2. goto properties on forward lookup zone-domain name you want to change.
3. Click on Start of Authority (SOA) tab
4. Browse for new Primary Server.
5. Click OK

Ill loook for an MS CLI command for you as well.


Expert Comment

ID: 12573831
We need a better way to close abandoned issues. Especially when the original question was not concise, and a lot of replies came in arount the issues.

My $.02


Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question