mklaro
asked on
New DNS setup not. Not resolving
Im new at this MS stuff and am having issues getting DNS running on a test enviorment. I need to test this before i go live with it.
Im running windows server 2003 standard.
I have an active directory domain
internal.testdomain.com
I am NOT going to be authoratative for the domain testdomain.com My ISP will hold my zone file for it.
What i want to do is have everyone on my network use our DNS server(s) to resolve names.
I setup the DNS with Active Directory and i can not resolve names on the server and clients with the servers IP for DNS can also not resolve names
In the TCP/IP properties of the server the DNS points to itself.
I have a forward and reverse lookup zone and they appear to be configured correctly
the SOA record shows that the Primary server is saturn.internal.testdomain .com
the NS and A records are also in there and configured with the same information.
Im stumped on this so any help in getting this to work would be greatly appreciated.
Im running windows server 2003 standard.
I have an active directory domain
internal.testdomain.com
I am NOT going to be authoratative for the domain testdomain.com My ISP will hold my zone file for it.
What i want to do is have everyone on my network use our DNS server(s) to resolve names.
I setup the DNS with Active Directory and i can not resolve names on the server and clients with the servers IP for DNS can also not resolve names
In the TCP/IP properties of the server the DNS points to itself.
I have a forward and reverse lookup zone and they appear to be configured correctly
the SOA record shows that the Primary server is saturn.internal.testdomain
the NS and A records are also in there and configured with the same information.
Im stumped on this so any help in getting this to work would be greatly appreciated.
A few things to check if you could.
When you say cannot resolve addresses on the Server, does that include the machines own name? Or does it refer only to external addresses?
I take it you've checked that your server has access through whatever Firewall or other gateway device you're using?
If the server is running the Routing and Remote Access Service try stopping it and retesting name resolution.
Are you configured to use Root Hints or Forwarders?
If Root Hints (this is the default), inside DNS Manager can you confirm there are 13 addresses listed under the Root Hints tab in the properties for your DNS Server.
If Forwarders, can you confirm that the server you forward requests to responds and supports recursive queries.
And finally, if none of that helps at all, are any error messages being posted in any of the Event Logs?
HTH
Chris
When you say cannot resolve addresses on the Server, does that include the machines own name? Or does it refer only to external addresses?
I take it you've checked that your server has access through whatever Firewall or other gateway device you're using?
If the server is running the Routing and Remote Access Service try stopping it and retesting name resolution.
Are you configured to use Root Hints or Forwarders?
If Root Hints (this is the default), inside DNS Manager can you confirm there are 13 addresses listed under the Root Hints tab in the properties for your DNS Server.
If Forwarders, can you confirm that the server you forward requests to responds and supports recursive queries.
And finally, if none of that helps at all, are any error messages being posted in any of the Event Logs?
HTH
Chris
Some information:
1) Verify that client machines are ONLY pointing to your internal Windows 200x DNS servers. Many people make the MISTAKE of pointing client machines directly to ISP DNS servers. YOU SHOULD NOT POINT CLIENTS DIRECTLY TO ISP DNS SERVERS... You may loose some control when you do this...such as what you are seeing...
2) Make sure that the clients don't have another internal DNS server that they are using as secondary or third... Check the client local TCP/IP settings to check this...
3) See point number 1) it is very important..
To check for forwarding do this:
1) On your DNs server console, right click your Server name and choose properties
2) Select the FORWARDERS tab....see if any IP addresses are listed here.
Also, check your server itself...may sure that the local TCP/IP properties of your server only points to itself for DNS...(and NOt the ISP DNS servers)
If you only have ONE DNS server in your environment, make sure that your client machines are ONLY pointing to this single DNS server. If you have multiple DNS servers in your environment, make sure that NONE of them are forwarding to the internet. You need to check them all...
To test DNS, you should use NSLOOKUP to test DNS directly. Here's how:
- go to command prompt
- type NSLOOKUP (NSLOOKUP is a tool to trouble shooting DNS...it will tell you if DNS is being forwarded to the internet or NOT...)
C:\Documents and Settings\>nslookup
Default Server: myDNSserver
Address: 10.10.1.1
> www.yahoo.com <-- Now type an internet address like www.yahoo.com
Server: myDNSserver <-- I'm using my local Windows DNS server called myDNSserver
Address: 10.10.1.1 <-- This shows my DNS servers IP
Non-authoritative answer: <-- Here is the answer...notice Non-Authoritative... This means it was a forwarded response)
Name: www.yahoo.akadns.net
Addresses: 68.142.197.84, 68.142.197.83, 68.142.197.76, 68.142.197.75
68.142.197.73, 68.142.197.64, 68.142.197.88, 68.142.197.86
Aliases: www.yahoo.com
Because I was able to find WWW.YAHOO.COM from NSLOOKUP and because it was a non-authoritative response, I know that the NAME to IP resolution was answered by a non-local DNS server. This shows me that forwarding is working in my environment.
1) Verify that client machines are ONLY pointing to your internal Windows 200x DNS servers. Many people make the MISTAKE of pointing client machines directly to ISP DNS servers. YOU SHOULD NOT POINT CLIENTS DIRECTLY TO ISP DNS SERVERS... You may loose some control when you do this...such as what you are seeing...
2) Make sure that the clients don't have another internal DNS server that they are using as secondary or third... Check the client local TCP/IP settings to check this...
3) See point number 1) it is very important..
To check for forwarding do this:
1) On your DNs server console, right click your Server name and choose properties
2) Select the FORWARDERS tab....see if any IP addresses are listed here.
Also, check your server itself...may sure that the local TCP/IP properties of your server only points to itself for DNS...(and NOt the ISP DNS servers)
If you only have ONE DNS server in your environment, make sure that your client machines are ONLY pointing to this single DNS server. If you have multiple DNS servers in your environment, make sure that NONE of them are forwarding to the internet. You need to check them all...
To test DNS, you should use NSLOOKUP to test DNS directly. Here's how:
- go to command prompt
- type NSLOOKUP (NSLOOKUP is a tool to trouble shooting DNS...it will tell you if DNS is being forwarded to the internet or NOT...)
C:\Documents and Settings\>nslookup
Default Server: myDNSserver
Address: 10.10.1.1
> www.yahoo.com <-- Now type an internet address like www.yahoo.com
Server: myDNSserver <-- I'm using my local Windows DNS server called myDNSserver
Address: 10.10.1.1 <-- This shows my DNS servers IP
Non-authoritative answer: <-- Here is the answer...notice Non-Authoritative... This means it was a forwarded response)
Name: www.yahoo.akadns.net
Addresses: 68.142.197.84, 68.142.197.83, 68.142.197.76, 68.142.197.75
68.142.197.73, 68.142.197.64, 68.142.197.88, 68.142.197.86
Aliases: www.yahoo.com
Because I was able to find WWW.YAHOO.COM from NSLOOKUP and because it was a non-authoritative response, I know that the NAME to IP resolution was answered by a non-local DNS server. This shows me that forwarding is working in my environment.
ASKER
All root hints are there.
Firewall is not an issue, all machines have access.
DNS in TCP/IP points to itself fo the server, no other DNS is listed in there. All clients are pointing to the server only no ISP DNS.
There is nothing listed for IPs under Forwarders Tab of the DNS Properties.
NS lookup returns this:
-------------------------- ---------- ---------- ------
C:\Documents and Settings\Administrator.SAT URN.000>ns lookup
*** Can't find server name for address 172.16.180.245: Non-existent domain
Default Server: UnKnown
Address: 172.16.180.245
C:\Documents and Settings\Administrator.SAT URN.000>ns lookup www.google.com
*** Can't find server name for address 172.16.180.245: Non-existent domain
Server: UnKnown
Address: 172.16.180.245
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
-------------------------- ---------- ---------- -----
Firewall is not an issue, all machines have access.
DNS in TCP/IP points to itself fo the server, no other DNS is listed in there. All clients are pointing to the server only no ISP DNS.
There is nothing listed for IPs under Forwarders Tab of the DNS Properties.
NS lookup returns this:
--------------------------
C:\Documents and Settings\Administrator.SAT
*** Can't find server name for address 172.16.180.245: Non-existent domain
Default Server: UnKnown
Address: 172.16.180.245
C:\Documents and Settings\Administrator.SAT
*** Can't find server name for address 172.16.180.245: Non-existent domain
Server: UnKnown
Address: 172.16.180.245
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(by the way, your NSLOOKUP output shows me that you are not properly forwarding DNS to the Internet...)
ASKER
Awesome! thanks for the help. One question though...
Will this build somewhat of a cache so it does no constantly query my ISPs DNS servers?
Almost like a routing table works?
Will this build somewhat of a cache so it does no constantly query my ISPs DNS servers?
Almost like a routing table works?
ASKER
NM did some digging and got my answer about chaching. thanks again for the help.
ASKER
Dynamic updates have been disabled.
Thats about all the info i can think of