New DNS setup not. Not resolving

Posted on 2005-04-12
Medium Priority
Last Modified: 2010-04-18
Im new at this MS stuff and am having issues getting DNS running on a test enviorment. I need to test this before i go live with it.

Im running windows server 2003 standard.

I have an active directory domain


I am NOT going to be authoratative for the domain testdomain.com My ISP will hold my zone file for it.

What i want to do is have everyone on my network use our DNS server(s) to resolve names.

I setup the DNS with Active Directory and i can not resolve names on the server and clients with the servers IP for DNS can also not resolve names

In the TCP/IP properties of the server the DNS points to itself.
I have a forward and reverse lookup zone and they appear to be configured correctly

the SOA record shows that the Primary server is saturn.internal.testdomain.com
the NS and A records are also in there and configured with the same information.

Im stumped on this so any help in getting this to work would be greatly appreciated.
Question by:mklaro
  • 4
  • 3

Author Comment

ID: 13763726
DNS was configured as a Primary Zone when AD was installed.
Dynamic updates have been disabled.

Thats about all the info i can think of
LVL 71

Expert Comment

by:Chris Dent
ID: 13764058
A few things to check if you could.

When you say cannot resolve addresses on the Server, does that include the machines own name? Or does it refer only to external addresses?

I take it you've checked that your server has access through whatever Firewall or other gateway device you're using?

If the server is running the Routing and Remote Access Service try stopping it and retesting name resolution.

Are you configured to use Root Hints or Forwarders?

If Root Hints (this is the default), inside DNS Manager can you confirm there are 13 addresses listed under the Root Hints tab in the properties for your DNS Server.

If Forwarders, can you confirm that the server you forward requests to responds and supports recursive queries.

And finally, if none of that helps at all, are any error messages being posted in any of the Event Logs?


LVL 33

Expert Comment

ID: 13764600
Some information:

1) Verify that client machines are ONLY pointing to your internal Windows 200x DNS servers.  Many people make the MISTAKE of pointing client machines directly to ISP DNS servers.  YOU SHOULD NOT POINT CLIENTS DIRECTLY TO ISP DNS SERVERS...  You may loose some control when you do this...such as what you are seeing...

2) Make sure that the clients don't have another internal DNS server that they are using as secondary or third...  Check the client local TCP/IP settings to check this...

3) See point number 1) it is very important..

To check for forwarding do this:

1) On your DNs server console, right click your Server name and choose properties
2) Select the FORWARDERS tab....see if any IP addresses are listed here.

Also, check your server itself...may sure that the local TCP/IP properties of your server only points to itself for DNS...(and NOt the ISP DNS servers)

If you only have ONE DNS server in your environment, make sure that your client machines are ONLY pointing to this single DNS server.  If you have multiple DNS servers in your environment, make sure that NONE of them are forwarding to the internet.  You need to check them all...

To test DNS, you should use NSLOOKUP to test DNS directly.  Here's how:

- go to command prompt
- type NSLOOKUP  (NSLOOKUP is a tool to trouble shooting DNS...it will tell you if DNS is being forwarded to the internet or NOT...)

C:\Documents and Settings\>nslookup
Default Server:  myDNSserver

www.yahoo.com       <-- Now type an internet address like www.yahoo.com
Server:  myDNSserver   <-- I'm using my local Windows DNS server called myDNSserver
Address:       <-- This shows my DNS servers IP

Non-authoritative answer:     <-- Here is the answer...notice Non-Authoritative...  This means it was a forwarded response)
Name:    www.yahoo.akadns.net
Aliases:  www.yahoo.com

Because I was able to find WWW.YAHOO.COM from NSLOOKUP and because it was a non-authoritative response, I know that the NAME to IP resolution was answered by a non-local DNS server.  This shows me that forwarding is working in my environment.

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.


Author Comment

ID: 13765327
All root hints are there.

Firewall is not an issue, all machines have access.

DNS in TCP/IP points to itself fo the server, no other DNS is listed in there. All clients are pointing to the server only no ISP DNS.

There is nothing listed for IPs under Forwarders Tab of the DNS Properties.

NS lookup returns this:

C:\Documents and Settings\Administrator.SATURN.000>nslookup
*** Can't find server name for address Non-existent domain
Default Server:  UnKnown

C:\Documents and Settings\Administrator.SATURN.000>nslookup www.google.com
*** Can't find server name for address Non-existent domain
Server:  UnKnown

DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
LVL 33

Accepted Solution

NJComputerNetworks earned 2000 total points
ID: 13765493
Do you know if you ISP provides you with DNS server IP addresses to forward to?

if so, you can configure your Windows DNS server to forward to the internet:

1) On your DNs server console, right click your Server name and choose properties
2) Select the FORWARDERS tab....enter your ISP DNS server's here....  (or in some environments, admins will point DNS to thier router's IP address...then the router forwards requests to the ISP. although, I like to point straight out to the ISP...)

In your NSLOOKUP, you got this...

NS lookup returns this:

C:\Documents and Settings\Administrator.SATURN.000>nslookup
*** Can't find server name for address Non-existent domain
Default Server:  UnKnown

"*** Can't find server name for address Non-existent domain"  This error comes up because you have not created a REVERSE LOOKUP ZONE on your Windows 200x DNS server.  To fix this, create a reverse lookup zone for 172.16.180.x.  Then create a PTR record that maps to your DNS server.  (ie. SATURN)

LVL 33

Expert Comment

ID: 13765506
(by the way, your NSLOOKUP output shows me that you are not properly forwarding DNS to the Internet...)

Author Comment

ID: 13766066
Awesome! thanks for the help. One question though...

Will this build somewhat of a cache so it does no constantly query my ISPs DNS servers?
Almost like a routing table works?

Author Comment

ID: 13766349
NM did some digging and got my answer about chaching. thanks again for the help.

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question