Problem querying DNS server.

Posted on 2007-07-30
Last Modified: 2011-08-18
I'm having a problem with DNS queries from a domain controller in one site to a DC in another...

Site 1...2003 Server R2, Domain controller hosting all FSMO roles. IP, using Root Hints to resolve external requests (No ISP listed in forwarders).
Site 2...2000 Server, Domain Controller IP, using Root hints.

From either site, I am unable to successfully query the other server. The two sites are connected via dedicated link. There are no restrictions on traffic in place. I can successfully ping each server and there are no routing issues. I can successfully telnet to/from port 53 from both servers to each other. I tried increasing the timeout on nslookup but this did not help. What could the problem be?
Question by:FIFBA
    LVL 8

    Expert Comment

    You need to setup WINS on your 2003 Server.
    LVL 70

    Expert Comment

    No - you DON NOT need WINS !
    Why are you not using forwarders - it's much more efficient - but thats a side issue
    You say that you are quering one server from the other? how? NSlookup ? What are the results?

    It is normal to set up clients to use one internal windows DNS server as the preferred DNS server and another as the alternate DNS server, The DNS servers themsleves should be set to use themselves as the preferred DNS server and another Windows DNS server as the alternate DNS server. Is that what you have?
    LVL 51

    Expert Comment

    On the 2003 DNS server, on the Forwarder tab, add a Conditional Forwarder for the FQDN of the 2000 domain with the IP address of the 2000 DNS server.

    On the 2000 DNS server add a Delegate record for the 2003 domain using the IP address of the 2003 DNS server.


    Author Comment

    I am querying via NSLOOKUP, lookup is timing out. The DNS configuration is as you suggest...

    Author Comment

    netman66...these are both members of the same domain...2 active directory sites...both DC's are global catalog servers...
    LVL 51

    Accepted Solution

    Are the zones AD Integrated?

    Is replication healthy?  Use Netmon to check.

    The _msdcs zone is a Forest wide zone in 2003 server.  If the initial DNS infrastructure was created on the 2003 server then the zone will be in a partition in the directory that Windows 2000 does not understand.  To check this, open the DNS console and expand the FLZ on the 2003 server - if there are 2 zones (_msdcs and then your problem lies there.

    You would need to put a delegate zone in the 2000 DNS FLZ for _msdcs and point it to the 2003 DNS server.


    Author Comment

    This appears to be the problem. How do I resolve? You say to create a delegate zone...I know how to create a delegate zone for a subdomain but there is no subdomain involved here...What do I need to do? Thanks.
    LVL 51

    Assisted Solution

    The subdomain is _msdcs.

    In the FLZ, exapnd the domain.
    Right click the domain and select New Delegation.
    In the enpty field, type _msdcs then click Next.
    Add the FQDN of the other server with IP address.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now