Solved

Secondary DNS server does not give FQDN on ping -a

Posted on 2008-06-13
9
548 Views
Last Modified: 2008-06-16
I set up a secondary DNS server for redundancy and used the wizard so it should have pulled the DNS settings from the current DNS server. It seems to be working fine but while troubleshooting a Blackberry issue I found if a PC/server used dns02 (the new one) as the logon server when I ping then ping -a from that device I do not get the FQDN, only the name. If I ping from a device that used dns01 as the logon server then I do get the FQDN. I have compared settings on the 2 dns servers and cannot see any difference. What should I look for?

Both servers are MS 2003 SP1
0
Comment
Question by:LarryDAH
  • 5
  • 4
9 Comments
 
LVL 13

Expert Comment

by:martin_babarik
ID: 21779352
Hi, when you use "ipconfig /all" on both servers, do you see the same primary DNS suffix? If not, change it My computer -> Properties -> Computer name -> Change -> More.
Also if you want to ping by IP and get the FQDN as a result, you should create a reverse lookup zone and create PTR records there.
0
 

Author Comment

by:LarryDAH
ID: 21779533
ipconfig /all shows the same primary DNS suffix on both servers and the new server does have a reverse lookup zone and it has the same PTR records as the primary DNS server.

What else can I check?
0
 
LVL 13

Expert Comment

by:martin_babarik
ID: 21779604
Thanks. Just to get a more clear idea about your network: are both servers domain controllers and is the zone AD integrated on both of them?
What is the ipconfig of both servers?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:LarryDAH
ID: 21779762
Both servers are Dcs and both have AD installed. Below is the ipconfig for the old server:

Windows IP Configuration
   Host Name . . . . . . . . . . . . : dah01
   Primary Dns Suffix  . . . . . . . : ourdomain.org
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : ourdomain.org

Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7760 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-0F-20-12-23-56
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.0.3
   DNS Servers . . . . . . . . . . . : 192.168.0.10
                                                 192.168.1.10
-------------------------------------------------------------------

The new server is:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : do-dns01
   Primary Dns Suffix  . . . . . . . : ourdomain.org
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ourdomain.org

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
   Physical Address. . . . . . . . . : 00-15-60-12-23-56
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Default Gateway . . . . . . . . . : 192.168.0.3
   DNS Servers . . . . . . . . . . . : 192.168.1.10
                                                 192.168.0.10
0
 
LVL 13

Expert Comment

by:martin_babarik
ID: 21779918
Thanks a lot. Are the zones AD integrated? If they are they will contain identical information.
Ipconfig output seems to be very correct, if I didn't overlooked something.
I recommend to try using "ipconfig /flushdns" on the computer from which you are trying to ping. Also check manually if there was created the PTR record in reverse lookup zone for both servers.
0
 

Author Comment

by:LarryDAH
ID: 21780116
How do I check if the AD zones are integrated? I used the wizard on the new server when I set up AD and DNS and I do not remember that it asked about intetration, I assume they would be.

Flushdns did not change the ping -a from just the server name on the new server. It still does not bring back the FQDN and it is using the new server as the logon server.

The servers are in different subnets. Both DNS servers are listed as Name Servers in the DNS for all subnets in the Reverse Lookup zones (and also as name servers under the domain name in the forward look up zones on both servers). Each DNS server is also listed in its own reverse lookup zone in its own subnet with a PTR and as a Name server, however in all the other subnets both DNS servers only have Name Servers and no PTR records.
0
 
LVL 13

Accepted Solution

by:
martin_babarik earned 500 total points
ID: 21780667
I also think so, but just to make sure: open the DNS console, expand forward lookup zones, select your zone, right click and choose "Properties". On the first tab you will see the zone type (should see Active Directory integrated).
Do the same for your reverse lookup zone on both servers.

Regarding the records - I think that's correct the way you have it.
But one thing that might be the cause of the problem - you have only Name servers record and no Host record - you need to have this one, otherwise the name resolution will not succeed. I think when you create these, it will work.
0
 

Author Comment

by:LarryDAH
ID: 21781451
I found the problem, but first to answer your questions. I looked and both DNS servers are marked as AD integrated. While under properties I looked under Zone Transfers and on the old server transfers are allowed to other servers listed on the Names servers tab (which does show the new DNS server) but on the new server that is not checked. Should I allow zone transfers from the new server to the old also?

Doing some research on FQDN I remembered that I can do nslookup to see my named servers and when I did that on the Blackberry server (where my original problem started)  that has used the new DNS server as the logon server it showed my a named server that was on the public side. I found that I had ATT (4.2.2.1) as my 3rd choice for a forwarder on the new server. Somehow the Blackberry server picked 4.2.2.1 and that is why my FQDN was not working. I had to change it in the registry to get it to go away but after I did that my Blackberry server could ping the new DNS server and get a FQDN
0
 
LVL 13

Expert Comment

by:martin_babarik
ID: 21781696
Good to hear you found a solution.
Regarding your question - to be honest I'm not sure, but as both zones are AD integrated, as far as I know there will be no more standard transfers and everything will be replicated through AD, so I guess you don't need to allow zone transfers at all.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Child domain picking up very stale DNS records 5 98
Computers Wont Join Domain 5 56
DNS Redirection 6 35
DHCP lease duration / Migration 8 53
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question