Go Premium for a chance to win a PS4. Enter to Win


DNS: some servers missing from DNS console, how to re-add?

Posted on 2008-06-19
Medium Priority
Last Modified: 2012-05-05
I am using Windows Server 2003 and running three domain controllers. Something has gone a bit wonky on my DNS console and I'm wondering the best/easiest way to restore things.

Let's assume the following:

Question 1:
Short: I am wondering if the GUID CNAME entry for a newly entered nameserver on SOA will be created automatically.

From the DNS console on dc1.contoso.com, under the section _msdcs.contoso.com.local I noticed the following:
(same as parent folder)     Start of Authority (SOA)  ...
(same as parent folder)     Name Server (NS)   dc1.contoso.com.local
(same as parent folder)     Name Server (NS)   dc2.contoso.com.local

dc3.contoso.com.local was not listed so I double clicked on Start of Authority and added
dc3.contoso.com.local in the nameservers section.

I am also noticing
283fd5c3 -... [guid]              Alias(CNAME)   dc1.contoso.com

Question 2:
I recently set up a third DC, dc3.contoso.com. It is no longer appearing in the DNS console nor in the list of DCs in the DNS cosole. Previously the zones were replicating to it.  I am wondering what the easiest way to get it reattached would be. It was newly set  up so I could probably depromote it and repromote it if necessary, though I would prefer to know if there is another way. It is listed as a Name Server in the _msdcs.contoso.com.local  Forward Lookup Zone. Ideas?

Thanks for all the help, folks.

Question by:kennethfine
  • 6
  • 2

Author Comment

ID: 21827259
Blah, the second half of question #1, which I omitted, was whether I need to worry about creating a GUID-equipped CNAME entry for my newly entered nameserver. Thanks.

Expert Comment

ID: 21827293
I have a couple of questions.. first I assume all your DC's are running DNS correct?

The easiest way of adding all the missing records is to start and stop the netlogon service on the DC's.. this will cause them to try and update their DNS records..

Author Comment

ID: 21827381
Thanks DocCan11. All are running DNS.
DC3 is not appearing as a machine in DC1's dnsmgmt console. It does show up when I try to connect but it wasn't appearing automatically. Not sure if that's an issue or not.

DC2 is not listed in the _msdcs.contoso.com.local's list of nameservers, nor is there an Alias(CNAME) record corresponding to it. I am wondering how to add it.

If it is easiest should I simply demote and repromote both dc2 and dc3? It would be nice to know how to fix this "by hand"

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 21827403
I went to intodns.com and noted three errors which may point to the heart of the problem:

Missing nameservers reported by parent FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
 Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).  

WARNING: SOA MNAME (dc1.contoso.com.local) is not listed as a primary nameserver at your parent nameserver!

Confusing. Any help out there? Thanks...

Author Comment

ID: 21827464
Another thing I have noticed, which may also point to the heart of the problem:
For dc1, In the _msdcs.contoso.com.local section of the forward lookup zones, dc1 and dc3 are listed as NS and CNAME records
For dc2, in the _msdcs.contoso.com.local section of the forward lookup zones, dc2 (!!!ITSELF) is NOT listed as NS and CNAME records. dc2 is NOT replicating zones.
For dc3, in the _msdcs.contoso.com.local section of the forward lookup zones, dc3 IS listed. dc3 IS replicating zones successfully from dc1.


Assisted Solution

DocCan11 earned 300 total points
ID: 21827724
are all zones AD integrated?

Author Comment

ID: 21827792
( Increasing points for this request by 100. )
hmmm, pretty weird. I looked in the forward lookup zones for all three machines and they are all listed at "Active Directory -- Integrated Primary". However!!! I noticed the following, possibly significant issues:

Repeating some info: ds1.contoso.com and ds3.contoso.com are replicating, ds2.contoso.com is not.  

1) Attempts to connect to the DNS on ds1 FROM ds2 or ds3 using the DNS manager yeilds the following weird message:  "The computer you tried to add is not a DNS server running Windows 2000 or later. This version of the DNS console can administer the DNS server service only on computers running these operating systems. Would you like to add it anyway?

2) attempts to connect to the DNS on ds1 FROM ds2 using the DNS manager yeilds the weird message, but it also will not connect if I specify only the machine name. I have to specify the FQDN for it to attempt the connection (and yeild the message above).

LVL 71

Accepted Solution

Chris Dent earned 750 total points
ID: 21829719

'lo there :)

You have a lot of questions now, attempting to go through in order so please forgive any repetition.

> Short: I am wondering if the GUID CNAME entry for
> a newly entered nameserver on SOA will be created automatically.

For an AD Integrated Zone which permits Dynamic Updates NS records should be automatically maintained.

The same applies for the CNAME record, as pointed out by Doc it should be registered dynamically by the NetLogon service.

They're actually two separate issues.

For the NS Record, verify that dc3 has the DNS Service installed, and that it refers to a valid IP for the Name Server in TCP/IP configuration.

> I recently set up a third DC, dc3.contoso.com. It is no longer
> appearing in the DNS console nor in the list of DCs in the DNS cosole.

It won't appear in the DNS Console (as a server node) automatically, you'd have to add it. That's purely console level though, nothing to do with whether DNS is working.

When you say the list of DCs, you mean the Name Server list? Or the servers with (same as parent folder) listed? Or are you referring to the service records?

> I went to intodns.com and noted three errors which may point to
> the heart of the problem:

Not really, ignore them. Those tests are only remotely valid for public DNS zones, they won't help with this private one.

Can you post the Replication Scope set for each of the zones you have in DNS Manager?

Can you run DCDiag and NetDiag to see if there are any more general issues? Because DNS replicates through AD problems there can impact on DNS.


Author Closing Comment

ID: 31469008
Thanks. Awarding you points for this and continuing the discussion in the second thread, which you both have participated in.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question