Solved

DNS: some servers missing from DNS console, how to re-add?

Posted on 2008-06-19
9
1,333 Views
Last Modified: 2012-05-05
I am using Windows Server 2003 and running three domain controllers. Something has gone a bit wonky on my DNS console and I'm wondering the best/easiest way to restore things.

Let's assume the following:
dc1.contoso.com
dc2.contoso.com
dc3.contoso.com

Question 1:
Short: I am wondering if the GUID CNAME entry for a newly entered nameserver on SOA will be created automatically.

From the DNS console on dc1.contoso.com, under the section _msdcs.contoso.com.local I noticed the following:
(same as parent folder)     Start of Authority (SOA)  ...
(same as parent folder)     Name Server (NS)   dc1.contoso.com.local
(same as parent folder)     Name Server (NS)   dc2.contoso.com.local

dc3.contoso.com.local was not listed so I double clicked on Start of Authority and added
dc3.contoso.com.local in the nameservers section.

I am also noticing
283fd5c3 -... [guid]              Alias(CNAME)   dc1.contoso.com

Question 2:
I recently set up a third DC, dc3.contoso.com. It is no longer appearing in the DNS console nor in the list of DCs in the DNS cosole. Previously the zones were replicating to it.  I am wondering what the easiest way to get it reattached would be. It was newly set  up so I could probably depromote it and repromote it if necessary, though I would prefer to know if there is another way. It is listed as a Name Server in the _msdcs.contoso.com.local  Forward Lookup Zone. Ideas?

Thanks for all the help, folks.

0
Comment
Question by:kennethfine
  • 6
  • 2
9 Comments
 
LVL 6

Author Comment

by:kennethfine
ID: 21827259
Blah, the second half of question #1, which I omitted, was whether I need to worry about creating a GUID-equipped CNAME entry for my newly entered nameserver. Thanks.
0
 
LVL 6

Expert Comment

by:DocCan11
ID: 21827293
I have a couple of questions.. first I assume all your DC's are running DNS correct?

The easiest way of adding all the missing records is to start and stop the netlogon service on the DC's.. this will cause them to try and update their DNS records..
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21827381
Thanks DocCan11. All are running DNS.
DC3 is not appearing as a machine in DC1's dnsmgmt console. It does show up when I try to connect but it wasn't appearing automatically. Not sure if that's an issue or not.

DC2 is not listed in the _msdcs.contoso.com.local's list of nameservers, nor is there an Alias(CNAME) record corresponding to it. I am wondering how to add it.

If it is easiest should I simply demote and repromote both dc2 and dc3? It would be nice to know how to fix this "by hand"

Thanks.
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21827403
I went to intodns.com and noted three errors which may point to the heart of the problem:

Missing nameservers reported by parent FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
dc1.contoso.com.local
dc2.contoso.com.local
dc3.contoso.com.local
 
 Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
admin.contoso.com
www.contoso.com
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).  

WARNING: SOA MNAME (dc1.contoso.com.local) is not listed as a primary nameserver at your parent nameserver!

Confusing. Any help out there? Thanks...
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21827464
Another thing I have noticed, which may also point to the heart of the problem:
For dc1, In the _msdcs.contoso.com.local section of the forward lookup zones, dc1 and dc3 are listed as NS and CNAME records
For dc2, in the _msdcs.contoso.com.local section of the forward lookup zones, dc2 (!!!ITSELF) is NOT listed as NS and CNAME records. dc2 is NOT replicating zones.
For dc3, in the _msdcs.contoso.com.local section of the forward lookup zones, dc3 IS listed. dc3 IS replicating zones successfully from dc1.

Ideas?
Thanks
0
 
LVL 6

Assisted Solution

by:DocCan11
DocCan11 earned 100 total points
ID: 21827724
are all zones AD integrated?
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21827792
( Increasing points for this request by 100. )
hmmm, pretty weird. I looked in the forward lookup zones for all three machines and they are all listed at "Active Directory -- Integrated Primary". However!!! I noticed the following, possibly significant issues:

Repeating some info: ds1.contoso.com and ds3.contoso.com are replicating, ds2.contoso.com is not.  

1) Attempts to connect to the DNS on ds1 FROM ds2 or ds3 using the DNS manager yeilds the following weird message:  "The computer you tried to add is not a DNS server running Windows 2000 or later. This version of the DNS console can administer the DNS server service only on computers running these operating systems. Would you like to add it anyway?

2) attempts to connect to the DNS on ds1 FROM ds2 using the DNS manager yeilds the weird message, but it also will not connect if I specify only the machine name. I have to specify the FQDN for it to attempt the connection (and yeild the message above).


0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 21829719

'lo there :)

You have a lot of questions now, attempting to go through in order so please forgive any repetition.

> Short: I am wondering if the GUID CNAME entry for
> a newly entered nameserver on SOA will be created automatically.

For an AD Integrated Zone which permits Dynamic Updates NS records should be automatically maintained.

The same applies for the CNAME record, as pointed out by Doc it should be registered dynamically by the NetLogon service.

They're actually two separate issues.

For the NS Record, verify that dc3 has the DNS Service installed, and that it refers to a valid IP for the Name Server in TCP/IP configuration.

> I recently set up a third DC, dc3.contoso.com. It is no longer
> appearing in the DNS console nor in the list of DCs in the DNS cosole.

It won't appear in the DNS Console (as a server node) automatically, you'd have to add it. That's purely console level though, nothing to do with whether DNS is working.

When you say the list of DCs, you mean the Name Server list? Or the servers with (same as parent folder) listed? Or are you referring to the service records?

> I went to intodns.com and noted three errors which may point to
> the heart of the problem:

Not really, ignore them. Those tests are only remotely valid for public DNS zones, they won't help with this private one.

Can you post the Replication Scope set for each of the zones you have in DNS Manager?

Can you run DCDiag and NetDiag to see if there are any more general issues? Because DNS replicates through AD problems there can impact on DNS.

Chris
0
 
LVL 6

Author Closing Comment

by:kennethfine
ID: 31469008
Thanks. Awarding you points for this and continuing the discussion in the second thread, which you both have participated in.
0

Join & Write a Comment

Synchronize a new Active Directory domain with an existing Office 365 tenant
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now