DNS: some servers missing from DNS console, how to re-add?

I am using Windows Server 2003 and running three domain controllers. Something has gone a bit wonky on my DNS console and I'm wondering the best/easiest way to restore things.

Let's assume the following:
dc1.contoso.com
dc2.contoso.com
dc3.contoso.com

Question 1:
Short: I am wondering if the GUID CNAME entry for a newly entered nameserver on SOA will be created automatically.

From the DNS console on dc1.contoso.com, under the section _msdcs.contoso.com.local I noticed the following:
(same as parent folder)     Start of Authority (SOA)  ...
(same as parent folder)     Name Server (NS)   dc1.contoso.com.local
(same as parent folder)     Name Server (NS)   dc2.contoso.com.local

dc3.contoso.com.local was not listed so I double clicked on Start of Authority and added
dc3.contoso.com.local in the nameservers section.

I am also noticing
283fd5c3 -... [guid]              Alias(CNAME)   dc1.contoso.com

Question 2:
I recently set up a third DC, dc3.contoso.com. It is no longer appearing in the DNS console nor in the list of DCs in the DNS cosole. Previously the zones were replicating to it.  I am wondering what the easiest way to get it reattached would be. It was newly set  up so I could probably depromote it and repromote it if necessary, though I would prefer to know if there is another way. It is listed as a Name Server in the _msdcs.contoso.com.local  Forward Lookup Zone. Ideas?

Thanks for all the help, folks.

LVL 6
kennethfineAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

'lo there :)

You have a lot of questions now, attempting to go through in order so please forgive any repetition.

> Short: I am wondering if the GUID CNAME entry for
> a newly entered nameserver on SOA will be created automatically.

For an AD Integrated Zone which permits Dynamic Updates NS records should be automatically maintained.

The same applies for the CNAME record, as pointed out by Doc it should be registered dynamically by the NetLogon service.

They're actually two separate issues.

For the NS Record, verify that dc3 has the DNS Service installed, and that it refers to a valid IP for the Name Server in TCP/IP configuration.

> I recently set up a third DC, dc3.contoso.com. It is no longer
> appearing in the DNS console nor in the list of DCs in the DNS cosole.

It won't appear in the DNS Console (as a server node) automatically, you'd have to add it. That's purely console level though, nothing to do with whether DNS is working.

When you say the list of DCs, you mean the Name Server list? Or the servers with (same as parent folder) listed? Or are you referring to the service records?

> I went to intodns.com and noted three errors which may point to
> the heart of the problem:

Not really, ignore them. Those tests are only remotely valid for public DNS zones, they won't help with this private one.

Can you post the Replication Scope set for each of the zones you have in DNS Manager?

Can you run DCDiag and NetDiag to see if there are any more general issues? Because DNS replicates through AD problems there can impact on DNS.

Chris
0
 
kennethfineAuthor Commented:
Blah, the second half of question #1, which I omitted, was whether I need to worry about creating a GUID-equipped CNAME entry for my newly entered nameserver. Thanks.
0
 
DocCan11Commented:
I have a couple of questions.. first I assume all your DC's are running DNS correct?

The easiest way of adding all the missing records is to start and stop the netlogon service on the DC's.. this will cause them to try and update their DNS records..
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
kennethfineAuthor Commented:
Thanks DocCan11. All are running DNS.
DC3 is not appearing as a machine in DC1's dnsmgmt console. It does show up when I try to connect but it wasn't appearing automatically. Not sure if that's an issue or not.

DC2 is not listed in the _msdcs.contoso.com.local's list of nameservers, nor is there an Alias(CNAME) record corresponding to it. I am wondering how to add it.

If it is easiest should I simply demote and repromote both dc2 and dc3? It would be nice to know how to fix this "by hand"

Thanks.
0
 
kennethfineAuthor Commented:
I went to intodns.com and noted three errors which may point to the heart of the problem:

Missing nameservers reported by parent FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
dc1.contoso.com.local
dc2.contoso.com.local
dc3.contoso.com.local
 
 Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
admin.contoso.com
www.contoso.com 
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).  

WARNING: SOA MNAME (dc1.contoso.com.local) is not listed as a primary nameserver at your parent nameserver!

Confusing. Any help out there? Thanks...
0
 
kennethfineAuthor Commented:
Another thing I have noticed, which may also point to the heart of the problem:
For dc1, In the _msdcs.contoso.com.local section of the forward lookup zones, dc1 and dc3 are listed as NS and CNAME records
For dc2, in the _msdcs.contoso.com.local section of the forward lookup zones, dc2 (!!!ITSELF) is NOT listed as NS and CNAME records. dc2 is NOT replicating zones.
For dc3, in the _msdcs.contoso.com.local section of the forward lookup zones, dc3 IS listed. dc3 IS replicating zones successfully from dc1.

Ideas?
Thanks
0
 
DocCan11Connect With a Mentor Commented:
are all zones AD integrated?
0
 
kennethfineAuthor Commented:
( Increasing points for this request by 100. )
hmmm, pretty weird. I looked in the forward lookup zones for all three machines and they are all listed at "Active Directory -- Integrated Primary". However!!! I noticed the following, possibly significant issues:

Repeating some info: ds1.contoso.com and ds3.contoso.com are replicating, ds2.contoso.com is not.  

1) Attempts to connect to the DNS on ds1 FROM ds2 or ds3 using the DNS manager yeilds the following weird message:  "The computer you tried to add is not a DNS server running Windows 2000 or later. This version of the DNS console can administer the DNS server service only on computers running these operating systems. Would you like to add it anyway?

2) attempts to connect to the DNS on ds1 FROM ds2 using the DNS manager yeilds the weird message, but it also will not connect if I specify only the machine name. I have to specify the FQDN for it to attempt the connection (and yeild the message above).


0
 
kennethfineAuthor Commented:
Thanks. Awarding you points for this and continuing the discussion in the second thread, which you both have participated in.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.