Solved

DNS re-config

Posted on 2008-10-10
7
282 Views
Last Modified: 2011-10-19
I am a new admin at a small company with just one server, Win Server 2003R2.  This server does everything, DHCP, DNS, File and print, and Exchange.

I notices a number of DNS errors in the event logs: The dynamic registration of the DNS record '_ldap._tcp.h2o-law.com. 600 IN SRV 0 100 389 server.h2o-law.com.' failed on the following DNS server:  

DNS server IP address: 89.187.67.184
Returned Response Code (RCODE): 5
Returned Status Code: 9017

Looking at the DNS I was horrified with what I saw - see attched image file.
Given that this server is absolutely mission critical and that there is no other dns server in the business, and it is running IIS and Exchange,  I just want confirmation that my thoughts on how to get the DNS into a more sensible config is right.

Only missing piece of information is that nobody seems to know the IP addresses of the ISP DNS servers.

Please tell me how you would change the config of the DNS and TC/IP of the NIC.

Thanks

Apt-it
dns1.jpg
0
Comment
Question by:apt-it
  • 3
  • 2
  • 2
7 Comments
 
LVL 2

Assisted Solution

by:Matt1705
Matt1705 earned 200 total points
ID: 22690216
There are a couple of things I would do...

1. Document the existing configuration! THis photo is nice...
2. Attempt to determine if the forwarders have a purpose.  They may have been added for a good reason.
3. If the forwarders have no purpose, delete them.
4. Change the dns entries on your server so that it points to itself.  There should be no other DNS entries except the one pointing to itself.

You may also want to look at dhcp to determine what DNS servers are configured.
0
 
LVL 2

Expert Comment

by:Matt1705
ID: 22690255
A second note, you shouldn't need the IP addresses of the ISP DNS servers.  This server should work fine without them.
0
 

Author Comment

by:apt-it
ID: 22690602
Matt1705,  many thanks for your input.  

Regarding the purpose of the forwarders, I can't imaging any point to an address like 10.0.0.254 since this won't route.  Can you suggest any possible reasons for the others and/or how I could go about findinig out their purpose?

Cheera
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 22693364

The servers listed are:

Address:  80.248.178.131
Server:  henry.therocketshop.co.uk

Address:  91.186.3.142
Server:  ns1.therackhouse.net

Do the names mean anything to you at all? They do both respond to recursive queries (meaning they are or should be valid forwarders). It's up to you if you want to keep those.

If you don't have Forwarders configured the server will use Root Hints to resolve public requests.

> you shouldn't need the IP addresses of the ISP DNS servers

I would probably be a bit stronger with that :) You should not have DNS servers listed in TCP/IP configuration if they cannot provide an authoritative answer for the AD domain.

If the organisation can afford it an additional Domain Controller would be a real benefit.

Chris
0
 

Author Comment

by:apt-it
ID: 22694860
Chris,

Once again, many thanks for your input which is much appreciated.  I also had checked the nslookup for the two IP addresses you mention.  They are dns forwarders for a local co-location service provider who have had dealings with the business, so they could be valid fowarders though, as you say, it may be just as good to use the Root Hint servers, though I  believe this may cause a small performance hit on DNS resolution.

Can you think of any reason why someone would put 10.0.0.254 in the forwarders, or does this just point to incompetence on the part of whoever set up the DNS?

My inclination is, then, (A)  to take out the alternate DNS server in the TCP/ip properties as the server should only point to itself; (B) to remove 10.0.0.254 as this is meaningless, (C), to keep 91.186.3.142 and add 89.187.67.184 to the forwarders as these are the primary and secondary DNS servers belonging to therackhouse.

Does this sound like a good plan to you??

My last question is - do you think that these changes will remedy the Event Log error I reported in my first posting, ID 5774 source, NETLOGON?

Really appreciate you help as I am working alone and need to get this right.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 300 total points
ID: 22696839

Regarding 10.0.0.254. It could have been a Firewall or other internal device capable of handling DNS requests. I'd be hesitant to say incompetence, but that is a possibility if nothing else comes to light :)

That sounds like an excellent plan. And it should resolve the errors provided that an authoritative zone exists for the name it's trying to register.

Chris
0
 

Author Closing Comment

by:apt-it
ID: 31505166
Gents, many thanks for your help - much appreciated!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question