How do I completely remove DNS from Win2003 Svr?

Ok, here's the deal. I went out to help someone with a Windows 2003 Server that they had someone else already setup. The DNS appears to be completely messed up, so I'm thinking the best solution is to just remove it  and reinstall it, but I want to make sure all prior config data doesn't get recreated when I do that.

For starters, I'll show some of the event & diag results. I'm getting this in the event log:

"The zone %1 is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates. Explanation
The host address (A) resource record associated with the start of authority (SOA) resource record for this zone is missing. Host (A) resource records are used in a zone to associate DNS domain names of computers (hosts) to their IP addresses.
The host (A) resource record could be missing because it was not registered, because it was accidentally deleted, or because the SOA is preventing any host address (A) resource records from being registered.
User Action
Manually create a host (A) resource record using the DNS console and then inspect the SOA record to ensure that it is correct"

"The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication."

"The zone_msdcs.domain.local is configured to accept updatea but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. if the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates"

Here's the result of DCDIAG:

"E:\Program Files\Support Tools>dcdiag /test:DNS
Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site\DOMAIN-SERVER
      Starting test: Connectivity
            *** Warning: could not confirm the identity of this server in
               the directory versus the names returned by DNS servers.
               If there are problems accessing this directory server then
               you may need to check that this server is correctly registered
               with DNS
         ......................... DOMAIN-SERVER passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site\DOMAIN-SERVER
DNS Tests are running and not hung. Please wait a few minutes...
   Running partition tests on : TAPI3Directory
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running partition tests on : DOMAIN
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            Domain: DOMAIN.local

               TEST: Basic (Basc)
                  Error: The A record for this DC was not found
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
               TEST: Records registration (RReg)
                  Network Adapter [00000007] Broadcom BCM5708C NetXtreme II GigE
 (NDIS VBD Client):
                     Error: Missing A record at DNS server :
                     Warning: Missing DC SRV record at DNS server :
                     Warning: Missing GC SRV record at DNS server :
                     Warning: Missing PDC SRV record at DNS server
               Error: Record registrations cannot be found for all the network a
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
            Domain: DOMAIN.local
               DOMAIN-SERVER                PASS FAIL PASS PASS WARN FAIL n/a
         ......................... DOMAIN.local failed test DNS
E:\Program Files\Support Tools>"

So as you can see, a lot of problems here. For instance, DNS shows to be configured for dynamic update, but it's just not working. Also, I have no idea why there's the "TAPI3Directory" directory. That's one of the things that I want to go away.

So, here's what I've got in regards to flushing out DNS and any vestiges of the old config:

"-convert dns to primary zone (uncheck integrate with active directory)
-remove dns in configure your server
-remove dns folder from system32
-in system32\config remove netlogon.dnb and netlogon.dns
reinstall dns (configure your server) with the correct zone name

then at the command prompt:

ipconfig /registerdns
net stop netlogon
net start netlogon"

Does my game-plan sound about right, or am I missing something here? It just seems to me that whatever the problem is here, removing DNS and starting from scratch seems to be the best way to go. Sorry for the long winded post, but I'm  trying to provide as much info as possible for anyone willing to help.

Thanks, Brett

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Darius GhassemCommented:
Everything seems in order. The only thing is why did this problem occur. If you just delete the zone then this problem most likely will re-occur if you don't figure out what the problem was. A couple of things to check. Make sure the server points to itself for DNS and there aren't any external DNS servers listed in the TCP\IP properties. Make sure the actual IP addresss of the server is in the primary DNS server not the loop back address Can you expand the zone then do a screenshot and post. It seems that you might be missing the msdcs folder.
Terbo45Author Commented:
I think the person who was working on this server\network seems to be completely clueless, which is why it's all messed up. For instance, when I looked at the server for the first time, it did not even have a static IP assigned; it was getting it's address via DHCP, if you can believe that. There was also a linux firewall (IP Cop) that was plugged into a dumb switch, instead of between the ISP's router and the network. I also looked at the "configure your server" log, and for some unknown reason he tried to remove active directory month after the inital rollout. So, you can see why I just want to removce all of the garbage he did and start over.

To answer your questions, fes, the server is pointing to itself, and no external DNS servers are there, it's not using a loopback, and the msdcs folder is there. The A records are there too.
Darius GhassemCommented:
He didn't have anything right. What you have step by step is the correct way to do it. If you feel comfortable the issue was a setup problem and you have all the correct info entered in the server now then I would go for it. Is the msdcs listed under the zone?
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Terbo45Author Commented:
Here's the screenshots of the _msdcs folder and the local. I blacked out the domain info to retain privacy.

Darius GhassemCommented:
There is your issue the _msdcs should be under the zone not a top level zone. If you look the _msdcs folder under your zone is greyed out which means you need to remove the zone then re-add it to get this fixed but this is where the problem that you are having now exist.
Terbo45Author Commented:
When you say "remove", do you mean just simply right-clicking and selecting delete? Or can I just drag it to where it needs to be? I guess what I mean to ask is how do I recreate it?

Btw, thanks for your help.
Darius GhassemCommented:
See if you can pull the _msdcs folder back under the zone but usually you have to delete the _msdcs folder and the zone by right-clicking and deleting.
Terbo45Author Commented:
Ok, thanks. I'll try that shortly and let you know how it turns out.
Terbo45Author Commented:
Ok, this is strange. Now all of the prior event in my DNS log have gone away, but I'm still having an issue with DNS. The reason the problem was found in the first place was because I couldn't assign domain account permissions to the workstation's local admin group. When I try to do that, it just lists the local computer name, and not the AD domain. I can however see those accounts if I want to add them to the "Remote Desktop Users" group.

Here's what I do think is the crux of my problem. When I look at the server's computer name, I'm seeing under the "fulll computer name" the following: "", but the domain is listed as "domain.local". Now on the server I can ping both "" and "domain-server.domain.local", but on the workstation I can only ping "domain-server.domain.local" but NOT "". It gives me the "could not find host" error.
Terbo45Author Commented:
Ok, now I'm making progress. I just entered a record in the local machine's HOST file for "", and I was able to ping it now, and lo & behold, I can now add domain accounts to the local admin group on the workstation. So, I guess that's somewhat of a workaround, but I still don't think the workstations are able to to perform dynamic updates, but I guess I could just manually create the records, which is definitely not the correct way to do things. I'm thinking that if I just renamed the domain controller (it's the only server they have) to "domain-server.domain.local" that might solve my problem, or open the door to a whole bunch of new problems, which is what I don't want right now.

Any advice anyone?
Terbo45Author Commented:
I think it's fixed finally!! All I had to do is add a new forward lookup zone for "" and I removed the entry from the host file and now I can resolve the server's "com" address and I can add domain accounts to the local workstation groups. The only issue that I can see that's still left is that there's still no dynamic dns updates propagating. Any ideas?
Darius GhassemCommented:
Do you have dynamic updates setup?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Terbo45Author Commented:
I just checked, and the one machine I joined to the domain is dynamically updated, so now it's just a matter of going back and joining the remaining workstations to the domain. Thanks so much for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.