Solved: How can i fix my DNS?

First thing to check is where the workstations are looking for their DNS:

Do an IPCONFIG /all and see what the PCs are pointing to for their DNS, I suspect you may have them going out to Internet servers first.

epipkin

ASKER

I have completely redone my DHCP and it is handing out the DNS as the server itself as it should be. I cannot seem to get the DNS to function correctly. Any suggestions? Thanks in advance for your help.

Randy_Bojangles

From command prompt on a PC:

NSLOOKUP <return>

make sure that the server name / IP it comes back with are those of your internal DNS

now type servername.domain.name (whatever they may be) and hit return

make sure this comes back with the correct result

epipkin

ASKER

i have run nslookup and it seems to return ok. i now have a new very strange situation. my dhcp range is attached. when a 10.18.15.x address is sent out it, it is sent with my ISP dns and our internet works fine. however, if a machine pulls another address and uses our DNS, we have huge issues and i cannot seem to figure out why my part of my dhcp is acting differently than other parts.... i am really confused...
dhcp.jpg
dns.jpg
dhcp.jpg
nslookup.jpg

Randy_Bojangles

Your DHCP server should give clients ONLY DNS on your domain

The DNS server itself should then have a forwarder defined on it to point at your ISP

Your DHCP errors look like you have some statics that it is clashing with. Set all PCs to DHCP, release and renew and see if you can calm DHCP down

epipkin

ASKER

We have them set to DHCP and have performed the release and renew and we are still having DNS problems. When joining machines to the domain, it takes an extremely long time to join. Everything i've seen points to a DNS problem. But everything i've checked seems ok. But there is obviously a problem somewhere. The performance is not there.

Randy_Bojangles

you said in the previous post that DHCP was giving out ISP DNS to make the internet work - this will crucify local access

post a result of IPCONFIG /all from an affected PC please

Thorbear_Icemountain

You should configure conflict attempts value for you DHCP to "2" to avoid DHCP confilcts. Restart the netlogon service to ensure SRV-records are ok. Ensure Internet connectivity on the server. Check the scope options and the DNS server options..

epipkin

ASKER

We have removed the DHCP role, re added it, tried to edit the scope and everytime it hands out an address, it is handing out 10.18.15.x and the ISP DNS instead of itself as a DNS. Also, any other IP that a workstation has the DNS as the server, there is no internet. The forwarders look ok. We have succesfully stumped multiple people with this one. Why is it even handing out IP address that are in the middle of the scope instead of starting at the beginning?
joining.bmp
dhcp.bmp

Yossarian-22

Install the support tools from the server CD. Then run "netdiag /fix" and "dcdiag /fix".
If any domain relevant entries are missing in the DNS, these tools will automatically add them. Perhaps this solves your problem.

Yossarian-22

I forgot: you need to run this on the server.

Randy_Bojangles

You can see from the IPCONFIG result that the DHCP server it gets settings from is 10.18.254.1 and the DNS servers are internet servers. Thi sis not the IP address of your DHCP server on your Windows box (from previous screenshot)

As 10.18.254.1 is also your default gatewayI'm willing to bet this is your router and thus the cause of your problems

Turn off the DHCP server on the router and you should be able to troubleshoot as per all of the above posts

epipkin

ASKER

C:\Program Files\Support Tools>netdiag /fix

..................................

Computer Name: ITTLMC1
DNS Host Name: ittlmc1.trilakesmc.com
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : EM64T Family 6 Model 15 Stepping 11, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB926139-v2
KB927891
KB929123
KB930178
KB932168
KB933729
KB935839
KB935840
KB936357
KB936782
KB938127
KB938464
KB941569
KB943055
KB943460
KB943485
KB943545
KB944338-v2
KB944653
KB945553
KB946026
KB948496
KB950762
KB950974
KB951066
KB951698
KB951748
KB952069
KB952954
KB954211
KB954550-v7
KB954600
KB955069
KB955839
KB956391
KB956802
KB956803
KB956841
KB957097
KB958215
KB958644
KB958687
KB960714
Q147222

Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'Intel(R) PRO/1000 PF Server Adapter' may not be work
ing.

Per interface results:

Adapter : Local Area Connection 2

Netcard queries test . . . : Failed
NetCard Status: DISCONNECTED
Some tests will be skipped on this interface.

Host Name. . . . . . . . . : ittlmc1
Autoconfiguration IP Address : 169.254.183.71
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : ittlmc1
IP Address . . . . . . . . : 10.18.18.3
Subnet Mask. . . . . . . . : 255.255.0.0
Default Gateway. . . . . . : 10.18.254.1
Dns Servers. . . . . . . . : 10.18.18.3

AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.

Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
2 NetBt transports currently configured.

Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
[WARNING] Cannot find a primary authoritative DNS server for the name
'ittlmc1.trilakesmc.com.'. [ERROR_TIMEOUT]
The name 'ittlmc1.trilakesmc.com.' may not be registered in DNS.
PASS - All the DNS entries for DC are registered on DNS server '10.18.18.3'
and other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
The redir is bound to 2 NetBt transports.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FBB51E18-CAE3-4642-A756-A84EFDF37302}
NetBT_Tcpip_{CE4703CD-4E08-4AA2-8678-3786D51F2CFC}
The browser is bound to 2 NetBt transports.

DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.

Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information

The command completed successfully

C:\Program Files\Support Tools>dcdiag /fix

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\ITTLMC1
Starting test: Connectivity
......................... ITTLMC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\ITTLMC1
Starting test: Replications
......................... ITTLMC1 passed test Replications
Starting test: NCSecDesc
......................... ITTLMC1 passed test NCSecDesc
Starting test: NetLogons
......................... ITTLMC1 passed test NetLogons
Starting test: Advertising
......................... ITTLMC1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... ITTLMC1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... ITTLMC1 passed test RidManager
Starting test: MachineAccount
......................... ITTLMC1 passed test MachineAccount
Starting test: Services
......................... ITTLMC1 passed test Services
Starting test: ObjectsReplicated
......................... ITTLMC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... ITTLMC1 passed test frssysvol
Starting test: frsevent
......................... ITTLMC1 passed test frsevent
Starting test: kccevent
......................... ITTLMC1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000416
Time Generated: 02/13/2009 04:24:22
Event String: The DHCP/BINL service on the local machine,
An Error Event occured. EventID: 0x00000416
Time Generated: 02/13/2009 04:25:07
Event String: The DHCP/BINL service on the local machine,
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 04:46:16
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 04:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 04:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 04:46:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 05:03:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 05:03:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 05:03:56
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 02/13/2009 05:07:36
(Event String could not be retrieved)
......................... ITTLMC1 failed test systemlog
Starting test: VerifyReferences
......................... ITTLMC1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : trilakesmc
Starting test: CrossRefValidation
......................... trilakesmc passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... trilakesmc passed test CheckSDRefDom

Running enterprise tests on : trilakesmc.com
Starting test: Intersite
......................... trilakesmc.com passed test Intersite
Starting test: FsmoCheck
......................... trilakesmc.com passed test FsmoCheck

C:\Program Files\Support Tools>

epipkin

ASKER

um............................ wow.... anything in there i need to address?? lol i'm new to server and domains... be gentle.....

Randy_Bojangles

Definitely your router giving out DHCP is screwing you up!

Kaffiend

Dude, just look at the results of ipconfig.

Your DHCP server is also your default gateway !!

It's a networking issue.

The BAD ADDRESSes in DHCP indicate that there is another DHCP server on your network. Turn off DHCP on your firewall or router.

Randy_Bojangles

Definitely DHCP problem - I know that's the 3rd time I have said it but cant stress it enough

epipkin

ASKER

we found the router issuing IP addresses and resolved that issue. however, when we do get addresses now from the server, we have no internet - server does - but clients do not.... help....

Randy_Bojangles

make sure the clients get the router as their default gateway, server as their DNS and make sure the server has a DNS forwarder to an Internet DNS server (or two)

epipkin

ASKER

that has been verified... they are pulling the correct info but still no internet and the workstations are still taking forever joining domain....

Randy_Bojangles

can you ping internet addresses from the workstaions by IP address and/or by name?

If by IP but not by name then you have DNS problems still

If by name resolves but cant get a reply then you have connectivity issue (likely dont have a route to Internet)

epipkin

ASKER

The server turned out to be running great. Our router didn't have the route built in. THANK YOU!!!

Randy_Bojangles

Somewhat disgruntled that, having worked all through this problem have been allocated no points when I had pointed out the same thing as the accepted solution in a previous post

Kaffiend

Randy,

I understand your frustration. It's happened to me too. FWIW, I do recognise that your questions and the answers the poster provided were a big part of the solution to this problem.

Randy_Bojangles

Just blowing off steam really - ultimately I'm happy that they got a solution