Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Name resolution on domain is not working correctly

Posted on 2009-04-02
10
Medium Priority
?
295 Views
Last Modified: 2012-05-06
Hi.
My company has one main office and several branch offices.
In the main office we have the DC, a Windows 2003 server, which is also the primary DNS server for the PC's in that area. In one of the branch offices we have a Windows 2003 Server which acts as a DNS slave. This is the primary DNS server for the PC's in that area. The DNS slave used to be a Linux machine with BIND DNS daemon, but was replaced a few months back with the Windows machine.
What happened after the replacement was that PC's both at the main office and at the branch office have problems resolving internal addresses. It looks as if WINS is still working because we can ping COMPUTERNAME, but not COMPUTERNAME.some.domain. The only solution is to run the command 'net stop dnscache' on the clients. Then it works. Afterwards we can turn the dnscache on again and it will still work, but we always have to turn it off after booting the PC's.
Does anyone have an idea on what is going on?
0
Comment
Question by:Ole_Brun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 6

Expert Comment

by:meugen
ID: 24047376
have you tried to use as a primary DNS on the branch PCs the DNS from the main office?
0
 

Author Comment

by:Ole_Brun
ID: 24048262
Well, users not using the DNS server from branch office are also having the same problem...
But I have changed now on one of the machines. Will report back my findings.
0
 
LVL 3

Expert Comment

by:nskurs
ID: 24048267
Couple of things to get clear picture...

1. Is the NSLOOKUP resolves FQDN(COMPUTERNAME.some.domain) and Hostname (COMPUTERNAME) ??

2. Do you have DNS suffix inplace?

- Cheers!
0
What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24049770
Please help me understand your environment.  Is the zone for the domain Active Direcory Intigrated.  If so the DNS server in the branch office is the same as a primary.  The reason I ask this is I wanted to know where your clients are registering their records.  If it is AD intergrated then the clients are registering the records locally if not thy have to go across the WAN to register their records.  Then they have to be transfered to the local DNS server.
0
 

Author Comment

by:Ole_Brun
ID: 24058345
To answer nskurs first:
1. Before doing a 'net stop dnscache' nslookup will not resolve FQDN, but Hostname is ok.
2. Yes, suffic is inplace

MSE-JNegus:
Not sure what you mwan by integerated, but the server in the branch office is not setup to be a DC. Only the DNS service has been added. It is merely a slave zone, and no computer is registering with this server. the only reason for having it is to speed up lookups for local machines.

Btw, I tried changing primary dns on one machine to be the DC, but the problem remains.
That makes me believe that the backup dns server might not be the problem after all.
Or what do you think?
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24059250
What do you mean by the term slave.  The DNS server in the Branch office is either a secondary server, ie it has a read only copy of the zone in the main office, if so please verify the zone is actually a secondary zone. Or, it is a caching server, ie: it has no zone and forwards all requests to the main office DNS server and caches the response.

When running nslookup verify which DNS server nslookup is using to resolve your query.  Please confirm if it is your local DNS Server or your Primary
0
 

Author Comment

by:Ole_Brun
ID: 24059940
I'm used to BIND dns server... Slave means secondary server.

I just did a nslookup mail.domain.com, and it resolved just fine to the internal ip address!
Then I did a ping mail.domain.com which resolved in the EXTERNAL address for the domain.

You see out dns servers resolve internal addresses (192.168.x.x). However the ISP is hosting the dns for our external addresses. So internally mail.domain.com resolves to 192.168.x.x whereas externally it is 213.225.x.x.
So when doing a nslookup the internal address is shown, whereas ping gives me the external one...
0
 
LVL 5

Accepted Solution

by:
MSE-JNegus earned 1000 total points
ID: 24060072
This could be your problem.  Your clients need to reslove the internal addresses.  Have you configured your clients with a preferred and alternate DNS servers.  If so is one of the alternates your ISPs DNS server.  This is a no no.  You should have your preferred as your local DNS server and your alternate as your DNS server in the main office.
0
 
LVL 5

Expert Comment

by:MSE-JNegus
ID: 24060101
You should also check to see if the external record exists in the zone.
0
 

Author Closing Comment

by:Ole_Brun
ID: 31565670
Yes, one external DNS server was actually configured in the DHCP server. Removed that, and now everything is back to normal :) I guess that mistake was done when we upgraded the firewalls a while back.
Thanks for your help!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question