Setting up DNS for new forest in new domain

I installed Windows 2008 and set IP and Preferred DNS to the same address,

Add AD as a role.

Ran DCPROMO and selected new domain in new forest.  There's no other server in the network.

After reboot, I ran ipconfig/all.

DNS shows as ::1

nslookup times out with unknown domain and ::1.

Clients can ping server, but not server.domain.local

How do I get rid of the ::1 as the primary DNS?

Who is Participating?
767WuLiMasterConnect With a Mentor Author Commented:
Problem Solved!!

Was able to use dnsmngr to query records in dns and confirm that server.domain.local was listed in Host(A) record with IP

Tried turning off the firewall on the client and was able to join client to the domain.  Turned server firewall back on and clients still able to join domain.

Client firewall as AVG commercial version, which cannot be installed on Windows Server and it looks like it all interfers in a domain.  Need to check some firewall parameters to see if there's anything there blocking joining a domain.

Thanks for your help.
This is an IPv6 address!

If you dont plan to use IPv6 just diable it, it makes things easier.
::1 is the IPv6 loopback address.

Disable IPv6 on the properties of the network connection, or go into the properties of the network connection / IPv6 and remove the entry for the preferred DNS server.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

767WuLiMasterAuthor Commented:
OK, that got rid of the ::1.

However, client still can't ping server.domain.local.

nslookup on server shows:
server unknown
Are all your machines in the 169.254.x.x subnet? This is the APIPA address given to clients that are configured for DHCP when no DHCP server is available.

While technically the APIPA subnet should work I'd configure your DC to a static IP address and set up a DHCP scope for your clients on a private subnet such as This is an aside to your problem though I imagine.

I would also disable windows firewall on the DC to eliminate this as a problem.

Have you configured the clients to look to the server as their preferred DNS server? They can ping 'server' be NetBIOS name resolution, but 'server.neptune.local' requires DNS.
.. I meant 'server.domain.local' - oops :0)
767WuLiMasterAuthor Commented:
Firewall is turned off on server.

Clients have static IP 169.254.1.x and have as their preferred DNS.
Clients can ping server, but can't ping server.domain.local
On the DC, run

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Give it a few moments then check in the forward lookup zone for your domain in the DNS console. Is there a Host (A) record for server.domain.local pointing to the correct IP address? If there is, on a client, run ipconfig /flushdns and try to ping the server by FQDN again.

See if that helps.
767WuLiMasterAuthor Commented:
If I look at properties under the forwarding zone, it shows the proper FQDN but IP address Unknown.
Did you disable IPv6 or just remove the DNS server entry? I would actually disable it by un-checking it in the list under the network connection properties.

Delete the Host (A) record and run the four commands above again. Then check what record appears in DNS.
767WuLiMasterAuthor Commented:
I disabled IPv6 by unchecking the box.

Properties for forward looking zone showed unknown ip address for FQDN.
I edited to add IP address and clicked resolve.
Went through cmd list.
nslookup still shows unknown server name.
It sounds to me like you're editing the name server (NS) record, not the Host (A) record. Leave you name server record as it is.

Do you have a Host (A) record for server.domain.local, this being your DNS server? Is it the correct IP address? If you don't, create one. This is the record that is needed to allow name resolution.

Is the DNS server still have itself as it's own preferred DNS server?
767WuLiMasterAuthor Commented:
Interesting situation when I run dcpromo.  Although the dns address is the same as the server address when I start dcpromo, after I finish it was changed to the loopback address  There's also a warning message during start of dcpromo that the server can't be seen.

If I leave the address alone, nslookup shows default server as  "localhost" with server's address and I can ping FQDN from a client.  However client still can join domain.  Presumably because an A record isn't created in AD.

I've been following the writeups for creating a first domain in a first forest, but somehow the wizard doesn't seem to want to do that.

No idea how to manually create the missing A record that the clients are looking for.
The loopback address is OK - it just means to look at itself for DNS, the same as if you entered it's own IP address.

What error message are you getting when trying to join the domain?
767WuLiMasterAuthor Commented:
Error message is:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain DOMAIN.LOCAL.

The query was for SRV record _ldap._tpc.dc._msdcs.domain.local.

The following domain controller was identified by the query.


Host (A) records that map the name of the domain controller to its IP address are missing or contain an incorrect address.
bluntTonyConnect With a Mentor Commented:
What host (A) records are showing in DNS for the server? What IP addresses does it/they show. You should only have one, and the IP should be Delete any other records for the server with different IP addresses to that.

Running the four commands I posted earlier should correct those entries in DNS. When you ping the server from a client using server.neptune.local, what IP address is the ping command returning?

Before you ping, run ipconfig /flushdns on the client.
767WuLiMasterAuthor Commented:
Sorry for being so naive.

How do I query the host records on server.domain.local?

BTW, changed IP to for server and for clients at your suggestion.  Didn't want to use 192.168.x.x as that's the address range for the internet router not yet connected to the server.

Ping of server.domain.local from client returns
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.