Solved

Setting up DNS for new forest in new domain

Posted on 2009-05-16
17
866 Views
Last Modified: 2012-05-07
I installed Windows 2008 and set IP and Preferred DNS to the same address, 169.254.1.1.

Add AD as a role.

Ran DCPROMO and selected new domain in new forest.  There's no other server in the network.

After reboot, I ran ipconfig/all.

DNS shows as ::1
                         169.254.1.1

nslookup times out with unknown domain and ::1.

Clients can ping server, but not server.domain.local

How do I get rid of the ::1 as the primary DNS?


0
Comment
Question by:767WuLiMaster
  • 8
  • 8
17 Comments
 
LVL 3

Expert Comment

by:a_ro_no
ID: 24402769
This is an IPv6 address!

If you dont plan to use IPv6 just diable it, it makes things easier.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402796
::1 is the IPv6 loopback address.

Disable IPv6 on the properties of the network connection, or go into the properties of the network connection / IPv6 and remove the entry for the preferred DNS server.
0
 

Author Comment

by:767WuLiMaster
ID: 24402991
OK, that got rid of the ::1.

However, client still can't ping server.domain.local.

nslookup on server shows:
server unknown
address 169.254.1.1
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 27

Expert Comment

by:bluntTony
ID: 24403051
Are all your machines in the 169.254.x.x subnet? This is the APIPA address given to clients that are configured for DHCP when no DHCP server is available.

While technically the APIPA subnet should work I'd configure your DC to a static IP address and set up a DHCP scope for your clients on a private subnet such as 192.168.1.0/24. This is an aside to your problem though I imagine.

I would also disable windows firewall on the DC to eliminate this as a problem.

Have you configured the clients to look to the server as their preferred DNS server? They can ping 'server' be NetBIOS name resolution, but 'server.neptune.local' requires DNS.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403053
.. I meant 'server.domain.local' - oops :0)
0
 

Author Comment

by:767WuLiMaster
ID: 24403073
Firewall is turned off on server.

Clients have static IP 169.254.1.x and have 169.254.1.1 as their preferred DNS.
Clients can ping server, but can't ping server.domain.local
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403090
On the DC, run

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Give it a few moments then check in the forward lookup zone for your domain in the DNS console. Is there a Host (A) record for server.domain.local pointing to the correct IP address? If there is, on a client, run ipconfig /flushdns and try to ping the server by FQDN again.

See if that helps.
0
 

Author Comment

by:767WuLiMaster
ID: 24403149
If I look at properties under the forwarding zone, it shows the proper FQDN but IP address Unknown.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403175
Did you disable IPv6 or just remove the DNS server entry? I would actually disable it by un-checking it in the list under the network connection properties.

Delete the Host (A) record and run the four commands above again. Then check what record appears in DNS.
0
 

Author Comment

by:767WuLiMaster
ID: 24403299
I disabled IPv6 by unchecking the box.

Properties for forward looking zone showed unknown ip address for FQDN.
I edited to add IP address 169.254.1.1 and clicked resolve.
Went through cmd list.
nslookup still shows unknown server name.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24406265
It sounds to me like you're editing the name server (NS) record, not the Host (A) record. Leave you name server record as it is.

Do you have a Host (A) record for server.domain.local, this being your DNS server? Is it the correct IP address? If you don't, create one. This is the record that is needed to allow name resolution.

Is the DNS server still have itself as it's own preferred DNS server?
0
 

Author Comment

by:767WuLiMaster
ID: 24406310
Interesting situation when I run dcpromo.  Although the dns address is the same as the server address when I start dcpromo, after I finish it was changed to the loopback address 127.0.0.1.  There's also a warning message during start of dcpromo that the server can't be seen.

If I leave the 127.0.0.1 address alone, nslookup shows default server as  "localhost" with server's address and I can ping FQDN from a client.  However client still can join domain.  Presumably because an A record isn't created in AD.

I've been following the writeups for creating a first domain in a first forest, but somehow the wizard doesn't seem to want to do that.

No idea how to manually create the missing A record that the clients are looking for.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24406351
The loopback address is OK - it just means to look at itself for DNS, the same as if you entered it's own IP address.

What error message are you getting when trying to join the domain?
0
 

Author Comment

by:767WuLiMaster
ID: 24406418
Error message is:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain DOMAIN.LOCAL.

The query was for SRV record _ldap._tpc.dc._msdcs.domain.local.

The following domain controller was identified by the query.

server.domain.local.

Host (A) records that map the name of the domain controller to its IP address are missing or contain an incorrect address.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 250 total points
ID: 24406502
What host (A) records are showing in DNS for the server? What IP addresses does it/they show. You should only have one, and the IP should be 169.254.1.1. Delete any other records for the server with different IP addresses to that.

Running the four commands I posted earlier should correct those entries in DNS. When you ping the server from a client using server.neptune.local, what IP address is the ping command returning?

Before you ping, run ipconfig /flushdns on the client.
0
 

Author Comment

by:767WuLiMaster
ID: 24406592
Sorry for being so naive.

How do I query the host records on server.domain.local?

BTW, changed IP to 10.0.1.1 for server and 10.0.1.10x for clients at your suggestion.  Didn't want to use 192.168.x.x as that's the address range for the internet router not yet connected to the server.

Ping of server.domain.local from client returns 10.0.1.1
0
 

Accepted Solution

by:
767WuLiMaster earned 0 total points
ID: 24407520
Problem Solved!!

Was able to use dnsmngr to query records in dns and confirm that server.domain.local was listed in Host(A) record with IP 10.0.1.1

Tried turning off the firewall on the client and was able to join client to the domain.  Turned server firewall back on and clients still able to join domain.

Client firewall as AVG commercial version, which cannot be installed on Windows Server and it looks like it all interfers in a domain.  Need to check some firewall parameters to see if there's anything there blocking joining a domain.

Thanks for your help.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question