Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setting up DNS for new forest in new domain

Posted on 2009-05-16
17
Medium Priority
?
870 Views
Last Modified: 2012-05-07
I installed Windows 2008 and set IP and Preferred DNS to the same address, 169.254.1.1.

Add AD as a role.

Ran DCPROMO and selected new domain in new forest.  There's no other server in the network.

After reboot, I ran ipconfig/all.

DNS shows as ::1
                         169.254.1.1

nslookup times out with unknown domain and ::1.

Clients can ping server, but not server.domain.local

How do I get rid of the ::1 as the primary DNS?


0
Comment
Question by:767WuLiMaster
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 8
17 Comments
 
LVL 3

Expert Comment

by:a_ro_no
ID: 24402769
This is an IPv6 address!

If you dont plan to use IPv6 just diable it, it makes things easier.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24402796
::1 is the IPv6 loopback address.

Disable IPv6 on the properties of the network connection, or go into the properties of the network connection / IPv6 and remove the entry for the preferred DNS server.
0
 

Author Comment

by:767WuLiMaster
ID: 24402991
OK, that got rid of the ::1.

However, client still can't ping server.domain.local.

nslookup on server shows:
server unknown
address 169.254.1.1
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 27

Expert Comment

by:bluntTony
ID: 24403051
Are all your machines in the 169.254.x.x subnet? This is the APIPA address given to clients that are configured for DHCP when no DHCP server is available.

While technically the APIPA subnet should work I'd configure your DC to a static IP address and set up a DHCP scope for your clients on a private subnet such as 192.168.1.0/24. This is an aside to your problem though I imagine.

I would also disable windows firewall on the DC to eliminate this as a problem.

Have you configured the clients to look to the server as their preferred DNS server? They can ping 'server' be NetBIOS name resolution, but 'server.neptune.local' requires DNS.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403053
.. I meant 'server.domain.local' - oops :0)
0
 

Author Comment

by:767WuLiMaster
ID: 24403073
Firewall is turned off on server.

Clients have static IP 169.254.1.x and have 169.254.1.1 as their preferred DNS.
Clients can ping server, but can't ping server.domain.local
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403090
On the DC, run

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

Give it a few moments then check in the forward lookup zone for your domain in the DNS console. Is there a Host (A) record for server.domain.local pointing to the correct IP address? If there is, on a client, run ipconfig /flushdns and try to ping the server by FQDN again.

See if that helps.
0
 

Author Comment

by:767WuLiMaster
ID: 24403149
If I look at properties under the forwarding zone, it shows the proper FQDN but IP address Unknown.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24403175
Did you disable IPv6 or just remove the DNS server entry? I would actually disable it by un-checking it in the list under the network connection properties.

Delete the Host (A) record and run the four commands above again. Then check what record appears in DNS.
0
 

Author Comment

by:767WuLiMaster
ID: 24403299
I disabled IPv6 by unchecking the box.

Properties for forward looking zone showed unknown ip address for FQDN.
I edited to add IP address 169.254.1.1 and clicked resolve.
Went through cmd list.
nslookup still shows unknown server name.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24406265
It sounds to me like you're editing the name server (NS) record, not the Host (A) record. Leave you name server record as it is.

Do you have a Host (A) record for server.domain.local, this being your DNS server? Is it the correct IP address? If you don't, create one. This is the record that is needed to allow name resolution.

Is the DNS server still have itself as it's own preferred DNS server?
0
 

Author Comment

by:767WuLiMaster
ID: 24406310
Interesting situation when I run dcpromo.  Although the dns address is the same as the server address when I start dcpromo, after I finish it was changed to the loopback address 127.0.0.1.  There's also a warning message during start of dcpromo that the server can't be seen.

If I leave the 127.0.0.1 address alone, nslookup shows default server as  "localhost" with server's address and I can ping FQDN from a client.  However client still can join domain.  Presumably because an A record isn't created in AD.

I've been following the writeups for creating a first domain in a first forest, but somehow the wizard doesn't seem to want to do that.

No idea how to manually create the missing A record that the clients are looking for.
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24406351
The loopback address is OK - it just means to look at itself for DNS, the same as if you entered it's own IP address.

What error message are you getting when trying to join the domain?
0
 

Author Comment

by:767WuLiMaster
ID: 24406418
Error message is:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain DOMAIN.LOCAL.

The query was for SRV record _ldap._tpc.dc._msdcs.domain.local.

The following domain controller was identified by the query.

server.domain.local.

Host (A) records that map the name of the domain controller to its IP address are missing or contain an incorrect address.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 1000 total points
ID: 24406502
What host (A) records are showing in DNS for the server? What IP addresses does it/they show. You should only have one, and the IP should be 169.254.1.1. Delete any other records for the server with different IP addresses to that.

Running the four commands I posted earlier should correct those entries in DNS. When you ping the server from a client using server.neptune.local, what IP address is the ping command returning?

Before you ping, run ipconfig /flushdns on the client.
0
 

Author Comment

by:767WuLiMaster
ID: 24406592
Sorry for being so naive.

How do I query the host records on server.domain.local?

BTW, changed IP to 10.0.1.1 for server and 10.0.1.10x for clients at your suggestion.  Didn't want to use 192.168.x.x as that's the address range for the internet router not yet connected to the server.

Ping of server.domain.local from client returns 10.0.1.1
0
 

Accepted Solution

by:
767WuLiMaster earned 0 total points
ID: 24407520
Problem Solved!!

Was able to use dnsmngr to query records in dns and confirm that server.domain.local was listed in Host(A) record with IP 10.0.1.1

Tried turning off the firewall on the client and was able to join client to the domain.  Turned server firewall back on and clients still able to join domain.

Client firewall as AVG commercial version, which cannot be installed on Windows Server and it looks like it all interfers in a domain.  Need to check some firewall parameters to see if there's anything there blocking joining a domain.

Thanks for your help.
0

Featured Post

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question