nslookup not working properly

Make sure you have a Reverse lookup zone.

Make sure you are only pointing to internal DNS servers.

im looking at the reverse dns zones and something seems a little strange.

my network is a 10.100.0.0\16
the reverse zone is 0.100.10.in-addr.arpa

shouldnt the reverse zone be
100.10.in-addr.arpa

hi jamesmetcalf74,

When you ping the faulty machine from another computer, do you get a reply?

Secondly, kindly open the DNS console and check for the A records in the forward lookup zone for the said machine and the PTR records in the reverse lookup zone

Thirdly, have you set "Register this connection's address in DNS" under DNS in the Advanced properties of TCP/IP of the LAN connection?

B Rgds,

Mkeiwua

Yeah it should be.

I don't think so because the Reverse Lookup Wizard normally tells you to enter the first three octects of the IP Address e.g

A.B.C and then it sets up the name of the Reverse Lookup Zone as : C.B.A.in-addr.arpa

B Rgds,

Mkeiwua

see attached


Reverse.Lookup.png

But he's got a 16-bit subnet mask, so it should indeed be 100.10.in-addr.arpa.

Yes but as per attached diagram, doesn't the reverse lookup wizard need all three octects and as it says

"If you use a zero in the network ID, it will appear in the zone name......."

i.e. 10.100.0.0/16 would become 0.100.10.in-addr.arpa?


Or am i missing something?

B Rgds,

Mkeiwua

IT seems that the first part of DNS look up itself is getting failed. First you must need to focus on right DNS server configuration on the properties of you LAN card on workstation.

mkeiwua: you are correct, reverse lookup zone are listed with the octets reversed.  Actually the screenshot above gives an example of 10.0 being listed as 0.10...

yes nole, i think with the author's consent we can go back to solving the problem....as in his reverse lookup zone is okay as it is.

make sure that the subnet mask on the network adapter is /16.

Even though the reverse lookup zone wizard provides blanks for three octets, you do not have to fill them all in, and with a 16-bit mask, you should leave the last blank empty.  This will create the 100.10.in-addr.arpa reverse lookup zone, which is the correct zone for this network.  0.100.10.in-addr.arpa is definitely not correct.

Totally missed that! He should then be having DNS resolution issues on the other machines/network as well.

B Rgds,

Mkeiwua

The clients should get the same "Can't find server name for address..." error when they first run nslookup, but all that error signifies is that nslookup wasn't able to resolve the server's IP address to a hostname using reverse lookup; it doesn't indicate any kind of failure beyond that, which is why forward lookups are still working normally.

I don't like that error message, personally.  It makes you think something is really wrong, when in actuality everything except reverse lookup could be working just fine...and aside from mail servers, how often does anyone use reverse lookup in day-to-day operations anyway?  :)

yeah, i agree. i had initially thought that it was just one machine with the problem, thats why was quick to look away from the reverse lookup suggestion...

Thanks Dave.

B Rgds,

Mkeiwua

sorry for the long delay.
you seem to have the symptons nailed.
all workstations on the domain have the same symptons.

im going to post the known symptons.
first attachment is the original error messages when i start nslookup.
it does resolve host names on our network.

the second is the dns event viewer which has a ton of erros that are identical except that they refer to different subnets on our network. (branch office vpns)
the reverse address circled in black is the one that was created by default.
the one circled in red is the one i created yesterday.
the address blackened out is our public ip address.... should that be in there?

nslookup-error-and-name-res.JPG
dns-event-viewer.JPG

one more sympton
the reverse zone i created.
100.10i-addr.arpa   is not in the other domain controller
neither is the 0.in.-addr.arpa

Run dcdiag then post results.

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Site 1\SERVERNAME
      Starting test: Connectivity
         ......................... SERVERNAME passed test Connectivity

Doing primary tests
   
   Testing server: Site 1\SERVERNAME
      Starting test: Replications
         ......................... SERVERNAME passed test Replications
      Starting test: NCSecDesc
         ......................... SERVERNAME passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVERNAME passed test NetLogons
      Starting test: Advertising
         ......................... SERVERNAME passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVERNAME passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVERNAME passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of SERVERNAME is: 0x82020 = ( UF_PASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... SERVERNAME passed test MachineAccount
      Starting test: Services
         ......................... SERVERNAME passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVERNAME passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVERNAME passed test frssysvol
      Starting test: frsevent
         ......................... SERVERNAME passed test frsevent
      Starting test: kccevent
         ......................... SERVERNAME passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x825A0011
            Time Generated: 04/12/2010   15:20:12
            (Event String could not be retrieved)
         ......................... SERVERNAME failed test systemlog
      Starting test: VerifyReferences
         ......................... SERVERNAME passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : ci
      Starting test: CrossRefValidation
         ......................... ci passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ci passed test CheckSDRefDom
   
   Running enterprise tests on : "domain name"
      Starting test: Intersite
         ......................... "domain name" passed test Intersite
      Starting test: FsmoCheck
         ......................... "domain name" passed test FsmoCheck

repadmin /showrepl was successful for all tests on both dc's

there is 2 records in 0.in-addr.arpa

start of authority record and ns record

Do you have PTR records in your reverse lookup zone.

Upon further review, the 0.in-addr.arpa and 255.in-addr.arpa zones normally show up in advanced-view mode (which you're in), so you can ignore them.