Solved

DNS error 4015 - strange DNS problems

Posted on 2011-02-14
21
654 Views
Last Modified: 2012-05-11
I am geting an error 4015 on the DNS Server. This server is also a DC.

When I do an NSLOOKUP for devices on the LAN I get a NON Existant Domain Error. When I do a NSLOOKUP using the the FQDN (ie host.clced.local) it resolves fine.

When I do NSLOOKUP for google.com for example it works fine.

I then go to a PC on the domain and do an NSLOOKUP for the hostname (without using the FQDN) it resolves fine. There are however some PCs that are not on the domain nut are just setup on a workgroup. These machines will not resolve the hostname unless I use the FQDN.

It has all ben working fine until recently.

Does anyone have any ideas?
 
0
Comment
Question by:roy_batty
  • 9
  • 8
  • 3
  • +1
21 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34887245
On that DNS server, run in command-line:

dcdiag /test:dns >c:\dnstest.txt

and attach this file here, please

if you have more than one DC in your networ, please run also

repadmin /showrepl >c:\repl.txt

to try fix it simply (if not serious problem) run

dcdiag /fix

Regards,
Krzysztof
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34887330

> When I do an NSLOOKUP for devices on the LAN I get a NON Existant Domain Error. When I do a NSLOOKUP using the the FQDN (ie host.clced.local) it resolves fine.

Check the Primary DNS Suffix for the server. "ipconfig /all" should show it.

> These machines will not resolve the hostname unless I use the FQDN.

Same thing, if you don't include the domain name in either the Primary DNS Suffix or in the DNS Suffix Search List they will not resolve the name.

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887444
Here are the results of the dcdiag. As a further comment I will add that the dns suffix on the PCs is incorrect however when I simply do I ipconfig /refresh , this corrects the DNS suffix. When I check on the DC the DNS suffix is set as it should be.



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: CLCED\CLC-PDC01
      Starting test: Connectivity
         ......................... CLC-PDC01 passed test Connectivity

Doing primary tests
   
   Testing server: CLCED\CLC-PDC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : CLCED
   
   Running enterprise tests on : CLCED.Local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: clc-pdc01.CLCED.Local
            Domain: CLCED.Local

                 
               TEST: Basic (Basc)
                  Warning: adapter [00000001] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) has invalid DNS server: 10.254.3.71 (<name unavailable>)
                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 10.254.3.71 (<name unavailable>)
                  Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-servers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure CLCED.Local.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000001] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client):
                     Error: Missing A record at DNS server 10.254.3.71 :
                     clc-pdc01.CLCED.Local
                     
                     Error: Missing CNAME record at DNS server 10.254.3.71 :
                     91725aa2-9552-4486-85fa-dcf0980f5840._msdcs.CLCED.Local
                     
                     Error: Missing DC SRV record at DNS server 10.254.3.71 :
                     _ldap._tcp.dc._msdcs.CLCED.Local
                     
                     Error: Missing GC SRV record at DNS server 10.254.3.71 :
                     _ldap._tcp.gc._msdcs.CLCED.Local
                     
                     Error: Missing PDC SRV record at DNS server 10.254.3.71 :
                     _ldap._tcp.pdc._msdcs.CLCED.Local
                     
               Error: Record registrations cannot be found for all the network adapters
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 10.254.3.71 (<name unavailable>)
               2 test failures on this DNS server
               Name resolution is not functional. _ldap._tcp.CLCED.Local. failed on the DNS server 10.254.3.71
               
            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
               
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
               
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
               
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
               
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
               
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
               
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
               
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
               
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
               
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
               
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
               
            DNS server: 199.7.83.42 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
               
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: CLCED.Local
               clc-pdc01                    PASS WARN FAIL PASS WARN FAIL n/a  
         
         ......................... CLCED.Local failed test DNS
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887456
I have 2 DCs in my domain. Which server do I run the second command on?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34887463

> Error: Forwarders list has invalid forwarder: 10.254.3.71 (<name unavailable>)

This is the servers IP address isn't it?

Either that address should not be listed in Forwarders, or we need to know what it is.

Is 10.254.3.71 the only DNS server listed in TCP/IP configuration for your server and clients?

You can ignore all of those PTR record query errors. A more recent version of DCDiag will do away with that one for you.

Chris
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34887486
on any of them :)
Do you have more than 1 NIC on a DNS server ? Check on which interface that DNS server is listening to.

Try running on a DNS server in command-line

arp -d *
ipconfig /flushdns
ipconfig /registerdns

then
netdiag /fix
or
dcdiag /fix

and re-run
dcdiag /test:dns

Krzysztof
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887667
I have now corrected the DNS Server address set in the tcpip configuration for the nic in both servers. I have set it to 127.0.0.1. The addess 10.254.3.71 is the updtream DNS server. This was already configured as a forwarder and appears to be working fine. I presume 127.0.0.1 is the correct config here.

Each server has 2 nics but only one is enabled in each server.

I have run the dcdiag again and this is what I get now:


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: CLCED\CLC-PDC01
      Starting test: Connectivity
         ......................... CLC-PDC01 passed test Connectivity

Doing primary tests
   
   Testing server: CLCED\CLC-PDC01

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : CLCED
   
   Running enterprise tests on : CLCED.Local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: clc-pdc01.CLCED.Local
            Domain: CLCED.Local

                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure CLCED.Local.
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: CLCED.Local
               clc-pdc01                    PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... CLCED.Local passed test DNS


What next?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34887679
Looks OK, now. Try to ping host name and check what will be returned

Krzysztof
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34887692

> The addess 10.254.3.71 is the upstream DNS server

Did you remove it from TCP/IP configuration, it has no place there?

I suggest you do this if both DCs have DNS and are on the same site:

DC1: Preferred DNS set to DC2; Alternate DNS set to 127.0.0.1
DC2: Preferred DNS set to DC1; Alternate DNS set to 127.0.0.1

If 10.254.3.71 does not host a zone for clced.local you will get a fair number of NXDomain responses when it's accessed directly.

By all means continue to use it as a Forwarder.

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887816
Here are the results of repadmin. Look fine to me.

repadmin running command /showrepl against server localhost

CLCED\CLC-PDC01

DC Options: IS_GC

Site Options: (none)

DC object GUID: 91725aa2-9552-4486-85fa-dcf0980f5840

DC invocationID: 91725aa2-9552-4486-85fa-dcf0980f5840



==== INBOUND NEIGHBORS ======================================



DC=CLCED,DC=Local

    CLCED\CLC-BDC01 via RPC

        DC object GUID: 504348b1-7609-4ed3-941e-412101935649

        Last attempt @ 2011-02-14 13:39:07 was successful.



CN=Configuration,DC=CLCED,DC=Local

    CLCED\CLC-BDC01 via RPC

        DC object GUID: 504348b1-7609-4ed3-941e-412101935649

        Last attempt @ 2011-02-14 13:18:29 was successful.



CN=Schema,CN=Configuration,DC=CLCED,DC=Local

    CLCED\CLC-BDC01 via RPC

        DC object GUID: 504348b1-7609-4ed3-941e-412101935649

        Last attempt @ 2011-02-14 13:18:29 was successful.



DC=DomainDnsZones,DC=CLCED,DC=Local

    CLCED\CLC-BDC01 via RPC

        DC object GUID: 504348b1-7609-4ed3-941e-412101935649

        Last attempt @ 2011-02-14 13:32:34 was successful.



DC=ForestDnsZones,DC=CLCED,DC=Local

    CLCED\CLC-BDC01 via RPC

        DC object GUID: 504348b1-7609-4ed3-941e-412101935649

        Last attempt @ 2011-02-14 13:18:29 was successful.


> Did you remove it from TCP/IP configuration, it has no place there?

Yes. Thats my predecessors incorrect configuration!

I have set the nics DNS as suggested
"DC1: Preferred DNS set to DC2; Alternate DNS set to 127.0.0.1
DC2: Preferred DNS set to DC1; Alternate DNS set to 127.0.0.1"

No when I do an NSLOOKUP on DC2 it says:

L:\>nslookup
*** Can't find server name for address 10.220.4.250: Non-existent domain
Default Server:  UnKnown
Address:  10.220.4.250

Wh I do an NSLOOKUP on DC1 I am still getting

C:\Tools>nslookup
Default Server:  clc-bdc01.clced.local
Address:  10.220.4.247

> mars
Server:  clc-bdc01.clced.local
Address:  10.220.4.247

*** clc-bdc01.clced.local can't find mars: Non-existent domain
> mars.clced.local
Server:  clc-bdc01.clced.local
Address:  10.220.4.247

Name:    mars.clced.local
Address:  10.220.4.253

Any suggestions?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 70

Expert Comment

by:Chris Dent
ID: 34887856

> Can't find server name for address 10.220.4.250: Non-existent domain

Missing Reverse Lookup Zone, should be quite happy if you add one of those.

In the command set above, can you run:

set debug

Then re-run the query for "mars" on its own. It'll show you each of the DNS suffix entries it appended to the query. Then try "ping mars" so we can see if the same behaviour exhibits there. nslookup is a debugging tool, we shouldn't treat everything it says as gospel.

If it's still not appending, can you show us "ipconfig /all" from that server please? It's possible one of the DNS client settings has been changed, nothing suggests the server is to blame at the moment.

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887898
>In the command set above, can you run:

set debug

What do you mean?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34887920

e.g.

nslookup
set debug
mars

You'll get extended output, all queries for all configured DNS Suffixes rather than just the final result.

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34887967
C:\Program Files\Online Diagnostics\oldiags\bin>nslookup
Default Server:  clc-bdc01.clced.local
Address:  10.220.4.247

> set debug
> mars
Server:  clc-bdc01.clced.local
Address:  10.220.4.247

------------
Got answer:
    HEADER:
        opcode = QUERY, id = 2, rcode = NXDOMAIN
        header flags:  response, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mars.clced, type = A, class = IN
    AUTHORITY RECORDS:
    ->  (root)
        ttl = 2562 (42 mins 42 secs)
        primary name server = a.root-servers.net
        responsible mail addr = nstld.verisign-grs.com
        serial  = 2011021400
        refresh = 1800 (30 mins)
        retry   = 900 (15 mins)
        expire  = 604800 (7 days)
        default TTL = 602 (10 mins 2 secs)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 3, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mars.intranet, type = A, class = IN
    AUTHORITY RECORDS:
    ->  intranet
        ttl = 3600 (1 hour)
        primary name server = clc-bdc01.clced.local
        responsible mail addr = hostmaster.clced.local
        serial  = 5
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
------------
Got answer:
    HEADER:
        opcode = QUERY, id = 4, rcode = NXDOMAIN
        header flags:  response, auth. answer, want recursion, recursion avail.
        questions = 1,  answers = 0,  authority records = 1,  additional = 0

    QUESTIONS:
        mars.blk.co.uk, type = A, class = IN
    AUTHORITY RECORDS:
    ->  blackpool.gov.uk
        ttl = 3600 (1 hour)
        primary name server = clc-bdc01.clced.local
        responsible mail addr = hostmaster.clced.local
        serial  = 22
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)

------------
*** clc-bdc01.clced.local can't find mars: Non-existent domain
>

Does this help?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34888052

Well it tells us that it never tried to lookup mars.clced.local. It did try "mars.clced", but that's not the same thing. Given the order, this suggests that clced (without .local) is the Primary DNS Suffix? Are you willing to post "ipconfig /all" for that host?

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34888099
Ive removed a couple of lines I dont really want to post, but this is most of it.
C:\Tools>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : clc-pdc01
   Primary Dns Suffix  . . . . . . . : CLCED.Local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : clced
                                       
                                       

Ethernet adapter Local Area Connection 250:

   Connection-specific DNS Suffix  . : CLCED.Local
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
 VBD Client)
   Physical Address. . . . . . . . . : 00-1D-09-0F-09-FB
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.220.4.250
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.220.4.1
   DNS Servers . . . . . . . . . . . : 10.220.4.247
                                       127.0.0.1
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34888599
And the nslookup tests above were done from that server? Just to confirm :)

We can see that it's appending the entry in the DNS Suffix Search List here:

   DNS Suffix Search List. . . . . . : clced

Plus a few others (intranet and blk...), which are also listed? They're not in the ipconfig output above.

If that's the case we have two paths to fix the issue.

Either: Remove the DNS Suffix Search List entirely, allowing it to use the Primary DNS Suffix and any Connection specific suffixes.
Or: Add clced.local as the first entry in the DNS Suffix Search List (locally, or in group policy, depending on how those are added now).

Which is most appropriate depends on what you use the list for (mostly relates to the other's it listed).

Chris
0
 
LVL 1

Author Comment

by:roy_batty
ID: 34888880
yes this was run on the server.

I am a little unsure what to do now. Can you explain further?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34889110

Head over to TCP/IP configuration (Network interface properties), then click Advanced and DNS. Is clced and the others listed in the "Append these DNS suffixes" box?

That'll be a good place to start :)

If you see it there, we should check policy. Run:

rsop.msc

Then expand Computer Configuration, Administrative Templates, Network, DNS Client (if it exists) and see if there's a DNS Suffix policy listed. If there is, it'll tell you the name of the policy that applied it.

Chris
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34894052
@Chris:

Did you see the loopback in the ipconfig?

DNS Servers . . . . . . . . . . . : 10.220.4.247
                                       127.0.0.1

Also, does he have metadata from improperly demoted domain controllers, hence 4015 domain controller doesn't exist?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34894769

> Did you see the loopback in the ipconfig?

Yep, it's good. Loopback is always up, as long as the system is a DNS server it's a better choice than an IP bound to a NIC.

Chris
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now