Solved

DNS issues

Posted on 2011-02-26
12
218 Views
Last Modified: 2012-05-11
I run 2 internal DNS server on a couple old Windows 2003 servers. It seems lately that the computername translations are not happening correctly and some users have been getting dropped from internally run websites. I'm pretty sure it's the DNS server that's the problem since when we use the actual IP addresses the websites work fine.

Is there a way to reset both these machines back to a fresh install or would I need to remove DNS from the server and reinstall?
0
Comment
Question by:dak11
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 4

Expert Comment

by:CHutchins
ID: 34987432
what does an ipconfig /flushdns do to the clients?
If it fixes the problem it is not really a DNS issue as much as a client server issue.

If not I would look at your a records in DNS and compare.  if they are not syncing properly this could be part of the problem.

Just a thought to look at.  I wouldn't personally start over.

You might also look at your DHCP settings as well.  
0
 
LVL 5

Expert Comment

by:AngelGabriel
ID: 34987471
I had a pair of DNS servers that would become inconsistent. I had to remove one, leave one running for a day or so, make sure that reboots have happened with the new configuration. The add the new DNS server again.

That seemed to repair my DNS server issues.
0
 

Author Comment

by:dak11
ID: 34987497
I was thinking it's more a DNS issue since it's happening to multiple clients and even one of the servers which ha the dns serviuces running.

The DHCP setting hasn't been changed for years and this issue just popped up within the last 2 weeks.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 4

Expert Comment

by:CHutchins
ID: 34987521
With that I would very much agree with AngelGabriel  Thee is in inconsistency in the syncing between the 2 DNS servers and clients could be pulling form the second server with the incorrect information.  
1 thing you could try is promote another server to DNS and then demote the one that is incorrect.  let the server s sync and see if it resolves.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34990196
Please provide the following information.

On your DNS servers:
DCdiag /test:DNS

On a troubled client:
IPconfig /all

I don't believe you have a DNS problem.

What we are looking for is discrepancies on the DNS servers, and see if the client is pointed to the wrong DNS server for DNS resolution.
0
 

Author Comment

by:dak11
ID: 34996656
Chief,

Clients have DNS servers of 192.168.1.4 and .5 which are the 2 DNS servers running internally.

Results of DCdiag /test:dns

icrosoft(R) Windows DOS
C)Copyright Microsoft Corp 1990-2001.

:\DOCUME~1\ADMINI~1.FMR>dcdiag /test:dns

omain Controller Diagnosis

erforming initial setup:
  Done gathering initial info.

oing initial required tests

  Testing server: Default-First-Site-Name\DC02
     Starting test: Connectivity
        ......................... DC02 passed test Connectivity

oing primary tests

  Testing server: Default-First-Site-Name\DC02

NS Tests are running and not hung. Please wait a few minutes...

  Running partition tests on : ForestDnsZones

  Running partition tests on : DomainDnsZones

  Running partition tests on : Schema

  Running partition tests on : Configuration

  Running partition tests on : XXX

  Running enterprise tests on : XXX.intranet
     Starting test: DNS
        Test results for domain controllers:

           DC: dc02.XXX.intranet
           Domain: XXX.intranet


              TEST: Forwarders/Root hints (Forw)
                 Error: Forwarders list has invalid forwarder: 68.87.64.146 (<n
me unavailable>)
                 Error: Root hints list has invalid root hint server: a.root-se
vers.net. (198.41.0.4)
                 Error: Root hints list has invalid root hint server: b.root-se
vers.net. (192.228.79.201)
                 Error: Root hints list has invalid root hint server: c.root-se
vers.net. (192.33.4.12)
                 Error: Root hints list has invalid root hint server: d.root-se
vers.net. (128.8.10.90)
                 Error: Root hints list has invalid root hint server: e.root-se
vers.net. (192.203.230.10)
                 Error: Root hints list has invalid root hint server: f.root-se
vers.net. (192.5.5.241)
                 Error: Root hints list has invalid root hint server: g.root-se
vers.net. (192.112.36.4)
                 Error: Root hints list has invalid root hint server: h.root-se
vers.net. (128.63.2.53)
                 Error: Root hints list has invalid root hint server: i.root-se
vers.net. (192.36.148.17)
                 Error: Root hints list has invalid root hint server: j.root-se
vers.net. (192.58.128.30)
                 Error: Root hints list has invalid root hint server: k.root-se
vers.net. (193.0.14.129)
                 Error: Root hints list has invalid root hint server: l.root-se
vers.net. (198.32.64.12)
                 Error: Root hints list has invalid root hint server: m.root-se
vers.net. (202.12.27.33)

        Summary of test results for DNS servers used by the above domain contro
lers:

           DNS server: 128.63.2.53 (h.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 128.63.2.53

           DNS server: 128.8.10.90 (d.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 128.8.10.90

           DNS server: 192.112.36.4 (g.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.112.36.4

           DNS server: 192.203.230.10 (e.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.203.230.10

           DNS server: 192.228.79.201 (b.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.228.79.201

           DNS server: 192.33.4.12 (c.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.33.4.12

           DNS server: 192.36.148.17 (i.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.36.148.17

           DNS server: 192.5.5.241 (f.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.5.5.241

           DNS server: 192.58.128.30 (j.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 192.58.128.30

           DNS server: 193.0.14.129 (k.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 193.0.14.129

           DNS server: 198.32.64.12 (l.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 198.32.64.12

           DNS server: 198.41.0.4 (a.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 198.41.0.4

           DNS server: 202.12.27.33 (m.root-servers.net.)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 202.12.27.33

           DNS server: 68.87.64.146 (<name unavailable>)
              1 test failure on this DNS server
              This is not a valid DNS server. PTR record query for the 1.0.0.12
.in-addr.arpa. failed on the DNS server 68.87.64.146

        Summary of DNS test results:

                                           Auth Basc Forw Del  Dyn  RReg Ext
              ________________________________________________________________
           Domain: XXX.intranet
              dc02                         PASS PASS FAIL PASS PASS PASS n/a

        ......................... XXX.intranet failed test DNS
0
 

Author Comment

by:dak11
ID: 34996725
2nd DNS server

Microsoft(R) Windows DOS
(C)Copyright Microsoft Corp 1990-2001.

C:\DOCUME~1\ADMINI~1>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\DC01

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : XXX

   Running enterprise tests on : XXX.intranet
      Starting test: DNS
         Test results for domain controllers:

            DC: dc01.XXX.intranet
            Domain: XXX.intranet


               TEST: Basic (Basc)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapt
er has invalid DNS server: 192.168.1.5 (<name unavailable>)
                  Warning: adapter [00000001] VMware Accelerated AMD PCNet Adapt
er has invalid DNS server: 192.168.1.250 (<name unavailable>)

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
                  Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

            DNS server: 199.7.83.42 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.168.1.5 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.168.1.5
               Name resolution is not functional. _ldap._tcp.XXX.intranet. fai
led on the DNS server 192.168.1.5

            DNS server: 192.168.1.250 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.168.1.250
               Name resolution is not functional. _ldap._tcp.XXX.intranet. fai
led on the DNS server 192.168.1.250

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: XXX.intranet
               dc01                         PASS WARN FAIL PASS PASS PASS n/a

         ......................... XXX.intranet failed test DNS

C:\DOCUME~1\ADMINI~1>
0
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 34997288
It appears your root hints servers are failing. This will have NO reflection on internal DNS resolution, only external resolution.

I have seen this before if you have the wrong DCdiag version for your servers. I have also seen it where root hints servers have changed and failed.

With that said, have you considered using DNS forwarders. Some good forwarders would be your ISP's DNS servers, or even your router's IP. The router gets an external IP dynamically, (usually). When doing so, you also get DNS servers of your ISP. If you enable recursive lookups and use your ISPs DNS servers for external DNS resolution, then it might be a better mix for your domain.

Now, for the internal part of your domain. It appears DNS is healthy. This DCdiag /test:DNS is a pretty solid test for DNS SRV records. If any records were bad, then it would show in DCdiag /test:DNS..

It appears your authentication services for Kerberos or the netlogon service are starting before DNS and causing this little delay with a DNS error. There is a Microsoft article on controlling the services to prevent this from happening. Bottom line is it appears Kerberos is starting before DNS and therefore Kerberos may not be seeing the SRV records for the authentication server in order to authenticate.

How to delay specific services:
http://support.microsoft.com/kb/193888
0
 

Author Comment

by:dak11
ID: 34997387
Chief,

The main reason I thought it was the DNS services is because I'm seeing issues remoting into machines via the computername. When I have the user change to the PC's IP address there's no issues.

I will look over them link you provided.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34997445
It looks like you have a fowarded coded on DC02:

--> Error: Forwarders list has invalid forwarder: 68.87.64.146 (<name unavailable>)

And it is failing too.  Either ChiefIT is correct and you have an incorrect version of DCdiag, or your firewalls are not configured to allows you DC's to do external DNS queries.

If your firewalls are not configured properly, then as ChiefIT pointed out, all external queries will fail.

Also, if you have forwarded configured on DC02, you should also have it configured on DC01.  
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 34997450
If you are trying to remote into the domain via computername, you are actually using netbios resolution, and that is not a routeable protocol.

remote into:
Servername<<<<<<<<<<<Netbios
Servername.domain.name<<<<<<<<<DNS
xxx.xxx.xxx.xxx  (IP)<<<<<<<<ARP

Netbios is held at the broadcast domain. This means you will not be able to use netbios resolution through NAT, through a VPN tunnel, over most software firewalls, over a hardware firewall, through a different subnet, over a VLAN..etc....

The only way to get this to work with Netbios is to configure Netbios helper through VLANS or across the router, (leaving vulnerabilities). Or to configure WINS or an LMHOST record between the site's domain master browsers..

Try using the FQDN in order to map drives and logon to the domain.
0
 

Author Closing Comment

by:dak11
ID: 35030822
Thanks Chief.

Right after I fixed the forwarder issue all my other problems were fixed as well.

Thanks
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question