handyjay
asked on
How can I Fix DNS entries
I have been given the task of fixing out DNS server... I need to promote this DC to a new server so I want to fix everything first. I am learning as I go along...
First question I have is based on the image attached. There are duplicate Host entries pointing to a single IP address. Some of the Host entries do not even exist anymore.
I am not sure if the last person set this up manually or dynamic. I'm wondering if this could cause problems and how to fix it. I was also wondering if there is a Support Tool I can use to automatically fix DNS entries or tell me what needs to be fixed before I start the DC promotion process.
DNS-Forward.JPG
First question I have is based on the image attached. There are duplicate Host entries pointing to a single IP address. Some of the Host entries do not even exist anymore.
I am not sure if the last person set this up manually or dynamic. I'm wondering if this could cause problems and how to fix it. I was also wondering if there is a Support Tool I can use to automatically fix DNS entries or tell me what needs to be fixed before I start the DC promotion process.
DNS-Forward.JPG
ASKER
I do not know how to tell if it was setup manual or dynamic.... can you tell me how? I assume dynamic as the person pretty much always took the easiest route in setting up computers systems.
As far as tools, I have not used them but am currently watching some videos about AD troubleshooting techniques.
I have attached another screen shot. The first is the Forward lookup and the new one is the reverse lookup.
Look at IP xxx. 16 (for example) the forward and the reverse do not match up.
Also IP .7 on the reverse does not exist in the forward.
Both of these IPs have caused issues with our firewall software and seems to be the reason I was searching for issues in the wrong place.
Is there a safe way to "reset" it and let it fix itself... or will this cause more issues?
dnsReverse.JPG
As far as tools, I have not used them but am currently watching some videos about AD troubleshooting techniques.
I have attached another screen shot. The first is the Forward lookup and the new one is the reverse lookup.
Look at IP xxx. 16 (for example) the forward and the reverse do not match up.
Also IP .7 on the reverse does not exist in the forward.
Both of these IPs have caused issues with our firewall software and seems to be the reason I was searching for issues in the wrong place.
Is there a safe way to "reset" it and let it fix itself... or will this cause more issues?
dnsReverse.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
These sound like they will help me with my issue.
I was wondering (see new screen shot), do you have any idea why I don't have a "General" tab as the Microsoft instructions indicate I should navigate too?
DNSCapture.JPG
I was wondering (see new screen shot), do you have any idea why I don't have a "General" tab as the Microsoft instructions indicate I should navigate too?
DNSCapture.JPG
That screenshot is from Server 2003, right? What is the article you are referencing? That looks right to me, but I don't have a Server 2003 with DNS installed on it to check.
DrUltima
DrUltima
ASKER
Yes it is 2003. The article I am refereing too is the Allow dynamic updates. The instructions are pretty simple... just dont see "General" tab.
I was going to use Command line, but I wanted to see what it was set now first, just to see where I stand before I make a change.
Allow dynamic update instructions:
1. Open DNS.
2. In the console tree, right-click the applicable zone, and then click Properties.
3. On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
4. In Dynamic Updates, click Nonsecure and secure.
I was going to use Command line, but I wanted to see what it was set now first, just to see where I stand before I make a change.
Allow dynamic update instructions:
1. Open DNS.
2. In the console tree, right-click the applicable zone, and then click Properties.
3. On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
4. In Dynamic Updates, click Nonsecure and secure.
Gotcha... You need to have the Zone highlighted, not the root of your domain, as this picture indicates... :)
ASKER
Thanks, scavaging was off.
Glad you found that and it is working for you. If you have future issues related to this, you can always come back to this Question and "Ask a Related Question". Doing so will notify all experts who are monitoring this thread as well as any in the Zones you place your new Question.
Best of luck!
DrUltima
Best of luck!
DrUltima
DCDIAG /test:DNS
Other useful tools:
NSLOOKUP
DNSCMD
Have you any experience with these?
DrUltima