We help IT Professionals succeed at work.

Odd behavior in DNS management mmc

Medium Priority
980 Views
Last Modified: 2012-05-11
Hi experts!

There is something strange going on at our DNS management. DNS is located at two 2008 DCs. We have another DNS server (linux) which is allowed to receive zone transfers.

Recently, I setup a new reverse lookup zone and configured like with any zone before
x Allow zone transfers only to servers listed on the name server tab
Then I added the linux server on that very tab and I expected to see Validated: ok. Instead, I get "The server with this IP address is not authoritative for the required zone".

What does that mean? It worked with every other zone I created before and also on old zones I can delete that server and add it again with no problems. I am also able to add the second DC at any time and it shows up as validated.

I googled but did not find any clue - does anyone know what this could mean?
Apart from that, DNS shows no problems in the event logs and nslookup can find that linux server forward and reverse.
Comment
Watch Question

JamesSenior Cloud Infrastructure Engineer
CERTIFIED EXPERT

Commented:
Have a look at the look at the link below and see does this provide any help.

http://programming4.us/desktop/2642.aspx 
Firmin FrederickSenior IT Consultant
CERTIFIED EXPERT

Commented:
there are two sides to this - 1. the linux server did not respond to the authoratative query as in blocked by firewall rules or ipchains, and 2. as in the example provided by JBond2010, if your domain has a higher domain suffix like .com then your linux server cannot lay claim as authoratative unless its listed in your DNS hints for example.
Firmin FrederickSenior IT Consultant
CERTIFIED EXPERT

Commented:
if for example your domain is correct for private internal e.g. company.local then you can try adding the linux box to root hints (not DNS hints as i put above) and also in your DNS lookup/forwarding
CERTIFIED EXPERT
Distinguished Expert 2019

Author

Commented:
Hi JBond!

Let me quote your article:
Because the server is not yet an authoritative server for the zone, the error message “The server with this IP address is not authoritative for the required zone” appears. This will be done in the next section. The error can be safely ignored. Click OK to save.

How should we do "the next section" on our linux server? [I wonder how we did that before - in my opinion, we did not have to do anything]
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:

SOA record mismatch?

To be honest, the validation steps it attempts to force you through the GUI are a bit painful. If you are sure of your setup use DNSCMD (or something else) to create the zone the verify it transfers successfully.

Chris
CERTIFIED EXPERT
Distinguished Expert 2019

Author

Commented:
Back to this one.
To all: nothing of our config has changed, why has this ever worked?

@chris: what valistaion steps are you talking about? I mean, this was my question: I add my second DC -> validated ok, I add the linux server ->"not authoritative". It was authoritative ever before, what could have gone wrong?
Could you give an example of dnscmd for the ip 192.168.x.x?

Pla@JBond - no comment to my followup-question?
 

Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
The exactly validation steps are hidden from us, MS do "stuff" to see if the server you're adding meets up to their expectations. In some cases this can exceed the requirements for adding a second name server.

To add it using DNSCMD this should work:

dnscmd /RecordAdd domain.com ns2 A 192.168.x.x
dnscmd /RecordAdd domain.com @ NS ns2

Or if the Name Server record should reference a host in another zone:

dnscmd /RecordAdd domain.com @ NS ns2.otherdomain.com.

As with BIND zone files, the trailing period (.) is important.

I have a tendency to ignore GUI validation steps because I tend to know exactly what I'm doing in this context :)

Chris
CERTIFIED EXPERT
Distinguished Expert 2019

Author

Commented:
Sorry, I am still unsure about the syntax.

The reverse lookup zone is 70.168.192-in-addr.arpa, the linux DNS server that is claimed to be non authoritative has 192.168.10.2, domain is mydomain.com

What should be the syntax, you confused me with NS2.
Chris DentPowerShell Developer
CERTIFIED EXPERT
Top Expert 2010

Commented:
What's the Linux server called? How does it refer to itself in the DNS zones? I think that's the only bit I'm missing and I'll attempt to give you a better description :)

Chris
CERTIFIED EXPERT
Distinguished Expert 2019

Author

Commented:
It's called anaconda.mydomain.de (domain is mydomain.de, not mydomain.com, sorry).
PowerShell Developer
CERTIFIED EXPERT
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Distinguished Expert 2019

Author

Commented:
-better late than never-
Thanks, it's good to know the command line once more.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.