Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

Odd behavior in DNS management mmc

Hi experts!

There is something strange going on at our DNS management. DNS is located at two 2008 DCs. We have another DNS server (linux) which is allowed to receive zone transfers.

Recently, I setup a new reverse lookup zone and configured like with any zone before
x Allow zone transfers only to servers listed on the name server tab
Then I added the linux server on that very tab and I expected to see Validated: ok. Instead, I get "The server with this IP address is not authoritative for the required zone".

What does that mean? It worked with every other zone I created before and also on old zones I can delete that server and add it again with no problems. I am also able to add the second DC at any time and it shows up as validated.

I googled but did not find any clue - does anyone know what this could mean?
Apart from that, DNS shows no problems in the event logs and nslookup can find that linux server forward and reverse.
0
McKnife
Asked:
McKnife
  • 5
  • 4
  • 2
  • +1
1 Solution
 
JBond2010Commented:
Have a look at the look at the link below and see does this provide any help.

http://programming4.us/desktop/2642.aspx 
0
 
Firmin FrederickSenior IT ConsultantCommented:
there are two sides to this - 1. the linux server did not respond to the authoratative query as in blocked by firewall rules or ipchains, and 2. as in the example provided by JBond2010, if your domain has a higher domain suffix like .com then your linux server cannot lay claim as authoratative unless its listed in your DNS hints for example.
0
 
Firmin FrederickSenior IT ConsultantCommented:
if for example your domain is correct for private internal e.g. company.local then you can try adding the linux box to root hints (not DNS hints as i put above) and also in your DNS lookup/forwarding
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
McKnifeAuthor Commented:
Hi JBond!

Let me quote your article:
Because the server is not yet an authoritative server for the zone, the error message “The server with this IP address is not authoritative for the required zone” appears. This will be done in the next section. The error can be safely ignored. Click OK to save.

How should we do "the next section" on our linux server? [I wonder how we did that before - in my opinion, we did not have to do anything]
0
 
Chris DentPowerShell DeveloperCommented:

SOA record mismatch?

To be honest, the validation steps it attempts to force you through the GUI are a bit painful. If you are sure of your setup use DNSCMD (or something else) to create the zone the verify it transfers successfully.

Chris
0
 
McKnifeAuthor Commented:
Back to this one.
To all: nothing of our config has changed, why has this ever worked?

@chris: what valistaion steps are you talking about? I mean, this was my question: I add my second DC -> validated ok, I add the linux server ->"not authoritative". It was authoritative ever before, what could have gone wrong?
Could you give an example of dnscmd for the ip 192.168.x.x?

Pla@JBond - no comment to my followup-question?
 

0
 
Chris DentPowerShell DeveloperCommented:
The exactly validation steps are hidden from us, MS do "stuff" to see if the server you're adding meets up to their expectations. In some cases this can exceed the requirements for adding a second name server.

To add it using DNSCMD this should work:

dnscmd /RecordAdd domain.com ns2 A 192.168.x.x
dnscmd /RecordAdd domain.com @ NS ns2

Or if the Name Server record should reference a host in another zone:

dnscmd /RecordAdd domain.com @ NS ns2.otherdomain.com.

As with BIND zone files, the trailing period (.) is important.

I have a tendency to ignore GUI validation steps because I tend to know exactly what I'm doing in this context :)

Chris
0
 
McKnifeAuthor Commented:
Sorry, I am still unsure about the syntax.

The reverse lookup zone is 70.168.192-in-addr.arpa, the linux DNS server that is claimed to be non authoritative has 192.168.10.2, domain is mydomain.com

What should be the syntax, you confused me with NS2.
0
 
Chris DentPowerShell DeveloperCommented:
What's the Linux server called? How does it refer to itself in the DNS zones? I think that's the only bit I'm missing and I'll attempt to give you a better description :)

Chris
0
 
McKnifeAuthor Commented:
It's called anaconda.mydomain.de (domain is mydomain.de, not mydomain.com, sorry).
0
 
Chris DentPowerShell DeveloperCommented:
Right, so perhaps:

dnscmd /RecordAdd mydomain.de anaconda A 192.168.10.2
dnscmd /RecordAdd mydomain.de @ NS anaconda

Chris
0
 
McKnifeAuthor Commented:
-better late than never-
Thanks, it's good to know the command line once more.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now