?
Solved

DNS not resolving

Posted on 2011-09-23
17
Medium Priority
?
236 Views
Last Modified: 2013-11-26
We have several different locations and each location has a server and it's own domain. They're all connected via a WAN. Each location's DNS is set as secondary at the central location. Sometimes I can ping other systems by name and sometimes not. It seems that over time the issue has gotten worse. I can not ping systems by name at all (if it's off site from where I am) UNLESS I run ipconfig /renew a couple times. I've looked at some DNS settings but I don't know what to change.
0
Comment
Question by:cpeele
  • 7
  • 3
  • 2
  • +2
15 Comments
 
LVL 35

Accepted Solution

by:
it_saige earned 668 total points
ID: 36589471
You want all of your DNS servers to replicate to each other.  The only reason you would not want this is if you have the possibility of cross-site ip conflicts.  It sounds as if you should not have a problem with cross-site ip conflicts.  The DNS servers themselves can be configured as the primary DNS of their respective local site clients with one server in the central office designated as the secondary DNS server.

-saige-
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 668 total points
ID: 36589549
Please consider setting up Conditional forwarders or replicate stub zones for those domains to be able to ping hosts by names in other domains.

DNS Conditional Forwarders
http://msmvps.com/blogs/ad/archive/2008/09/05/how-to-configure-conditional-forwarders-in-windows-server-2008.aspx
http://support.microsoft.com/kb/304491

Stub zone
http://technet.microsoft.com/en-us/library/cc775656%28WS.10%29.aspx
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

Regards,
Krzysztof
0
 
LVL 9

Expert Comment

by:Bill_Fleury
ID: 36589572
Could you please provide the NSLOOKUP output for a name that you can't ping?

eg:

nslookup myhost.mydomain.com

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:cpeele
ID: 36589709
Following your tip, I added some of my domains as conditional forwards at the central location DNS server. Does not seem to help. Also most of my servers are 2003 but my 2008 servers... I cannot ping them at all. Here is output from one of those:

C:\Windows\System32>nslookup st11svr1.valdosta1.local
Server:  UnKnown
Address:  172.23.100.221

Name:    st11svr1.valdosta1.local
Address:  172.23.111.5
------------------------
C:\Windows\System32>ping st11svr1.valdosta1.local
Ping request could not find host st11svr1.valdosta1.local. Please check the name
 and try again.
--------------------
This one is on a 2003 domain:
-------------------
C:\Windows\System32>nslookup hc06.lumberton1.local
Server:  UnKnown
Address:  172.23.100.221

Name:    hc06.lumberton1.local
Address:  172.23.106.133
0
 
LVL 35

Expert Comment

by:it_saige
ID: 36590011
Looks as if you have a problem with your reverse DNS lookup.

When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses.  Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.

If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.  On Windows Vista/2008, it then says "Default Server: UnKnown".  On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".

This does NOT indicate a problem with the actual domain name that you are trying to look up.  It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.

To fix this you need to properly configure the reverse zone for the IP address of the DNS server, and make sure that the reverse zone is properly delegated to the server by your IP provider.

http://support.microsoft.com/kb/164213
http://support.microsoft.com/kb/323445

HTH,

-saige-
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36591894
Ok, please run these command on a DC in command-line and attach them here.

Dcdiag /e /c /v >c:\dcdiag.log
Repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
ipconfig /all of each DC to show us IP and DNS configuration of your DCs
And the last one
Dnscmd /EnumerateZones
On 2003 you need to install support tools from server CD to be able to use that command, on 2008 with DNS role installed, it's available by default

Thank you in advance for those logs

Krzysztof
0
 

Author Comment

by:cpeele
ID: 36711947
Thanks, I'll see if I can get that info
0
 

Author Comment

by:cpeele
ID: 37292760
Here are the files requested
logs.zip
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 37293538
Hi, I've looked into these logs quickly because I had no time. So, I will review them more carefully tomorrow.
But what I saw for the first sight I may suggest you to fix DNS configuration on your DC/DNS servers.

I saw in DNS configuration 209.x.y.z something IP address. That looks for external DNS server. You shouldn't use in your domain environment external DNS servers. Domain environment relies only on their own internal DNS servers. So, please remove this/these external DNS servers from DC/DNS and put them into Forwarders to allow users accessing the Internet.

How to configure that, you will find at
http://support.microsoft.com/kb/323380

And one more thing. I would suggest to set up on each DNS server this order of internal DNS servers:

Primary: Some other closely available DNS server
Alternate: its own fixed IP address (172.x.y.z)
Tertiary: 127.0.0.1 (loopback interface)

I hope it would solve your problem. If not, we will back tomorrow to it :)

Krzysztof
0
 

Author Comment

by:cpeele
ID: 37297812
Thanks. I have made the changes to the DNS listing as suggested. Same problem so far.
0
 

Author Comment

by:cpeele
ID: 38702922
bump
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 664 total points
ID: 39111140
There are a few things that must be addressed according to your logs. Given the number of forests / domains you seem to have, I'm going to need a lot more information. Once name resolution has been fixed and is reliable the health of each of your domains should be checked (dcdiag, repadmin and event logs).

dcdiag.log


Is this accurate?

         Server DDOFFICE resolved to this IP address 172.23.100.250, 
         but the address couldn't be reached(pinged), so check the network.  

Open in new window


The next is concerning, the last successful replication attempt is years ago. Has this DC been shut down? If it has, you need to clean it up: http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx

If not... well something has to give, let us know and we'll come back to it.

         [Replications Check,DDDOM1] A recent replication attempt failed:
            From DDOFFICE to DDDOM1
            Naming Context: DC=dd,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2011-12-15 10:50.29.
            The last success occurred at 2010-08-17 09:56.40.
            11635 failures have occurred since the last success.

Open in new window


ddgreenville1.log


Why is this DC using 207.69.188.171 as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?

ddmicro1.log


Why is this DC using 207.69.188.171 as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?

garner1.log


Why is this DC using 207.69.188.171 as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?

Domains


It looks like you have the following AD domains, most look to have a single DC. Please can you confirm the DCs deployed for each domain / forest?

dd.local: dddom1 ddoffice1
florence1.local: ddflorence1
greenville1.local: ddgreenville1
lumberton1.local: ddlumberton1
micro1.local: ddmicro1
micro2.local: ddmicro2
petersburg1.local: ddpetersburg1
statesboro1.local: ddstatesboro1
garner1.local: ddgarner1
tifton1.local: st3svr1
valdosta1.local: st11svr1

DNS server locations


For each domain above, please can you share:

1. Servers holding Primary, or AD Integrated, copies of the zone
2. Servers holding Secondary copies of the zone
3. Aging settings (zone properties, Aging)
4. Any Scavenging settings (server properties, Advanced)

DNS Forwarders


For each DNS server, please list:

1. Conditional Forwarders
2. Forwarders

Cheers,

Chris
0
 

Author Comment

by:cpeele
ID: 39124140
Chris - Thank you so much for the reply. I am not ignoring you, I just need a little more time to go through your post and answer your questions. thanks!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 39124404
No problem, take as much as you need.

Chris
0
 

Author Closing Comment

by:cpeele
ID: 39677780
Thanks guys. Since I simply have no time to work on this right now and I have left it open long enough, I will now close it.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Suggested Courses

750 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question