cpeele
asked on
DNS not resolving
We have several different locations and each location has a server and it's own domain. They're all connected via a WAN. Each location's DNS is set as secondary at the central location. Sometimes I can ping other systems by name and sometimes not. It seems that over time the issue has gotten worse. I can not ping systems by name at all (if it's off site from where I am) UNLESS I run ipconfig /renew a couple times. I've looked at some DNS settings but I don't know what to change.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Following your tip, I added some of my domains as conditional forwards at the central location DNS server. Does not seem to help. Also most of my servers are 2003 but my 2008 servers... I cannot ping them at all. Here is output from one of those:
C:\Windows\System32>nslook
Server: UnKnown
Address: 172.23.100.221
Name: st11svr1.valdosta1.local
Address: 172.23.111.5
------------------------
C:\Windows\System32>ping st11svr1.valdosta1.local
Ping request could not find host st11svr1.valdosta1.local. Please check the name
and try again.
--------------------
This one is on a 2003 domain:
-------------------
C:\Windows\System32>nslook
Server: UnKnown
Address: 172.23.100.221
Name: hc06.lumberton1.local
Address: 172.23.106.133
C:\Windows\System32>nslook
Server: UnKnown
Address: 172.23.100.221
Name: st11svr1.valdosta1.local
Address: 172.23.111.5
------------------------
C:\Windows\System32>ping st11svr1.valdosta1.local
Ping request could not find host st11svr1.valdosta1.local. Please check the name
and try again.
--------------------
This one is on a 2003 domain:
-------------------
C:\Windows\System32>nslook
Server: UnKnown
Address: 172.23.100.221
Name: hc06.lumberton1.local
Address: 172.23.106.133
Looks as if you have a problem with your reverse DNS lookup.
When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses. Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.
If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address. On Windows Vista/2008, it then says "Default Server: UnKnown". On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".
This does NOT indicate a problem with the actual domain name that you are trying to look up. It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.
To fix this you need to properly configure the reverse zone for the IP address of the DNS server, and make sure that the reverse zone is properly delegated to the server by your IP provider.
http://support.microsoft.com/kb/164213
http://support.microsoft.com/kb/323445
HTH,
-saige-
When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses. Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.
If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address. On Windows Vista/2008, it then says "Default Server: UnKnown". On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".
This does NOT indicate a problem with the actual domain name that you are trying to look up. It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.
To fix this you need to properly configure the reverse zone for the IP address of the DNS server, and make sure that the reverse zone is properly delegated to the server by your IP provider.
http://support.microsoft.com/kb/164213
http://support.microsoft.com/kb/323445
HTH,
-saige-
Ok, please run these command on a DC in command-line and attach them here.
Dcdiag /e /c /v >c:\dcdiag.log
Repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
ipconfig /all of each DC to show us IP and DNS configuration of your DCs
And the last one
Dnscmd /EnumerateZones
On 2003 you need to install support tools from server CD to be able to use that command, on 2008 with DNS role installed, it's available by default
Thank you in advance for those logs
Krzysztof
Dcdiag /e /c /v >c:\dcdiag.log
Repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
ipconfig /all of each DC to show us IP and DNS configuration of your DCs
And the last one
Dnscmd /EnumerateZones
On 2003 you need to install support tools from server CD to be able to use that command, on 2008 with DNS role installed, it's available by default
Thank you in advance for those logs
Krzysztof
ASKER
Thanks, I'll see if I can get that info
ASKER
Here are the files requested
logs.zip
logs.zip
Hi, I've looked into these logs quickly because I had no time. So, I will review them more carefully tomorrow.
But what I saw for the first sight I may suggest you to fix DNS configuration on your DC/DNS servers.
I saw in DNS configuration 209.x.y.z something IP address. That looks for external DNS server. You shouldn't use in your domain environment external DNS servers. Domain environment relies only on their own internal DNS servers. So, please remove this/these external DNS servers from DC/DNS and put them into Forwarders to allow users accessing the Internet.
How to configure that, you will find at
http://support.microsoft.com/kb/323380
And one more thing. I would suggest to set up on each DNS server this order of internal DNS servers:
Primary: Some other closely available DNS server
Alternate: its own fixed IP address (172.x.y.z)
Tertiary: 127.0.0.1 (loopback interface)
I hope it would solve your problem. If not, we will back tomorrow to it :)
Krzysztof
But what I saw for the first sight I may suggest you to fix DNS configuration on your DC/DNS servers.
I saw in DNS configuration 209.x.y.z something IP address. That looks for external DNS server. You shouldn't use in your domain environment external DNS servers. Domain environment relies only on their own internal DNS servers. So, please remove this/these external DNS servers from DC/DNS and put them into Forwarders to allow users accessing the Internet.
How to configure that, you will find at
http://support.microsoft.com/kb/323380
And one more thing. I would suggest to set up on each DNS server this order of internal DNS servers:
Primary: Some other closely available DNS server
Alternate: its own fixed IP address (172.x.y.z)
Tertiary: 127.0.0.1 (loopback interface)
I hope it would solve your problem. If not, we will back tomorrow to it :)
Krzysztof
ASKER
Thanks. I have made the changes to the DNS listing as suggested. Same problem so far.
ASKER
bump
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Chris - Thank you so much for the reply. I am not ignoring you, I just need a little more time to go through your post and answer your questions. thanks!
No problem, take as much as you need.
Chris
Chris
ASKER
Thanks guys. Since I simply have no time to work on this right now and I have left it open long enough, I will now close it.
eg:
nslookup myhost.mydomain.com