DNS not resolving

We have several different locations and each location has a server and it's own domain. They're all connected via a WAN. Each location's DNS is set as secondary at the central location. Sometimes I can ping other systems by name and sometimes not. It seems that over time the issue has gotten worse. I can not ping systems by name at all (if it's off site from where I am) UNLESS I run ipconfig /renew a couple times. I've looked at some DNS settings but I don't know what to change.
Who is Participating?
it_saigeConnect With a Mentor DeveloperCommented:
You want all of your DNS servers to replicate to each other.  The only reason you would not want this is if you have the possibility of cross-site ip conflicts.  It sounds as if you should not have a problem with cross-site ip conflicts.  The DNS servers themselves can be configured as the primary DNS of their respective local site clients with one server in the central office designated as the secondary DNS server.

Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
Please consider setting up Conditional forwarders or replicate stub zones for those domains to be able to ping hosts by names in other domains.

DNS Conditional Forwarders

Stub zone

Could you please provide the NSLOOKUP output for a name that you can't ping?


nslookup myhost.mydomain.com

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

cpeeleAuthor Commented:
Following your tip, I added some of my domains as conditional forwards at the central location DNS server. Does not seem to help. Also most of my servers are 2003 but my 2008 servers... I cannot ping them at all. Here is output from one of those:

C:\Windows\System32>nslookup st11svr1.valdosta1.local
Server:  UnKnown

Name:    st11svr1.valdosta1.local
C:\Windows\System32>ping st11svr1.valdosta1.local
Ping request could not find host st11svr1.valdosta1.local. Please check the name
 and try again.
This one is on a 2003 domain:
C:\Windows\System32>nslookup hc06.lumberton1.local
Server:  UnKnown

Name:    hc06.lumberton1.local
Looks as if you have a problem with your reverse DNS lookup.

When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses.  Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.

If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.  On Windows Vista/2008, it then says "Default Server: UnKnown".  On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".

This does NOT indicate a problem with the actual domain name that you are trying to look up.  It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.

To fix this you need to properly configure the reverse zone for the IP address of the DNS server, and make sure that the reverse zone is properly delegated to the server by your IP provider.



Krzysztof PytkoSenior Active Directory EngineerCommented:
Ok, please run these command on a DC in command-line and attach them here.

Dcdiag /e /c /v >c:\dcdiag.log
Repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
ipconfig /all of each DC to show us IP and DNS configuration of your DCs
And the last one
Dnscmd /EnumerateZones
On 2003 you need to install support tools from server CD to be able to use that command, on 2008 with DNS role installed, it's available by default

Thank you in advance for those logs

cpeeleAuthor Commented:
Thanks, I'll see if I can get that info
cpeeleAuthor Commented:
Here are the files requested
Krzysztof PytkoSenior Active Directory EngineerCommented:
Hi, I've looked into these logs quickly because I had no time. So, I will review them more carefully tomorrow.
But what I saw for the first sight I may suggest you to fix DNS configuration on your DC/DNS servers.

I saw in DNS configuration 209.x.y.z something IP address. That looks for external DNS server. You shouldn't use in your domain environment external DNS servers. Domain environment relies only on their own internal DNS servers. So, please remove this/these external DNS servers from DC/DNS and put them into Forwarders to allow users accessing the Internet.

How to configure that, you will find at

And one more thing. I would suggest to set up on each DNS server this order of internal DNS servers:

Primary: Some other closely available DNS server
Alternate: its own fixed IP address (172.x.y.z)
Tertiary: (loopback interface)

I hope it would solve your problem. If not, we will back tomorrow to it :)

cpeeleAuthor Commented:
Thanks. I have made the changes to the DNS listing as suggested. Same problem so far.
cpeeleAuthor Commented:
Chris DentConnect With a Mentor PowerShell DeveloperCommented:
There are a few things that must be addressed according to your logs. Given the number of forests / domains you seem to have, I'm going to need a lot more information. Once name resolution has been fixed and is reliable the health of each of your domains should be checked (dcdiag, repadmin and event logs).


Is this accurate?

         Server DDOFFICE resolved to this IP address, 
         but the address couldn't be reached(pinged), so check the network.  

Open in new window

The next is concerning, the last successful replication attempt is years ago. Has this DC been shut down? If it has, you need to clean it up: http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx

If not... well something has to give, let us know and we'll come back to it.

         [Replications Check,DDDOM1] A recent replication attempt failed:
            From DDOFFICE to DDDOM1
            Naming Context: DC=dd,DC=local
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2011-12-15 10:50.29.
            The last success occurred at 2010-08-17 09:56.40.
            11635 failures have occurred since the last success.

Open in new window


Why is this DC using as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?


Why is this DC using as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?


Why is this DC using as a DNS server? All internal systems must use servers capable of resolving internal names for reliable operation. Is the public IP listed able to do that?


It looks like you have the following AD domains, most look to have a single DC. Please can you confirm the DCs deployed for each domain / forest?

dd.local: dddom1 ddoffice1
florence1.local: ddflorence1
greenville1.local: ddgreenville1
lumberton1.local: ddlumberton1
micro1.local: ddmicro1
micro2.local: ddmicro2
petersburg1.local: ddpetersburg1
statesboro1.local: ddstatesboro1
garner1.local: ddgarner1
tifton1.local: st3svr1
valdosta1.local: st11svr1

DNS server locations

For each domain above, please can you share:

1. Servers holding Primary, or AD Integrated, copies of the zone
2. Servers holding Secondary copies of the zone
3. Aging settings (zone properties, Aging)
4. Any Scavenging settings (server properties, Advanced)

DNS Forwarders

For each DNS server, please list:

1. Conditional Forwarders
2. Forwarders


cpeeleAuthor Commented:
Chris - Thank you so much for the reply. I am not ignoring you, I just need a little more time to go through your post and answer your questions. thanks!
Chris DentPowerShell DeveloperCommented:
No problem, take as much as you need.

cpeeleAuthor Commented:
Thanks guys. Since I simply have no time to work on this right now and I have left it open long enough, I will now close it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.