Windows 2003 Server DNS Issues

Posted on 2011-10-11
Last Modified: 2012-05-12
I have two windows 2003 servers in our environment setup as DNS servers for our domain. Our website is setup externally from our network for example our domain is and our website is setup as and I have an A record setup for, but I also have several (same as parent folder) A records setup for several servers and two 169.254.*.* ip addresses that keep adding them selves in to my DNS records. Once I remove them I am able to visit or from our internal lan and access our website, but as soon as 24hrs pass and they get added back into dns the website stops responding. How can I get these ip's to stop populating my dns records?
Question by:TermEcho
    LVL 12

    Expert Comment

    IP address for range 169.254.*.*  are called APIPA Automatic Private Internet Protocol Addressing.

    I think that your DNS zone is an AD zone and it allow dinamyc updates for the zone.

    If this is true, maybe a domain controller for your domain has a network adapter without fixed IP, and when it request an IP address and can not obtain it from a DHCP server, assign APIPA to this NIC. Then the other NIC that contact DNS try to register the DNS names for this domain and could be the raise of your problem. Look at the NICs for your domain controllers to check it. You can uncheck option in the NIC that generte the problem to avoid DNS registering.

    If DNS is forward and not your AD zone, then you can disable dynamic updates for the zone.
    LVL 25

    Expert Comment

    If the 169.254.x.x records are blank records (i.e., their names are listed as "same as parent folder"), then they're being registered by a domain controller.  It is very likely you've got one or more DCs with NICs that are enabled and configured to obtain DHCP addresses but not plugged into anything.  Disable those NICs, type "ipconfig /flushdns" and "ipconfig /registerdns" on the affected DC(s), then restart the Net Logon service on those DCs.  This should remove the APIPA records.  If not, you'll have to manually delete them, but they shouldn't come back.

    Author Comment


       That has resolved the dns address, but I am still having problems.  Are both Domain Controllers and DNS Servers.

      In DNS I have am still getting multiple A records: (Same as parent folder)  Host (A)
                                                                                    (Same as parent folder)  Host (A)
    But I also have a standard A record for each server: Host (A)
                                                                               Host (A)

    Any idea why I keep getting these A records for 2.2 and 2.3?
    I need only one (same as parent folder)  Host (A) <--- IP of Website and
                                                         www    Host (A) <--- IP of Website

    This way domain computers can type in and still resolve our website. This was working until we switched our site to a new address that resolves all request to stripping the www.

    Any ideas would be a big help.

    LVL 25

    Accepted Solution

    Your DCs are actually working as designed.  The host records with the actual names of the servers ( and refer to the servers themselves, of course, and the (same as parent folder) records refer to the domain.  AD requires that each DC register both host records in DNS.  This ensures that any machine that queries the domain name receives the address of a DC in that domain.

    Unfortunately, you're running into one of the reasons why it's a best practice to have different internal and external domain names.  You can certainly create a www host record and give it the address of your website so that folks inside your network can get to it at, but if your site is stripping the www out, you're almost certainly going to have problems.  If you have (same as parent folder) records that refer to machines other than your DCs, you could see intermittent authentication issues whenever a machine in your network tries to find a DC by querying the domain name but resolves the IP address of the web server instead.

    Author Closing Comment


        I was able to find the DC's with the 169.* address we recently installed additional nic's for our SAN. :) I was able to get the web host to stop stripping the www and issues seemed to have been resolved. Thanks for the help!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
    I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now