?
Solved

Windows 2003 Server DNS Issues

Posted on 2011-10-11
5
Medium Priority
?
439 Views
Last Modified: 2012-05-12
I have two windows 2003 servers in our environment setup as DNS servers for our domain. Our website is setup externally from our network for example our domain is example.org and our website is setup as www.example.org and example.org. I have an A record setup for www.example.org, but I also have several (same as parent folder) A records setup for several servers and two 169.254.*.* ip addresses that keep adding them selves in to my DNS records. Once I remove them I am able to visit example.com or www.example.com from our internal lan and access our website, but as soon as 24hrs pass and they get added back into dns the website stops responding. How can I get these ip's to stop populating my dns records?
0
Comment
Question by:TermEcho
  • 2
  • 2
5 Comments
 
LVL 12

Expert Comment

by:serchlop
ID: 36952818
IP address for range 169.254.*.*  are called APIPA Automatic Private Internet Protocol Addressing.

I think that your DNS zone is an AD zone and it allow dinamyc updates for the zone.

If this is true, maybe a domain controller for your domain has a network adapter without fixed IP, and when it request an IP address and can not obtain it from a DHCP server, assign APIPA to this NIC. Then the other NIC that contact DNS try to register the DNS names for this domain and could be the raise of your problem. Look at the NICs for your domain controllers to check it. You can uncheck option in the NIC that generte the problem to avoid DNS registering.

If DNS is forward and not your AD zone, then you can disable dynamic updates for the zone.
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 36952837
If the 169.254.x.x records are blank records (i.e., their names are listed as "same as parent folder"), then they're being registered by a domain controller.  It is very likely you've got one or more DCs with NICs that are enabled and configured to obtain DHCP addresses but not plugged into anything.  Disable those NICs, type "ipconfig /flushdns" and "ipconfig /registerdns" on the affected DC(s), then restart the Net Logon service on those DCs.  This should remove the APIPA records.  If not, you'll have to manually delete them, but they shouldn't come back.
0
 

Author Comment

by:TermEcho
ID: 36953110
DrDave242:

   That has resolved the dns address, but I am still having problems.

     Server01.domain.org   172.16.2.2
     Server02.domain.org   172.16.2.3  Are both Domain Controllers and DNS Servers.

  In DNS I have am still getting multiple A records: (Same as parent folder)  Host (A)  172.16.2.2
                                                                                (Same as parent folder)  Host (A)  172.16.2.3
 
But I also have a standard A record for each server: Server01.domain.org Host (A)    172.16.2.2
                                                                                    Server02.domain.org Host (A)    172.16.2.3

Any idea why I keep getting these A records for 2.2 and 2.3?
I need only one (same as parent folder)  Host (A)    xxx.xxx.xxx.xxx <--- IP of Website and
                                                     www    Host (A)    xxx.xxx.xxx.xxx <--- IP of Website

This way domain computers can type in www.example.org and still resolve our website. This was working until we switched our site to a new address that resolves all www.example.org request to example.org stripping the www.

Any ideas would be a big help.

Thanks!
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 36956679
Your DCs are actually working as designed.  The host records with the actual names of the servers (Server01.domain.org and Server02.domain.org) refer to the servers themselves, of course, and the (same as parent folder) records refer to the domain.  AD requires that each DC register both host records in DNS.  This ensures that any machine that queries the domain name receives the address of a DC in that domain.

Unfortunately, you're running into one of the reasons why it's a best practice to have different internal and external domain names.  You can certainly create a www host record and give it the address of your website so that folks inside your network can get to it at www.domain.org, but if your site is stripping the www out, you're almost certainly going to have problems.  If you have (same as parent folder) records that refer to machines other than your DCs, you could see intermittent authentication issues whenever a machine in your network tries to find a DC by querying the domain name but resolves the IP address of the web server instead.
0
 

Author Closing Comment

by:TermEcho
ID: 36963276
DrDave242:

    I was able to find the DC's with the 169.* address we recently installed additional nic's for our SAN. :) I was able to get the web host to stop stripping the www and issues seemed to have been resolved. Thanks for the help!
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question