[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 20211
  • Last Modified:

How to rebuild DNS on Active Directory Windows Server 2008 R2

Hello Experts - I am having major problems with DNS in my domain.  Here's the situation:

First, if you want a little history - see the below issue, in which I have been successful in seizing the roles on my current DC since my previous DC died.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_27871018.html

However, when I am trying to bring a 2nd DC online, it is unable to find the PDC.

Here the main problem:

When I ping "hostname", it resolves, but when I ping "hostname.domainname.local" it doesn't resolve.  How can I rebuild the DNS on my PDC the way it's supposed to be?  Is there some sort of command line tool I can run?

Thanks in advance for any help to help me rebuild DNS on my PDC Windows Server 2008 RS installation!

EDIT:  As a followup since I posted - on my 2nd DC which I am trying to introduce into the domain (as a 2nd DC), I added a "hostname.domain.local" (with corresponding IP address) into the "hosts" file in /windows/system32/drivers/etc and now things are coming alive on the 2nd DC.  But... I know this shouldn't be how it is.  Again - looking for a way to auto fix the DNS on my PDC.  Thanks!
0
dstjohnjr
Asked:
dstjohnjr
  • 5
  • 4
4 Solutions
 
footechCommented:
Does the "hostname.domainname.local" A record exist in the "domainname.local" Forward Lookup Zone in your DNS?  This should be added automatically, but if it isn't there, just do it manually.

Your second DC (that you're trying to make a DC) should point to the other DC in the TCP/IP properties > DNS setting.

Run "dcdiag /test:dns" on your DC that is working.  Make sure there are no issues.

Restarting the Netlogon service should recreate any DNS service records (SRV) for the DC that aren't present in the _msdcs zone (_msdcs could either be a zone or a subdomain, let me know which you have just so I can use the correct terminology for your situation).
net stop netlogon
net start netlogon
0
 
dstjohnjrAuthor Commented:
Yes, the A record exists, which is why I am baffled why all the workstations in the domain can't ping it, including the 2nd DC.  I'll run through the rest of your exercises now and keep this thread posted.  Thanks!
0
 
footechCommented:
Are they only pointing at the DC for their DNS?

Another test you can try is to use nslookup.  Nslookup will tell you which server it is using, and only does DNS tests, it doesn't use NETBIOS or HOSTS files.
nslookup dcname
  -domain name should be appended and return correct value.
nslookup dcname.domainname.local
  -should return the same info, but is more specific in case the domain name isn't being appended as it should.

If neither work, might need to check that the firewall on your DC isn't blocking DNS traffic.

BTW, you can also try dcdiag /fix for a quick repair if any issues are found.  Also dcdiag should be run on any DCs after they are promoted to make sure things are working correctly.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
dstjohnjrAuthor Commented:
Yes, all workstations are pointing at the same IP address (the current PDC) for their DNS.

Things seem to be getting better (not sure if these things just take time propagating, even internally), but I can now ping hostname.domainname.local from workstations.  Not sure if the entry into the hosts file (/windows/system32/drivers/etc) had any bearing, but I'm running through some of your other suggested tests now as well to see what gives.  Ideally, I'd like to alleviate the hosts entry altogether.  I'll start doing these tests on my 2nd DC as that is where the issues had the most adverse affect.

Thanks so much for your help and direction!
0
 
dstjohnjrAuthor Commented:
Ok, strange.  Running nslookup on the hostname and hostname.domainname.local on my 2nd DS is now returning what I expect.  Guess next step is to remove the entry from my hosts file and see how it goes. :)  Getting closer!
0
 
footechCommented:
The entry in the HOSTS file would not have had any bearing on any other workstations or on nslookup results.  But I'm glad that things are improving.

DCDiag tests should first be done on the functional DC.  You may want to include the /v switch for more detail when running it.  Once/If things are clean you can dcpromo the next DC.  After waiting some time (I'd say at least a half-hour), you can run DCDiag on both DCs to check that all is working along with replication.
0
 
dstjohnjrAuthor Commented:
All is well!  All tests are coming back positive.  I think some of this was just being patient but I did run quite a few of your commands as well.  Thanks for your help!
0
 
dstjohnjrAuthor Commented:
Thanks again for your assistance in resolving my issue!
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now