Link to home
Create AccountLog in
Avatar of CHI-LTD
CHI-LTDFlag for United Kingdom of Great Britain and Northern Ireland

asked on

DNS Query

Hi

We seem to of had some issues resolving external names yesterday (while i was out) and users in an external office we unable to browse the internet.
I was told that dns was failing for external lookups, and by adding a forwarder it worked fine.
We have 3 sites: 2x DCs/DNS @ HQ, 2x DNS/DC's ata 2nd site, remote machines at site 3.  Site 3 was flagging the issues.
All 3x sites connect via vpn.

We have also shutdown 2x DC's/DNS/Exchange servers a few days ago to see if we have missed anything on exchange migration.  Could this be causing the dns issues (we haven't removed any services/roles yet).

Powering up the 2x offline dc's fixed the issues, i can do nslookups etc from site 3.
But running an nslookup (when pointing clients @ site 3 to site 2) we get DNS request timed out.

Running a BPA on the 2008 DC's (new servers) i get the following (attached).

So my questions are:

1. Is the 2003 DNS/DC's at fault here (when offline)?
2. Do we need external DNS entries added to DNS or should the firewalls handle this?
3. What are forwarders and root links for?
Avatar of CHI-LTD
CHI-LTD
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Attachment to follow...
SOLUTION
Avatar of Nagendra Pratap Singh
Nagendra Pratap Singh
Flag of Australia image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

Not as yet, they are 2003 dc's with dns and exchange, but were just shutdown for a day or so...
They will be decom'd tho
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

Yes, external nslookups fine today.
They weren't yesterday (apparently), but after we had change the DNS ip's on the firewall @ site3...

My other concern is regards the 2nd error on the list which says: The active directory integrated DNS zone _msdcs.domain.local was not found...

Is it a BP to add your ISP's DNS servers as forwarders on all DC's?
Just found an old DNS server ip (old ISP) on one of the servers at site 1.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

Will give it a go.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

on our main DC we have _msdcs folder...
but the error still exists...
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

there sure is lots of folders there.
dcdiag is fine also...
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

But why would it be flagging this if the folder is visible on all DNS servers?
Do you get the same results from the BPA on all servers, or does only one give the error?
Avatar of CHI-LTD

ASKER

OK it looks like a combination of things:

1. A machine was picking up an old proxy server GPO settings.
2. The 2003 DNS server was online/offline for a period of time.
3. Site 3 firewall was pointing to old DNS servers @ HQ.

However, i am still getting the zone_msdcs.domain.local issue and the DNS server loopback ip to be added to the NIC..... in the BPA.

A dcdiag on the Ops Master shows:

FrsEvent: There are errors with the SYSVOL.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of CHI-LTD

ASKER

another dcdiag shows fine now...