Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
DNS Forwarder resolution of local records
Hello EE Ninjas,
Primer: DNS issue. Windows mixed domain (nbsrealtors.com) with both 2003 and 2008 servers. Currently four DNS servers in three different subnets. Most recently added dns server is 2008, all others 2003.
So, I've been experiencing occasional odd little DNS issues on my network ever since starting at my company three years ago. Example, every now and then a client will not be able to resolve a server name. When that happens, a flushdns or reboot seems to correct the issue. Occasionally, it doesn't and I add the server info to the clients hosts file. These issues have been rare and never enough to warrant a deep investigation of the issue - just didn't have the time.
The issue has come to a head with the addition of a secondary dns server in our primary home office subnet. Name resolution works fine, but when adding new computers to the domain, I am receiving an RPC error. In troubleshooting this issue, I have run a DCDIAG DNSTEST and am receiving the following error info withing the results.
The origininal dns server and primary domain controller for the domain is pdxad at 10.1.1.1
The recently added 2008 dns server and secondary dc is pdxdc at 10.1.1.11
The dns forwarding servers from our ISP are 209.63.0.6 and 204.130.255.3, neither of which are pingable.
So, my questions - Is it normal for DNS to attempt to resolve records like
_kerberos._tcp.dc._msdcs.c
_ldap._tcp.corp.nbsrealtor
_kerberos._tcp.corp.nbsrea
etc.
...against the forwarding server addresses, as seems to be happening below? If this is normal, are the failures in the below report anything to be concerned about? If they are not normal, is there some way to istruct DNS to not attempt resolving these local records against those forwarding domains?
Thanks for any insight on this. Much appreciated!
Ken
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 10.1.1.1:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.1:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.1:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.1:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.gc._
Warning:
Missing CNAME record at DNS server 204.130.255.3:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing CNAME record at DNS server 209.63.0.6:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Matching CNAME record found at DNS server 10.1.1.11:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.11:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.11:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.11:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.gc._
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 209.63.0.6 (<name unavailable>)
6 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 204.130.255.3 (<name unavailable>)
4 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.1.1.1 (PDXAD)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.1.1.11 (PDXDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.2.1.1 (VANDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.3.1.1 (SEADC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
DNS server: 207.173.86.6 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: corp.nbsrealtors.com
PDXAD PASS WARN FAIL PASS PASS FAIL n/a
seadc PASS PASS PASS PASS PASS PASS n/a
vandc PASS PASS PASS PASS PASS PASS n/a
PDXDC PASS WARN FAIL PASS PASS FAIL n/a
......................... corp.nbsrealtors.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
Primer: DNS issue. Windows mixed domain (nbsrealtors.com) with both 2003 and 2008 servers. Currently four DNS servers in three different subnets. Most recently added dns server is 2008, all others 2003.
So, I've been experiencing occasional odd little DNS issues on my network ever since starting at my company three years ago. Example, every now and then a client will not be able to resolve a server name. When that happens, a flushdns or reboot seems to correct the issue. Occasionally, it doesn't and I add the server info to the clients hosts file. These issues have been rare and never enough to warrant a deep investigation of the issue - just didn't have the time.
The issue has come to a head with the addition of a secondary dns server in our primary home office subnet. Name resolution works fine, but when adding new computers to the domain, I am receiving an RPC error. In troubleshooting this issue, I have run a DCDIAG DNSTEST and am receiving the following error info withing the results.
The origininal dns server and primary domain controller for the domain is pdxad at 10.1.1.1
The recently added 2008 dns server and secondary dc is pdxdc at 10.1.1.11
The dns forwarding servers from our ISP are 209.63.0.6 and 204.130.255.3, neither of which are pingable.
So, my questions - Is it normal for DNS to attempt to resolve records like
_kerberos._tcp.dc._msdcs.c
_ldap._tcp.corp.nbsrealtor
_kerberos._tcp.corp.nbsrea
etc.
...against the forwarding server addresses, as seems to be happening below? If this is normal, are the failures in the below report anything to be concerned about? If they are not normal, is there some way to istruct DNS to not attempt resolving these local records against those forwarding domains?
Thanks for any insight on this. Much appreciated!
Ken
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 10.1.1.1:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.1:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.1:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.1:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.gc._
Warning:
Missing CNAME record at DNS server 204.130.255.3:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing CNAME record at DNS server 209.63.0.6:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Matching CNAME record found at DNS server 10.1.1.11:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.11:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.11:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.11:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.gc._
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 209.63.0.6 (<name unavailable>)
6 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 204.130.255.3 (<name unavailable>)
4 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.1.1.1 (PDXAD)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.1.1.11 (PDXDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.2.1.1 (VANDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.3.1.1 (SEADC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
DNS server: 207.173.86.6 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: corp.nbsrealtors.com
PDXAD PASS WARN FAIL PASS PASS FAIL n/a
seadc PASS PASS PASS PASS PASS PASS n/a
vandc PASS PASS PASS PASS PASS PASS n/a
PDXDC PASS WARN FAIL PASS PASS FAIL n/a
......................... corp.nbsrealtors.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
Asked:
2
2-
2
- +2
3 Solutions
LVL 11
When setting up my dns servers I never use any address except that of itself. I never add forwarders or reverse look ups. Some people do I dont. Also I just leave the root servers as is. Never have issues.
Interesting. So how do your servers & client know how to resolve DNS requests? They just request against the default root hint servers?
Root hints and forwarders are both acceptable methods of handling external DNS queries. Each has its own set of advantages and disadvantages, so in most cases it comes down to personal preference.
In your particular case, those SRV queries should never be sent outside, as all of your internal servers should be authoritative for the corp.nbsrealtors.com zone. Is the server you ran the test on only using those internal DNS servers for resolution, or are the ISP servers configured as alternates? (Ipconfig /all will show this.)
In your particular case, those SRV queries should never be sent outside, as all of your internal servers should be authoritative for the corp.nbsrealtors.com zone. Is the server you ran the test on only using those internal DNS servers for resolution, or are the ISP servers configured as alternates? (Ipconfig /all will show this.)
I'm in agreement with BillBondo - I do not generally use forwarders either. I've had too many instances where DNS issues cropped up and were actually caused by misbehaving DNS forwarders. What happens when you remove the forwarders is simply that your DNS servers will query the root servers directly, instead of the forwarders, for the correct NS servers for the particular domain you're querying, and then will go to those NS servers to find the domain host IP addresses that it needs.
If you want to stop using forwarders, all you need to do is make sure that the root hints tab shows the list of root servers and IP addresses, and remove the forwarders from your DNS servers. In particular, on your 2008 DNS server, you need to double-check the settings to make sure that it will look at the root hints instead of forwarders, and has a list of root servers, as this is not set up automatically all the time as it is on 2003 DNS servers.
If you want to stop using forwarders, all you need to do is make sure that the root hints tab shows the list of root servers and IP addresses, and remove the forwarders from your DNS servers. In particular, on your 2008 DNS server, you need to double-check the settings to make sure that it will look at the root hints instead of forwarders, and has a list of root servers, as this is not set up automatically all the time as it is on 2003 DNS servers.
If local entries are not found, forwarder is always query. This is to ensure you can always resolve system you do know now before hand.
What's the primary DNS entry for those DNS servers?
What's the primary DNS entry for those DNS servers?
If local entries are not found, forwarder is always query. This is to ensure you can always resolve system you do know now before hand.That's not correct. A DNS server will never forward queries for anything in a zone that it's authoritative for (a zone that's actually present on that server, in other words). If it doesn't find a record matching the query, it will simply send an authoritative negative response.
For example, assume your DNS server hosts the mydomain.local forward lookup zone and you query for the address of win7client.mydomain.local.
Dr.Dave is correct, for zones it has Auth. it will send "unknown host" and ends the query.
I was implying external known root domains.
I was implying external known root domains.
Maybe I'm misreading the results of the test, but it sure looks like it's trying to resolve a local root domain name against an external forwarder, based on the results above, doesn't it?
Regardless, I have removed the forwarding addresses, making sure all dns servers have the appropriate root hints in place, and everything seems to be running smoothly. I re-ran the dcdiag and it's not failing the forwarding part of the test.
Oh, and I did discover that the adapters for each dc also had the dns resolver addresses added in the adapter dns settings, so I dumped those as well.
So I guess that's that issue. This is just part of a larger RPC issue, but I'm still cracking away at that one, and if I cannot resolve it (heh, no pun intended), then you can anticipate another post shortly.
Thanks a ton for the responses folks, and have a great holiday!
KM
Regardless, I have removed the forwarding addresses, making sure all dns servers have the appropriate root hints in place, and everything seems to be running smoothly. I re-ran the dcdiag and it's not failing the forwarding part of the test.
Oh, and I did discover that the adapters for each dc also had the dns resolver addresses added in the adapter dns settings, so I dumped those as well.
So I guess that's that issue. This is just part of a larger RPC issue, but I'm still cracking away at that one, and if I cannot resolve it (heh, no pun intended), then you can anticipate another post shortly.
Thanks a ton for the responses folks, and have a great holiday!
KM
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now