AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of Ken Moody
Ken Moody
Flag for United States of America asked on

DNS Forwarder resolution of local records

Hello EE Ninjas,

Primer: DNS issue. Windows mixed domain (nbsrealtors.com) with both 2003 and 2008 servers. Currently four DNS servers in three different subnets. Most recently added dns server is 2008, all others 2003.  

So, I've been experiencing occasional odd little DNS issues on my network ever since starting at my company three years ago.  Example, every now and then a client will not be able to resolve a server name.  When that happens, a flushdns or reboot seems to correct the issue.  Occasionally, it doesn't and I add the server info to the clients hosts file. These issues have been rare and never enough to warrant a deep investigation of the issue - just didn't have the time.

The issue has come to a head with the addition of a secondary dns server in our primary home office subnet.  Name resolution works fine, but when adding new computers to the domain, I am receiving an RPC error.  In troubleshooting this issue, I have run a DCDIAG DNSTEST and am receiving the following error info withing the results.

The origininal dns server and primary domain controller for the domain is pdxad at 10.1.1.1

The recently added 2008 dns server and secondary dc is pdxdc at 10.1.1.11

The dns forwarding servers from our ISP are 209.63.0.6 and 204.130.255.3, neither of which are pingable.

So, my questions -  Is it normal for DNS to attempt to resolve records like

_kerberos._tcp.dc._msdcs.corp.nbsrealtors.com
_ldap._tcp.corp.nbsrealtors.com
_kerberos._tcp.corp.nbsrealtors.com
etc.

...against the forwarding server addresses, as seems to be happening below?  If this is normal, are the failures in the below report anything to be concerned about?  If they are not normal, is there some way to istruct DNS to not attempt resolving these local records against those forwarding domains?



Thanks for any insight on this.  Much appreciated!

Ken



               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Intel(R) PRO/1000 MT Network Connection:

                     Matching CNAME record found at DNS server 10.1.1.1:
                     17f447cc-5493-47a9-81fa-c99bdb692849._msdcs.corp.nbsrealtors.com

                     Matching A record found at DNS server 10.1.1.1:
                     PDXDC.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.4dfb845e-dc87-43c6-91c9-60c68be19c3f.domains._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kerberos._tcp.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kerberos._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kerberos._udp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kpasswd._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kerberos._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _kerberos._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.gc._msdcs.corp.nbsrealtors.com

                     Matching A record found at DNS server 10.1.1.1:
                     gc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _gc._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.1:
                     _ldap._tcp.PDX._sites.gc._msdcs.corp.nbsrealtors.com

                     Warning:
                     Missing CNAME record at DNS server 204.130.255.3:
                     17f447cc-5493-47a9-81fa-c99bdb692849._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 204.130.255.3:
                     PDXDC.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.4dfb845e-dc87-43c6-91c9-60c68be19c3f.domains._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kerberos._tcp.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kerberos._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kerberos._udp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kpasswd._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kerberos._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _kerberos._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 204.130.255.3:
                     gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _gc._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 204.130.255.3:
                     _ldap._tcp.PDX._sites.gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing CNAME record at DNS server 209.63.0.6:
                     17f447cc-5493-47a9-81fa-c99bdb692849._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 209.63.0.6:
                     PDXDC.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.4dfb845e-dc87-43c6-91c9-60c68be19c3f.domains._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kerberos._tcp.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kerberos._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kerberos._udp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kpasswd._tcp.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kerberos._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _kerberos._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Warning:
                     Missing A record at DNS server 209.63.0.6:
                     gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _gc._tcp.PDX._sites.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Error:
                     Missing SRV record at DNS server 209.63.0.6:
                     _ldap._tcp.PDX._sites.gc._msdcs.corp.nbsrealtors.com
                     [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                     
                     Matching CNAME record found at DNS server 10.1.1.11:
                     17f447cc-5493-47a9-81fa-c99bdb692849._msdcs.corp.nbsrealtors.com

                     Matching A record found at DNS server 10.1.1.11:
                     PDXDC.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.4dfb845e-dc87-43c6-91c9-60c68be19c3f.domains._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kerberos._tcp.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kerberos._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kerberos._udp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kpasswd._tcp.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kerberos._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.PDX._sites.dc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _kerberos._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.gc._msdcs.corp.nbsrealtors.com

                     Matching A record found at DNS server 10.1.1.11:
                     gc._msdcs.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _gc._tcp.PDX._sites.corp.nbsrealtors.com

                     Matching  SRV record found at DNS server 10.1.1.11:
                     _ldap._tcp.PDX._sites.gc._msdcs.corp.nbsrealtors.com

               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 209.63.0.6 (<name unavailable>)

               6 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.corp.nbsrealtors.com. failed on the DNS server 209.63.0.6
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 204.130.255.3 (<name unavailable>)

               4 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.corp.nbsrealtors.com. failed on the DNS server 204.130.255.3
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 198.32.64.12 (l.root-servers.net.)

               2 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 10.1.1.1 (PDXAD)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 10.1.1.11 (PDXDC)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 10.2.1.1 (VANDC)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 10.3.1.1 (SEADC)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 207.173.86.6 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: corp.nbsrealtors.com

               PDXAD                        PASS WARN FAIL PASS PASS FAIL n/a  
               seadc                        PASS PASS PASS PASS PASS PASS n/a  
               vandc                        PASS PASS PASS PASS PASS PASS n/a  
               PDXDC                        PASS WARN FAIL PASS PASS FAIL n/a  
         
         ......................... corp.nbsrealtors.com failed test DNS

      Test omitted by user request: LocatorCheck

      Test omitted by user request: Intersite
DNSActive DirectoryWindows Networking
Avatar of undefined
Last Comment
Ken Moody
8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
BillBondo
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Ken Moody
ASKER
Interesting.  So how do your servers & client know how to resolve DNS requests?  They just request against the default root hint servers?
SOLUTION
DrDave242
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
SOLUTION
Hypercat (Deb)
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
âš¡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
traoher
If local entries are not found, forwarder is always query.  This is to ensure you can always resolve system you do know now before hand.

What's the primary DNS entry for those DNS servers?
DrDave242
If local entries are not found, forwarder is always query.  This is to ensure you can always resolve system you do know now before hand.
That's not correct.  A DNS server will never forward queries for anything in a zone that it's authoritative for (a zone that's actually present on that server, in other words).  If it doesn't find a record matching the query, it will simply send an authoritative negative response.

For example, assume your DNS server hosts the mydomain.local forward lookup zone and you query for the address of win7client.mydomain.local.  If there's a host record with that name on the server, it'll return that machine's IP address, but if there's no host record with that name, it'll return NXDOMAIN, which basically means, "The query was valid, but that name doesn't exist."  It won't query a forwarder or a root server, since it's authoritative for the zone.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
traoher
Dr.Dave is correct, for zones it has Auth. it will send "unknown host" and ends the query.

I was implying external known root domains.
Ken Moody
ASKER
Maybe I'm misreading the results of the test, but it sure looks like it's trying to resolve a local root domain name against an external forwarder, based on the results above, doesn't it?  

Regardless, I have removed the forwarding addresses, making sure all dns servers have the appropriate root hints in place, and everything seems to be running smoothly.  I re-ran the dcdiag and it's not failing the forwarding part of the test.

Oh, and I did discover that the adapters for each dc also had the dns resolver addresses added in the adapter dns settings, so I dumped those as well.

So I guess that's that issue.  This is just part of a larger RPC issue, but I'm still cracking away at that one, and if I cannot resolve it (heh, no pun intended), then you can anticipate another post shortly.

Thanks a ton for the responses folks, and have a great holiday!

KM
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent