Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
DNS Forwarder resolution of local records
Posted on 2012-12-20
Hello EE Ninjas,
Primer: DNS issue. Windows mixed domain (nbsrealtors.com) with both 2003 and 2008 servers. Currently four DNS servers in three different subnets. Most recently added dns server is 2008, all others 2003.
So, I've been experiencing occasional odd little DNS issues on my network ever since starting at my company three years ago. Example, every now and then a client will not be able to resolve a server name. When that happens, a flushdns or reboot seems to correct the issue. Occasionally, it doesn't and I add the server info to the clients hosts file. These issues have been rare and never enough to warrant a deep investigation of the issue - just didn't have the time.
The issue has come to a head with the addition of a secondary dns server in our primary home office subnet. Name resolution works fine, but when adding new computers to the domain, I am receiving an RPC error. In troubleshooting this issue, I have run a DCDIAG DNSTEST and am receiving the following error info withing the results.
The origininal dns server and primary domain controller for the domain is pdxad at 10.1.1.1
The recently added 2008 dns server and secondary dc is pdxdc at 10.1.1.11
The dns forwarding servers from our ISP are 209.63.0.6 and 204.130.255.3, neither of which are pingable.
So, my questions - Is it normal for DNS to attempt to resolve records like
_kerberos._tcp.dc._msdcs.c
_ldap._tcp.corp.nbsrealtor
_kerberos._tcp.corp.nbsrea
etc.
...against the forwarding server addresses, as seems to be happening below? If this is normal, are the failures in the below report anything to be concerned about? If they are not normal, is there some way to istruct DNS to not attempt resolving these local records against those forwarding domains?
Thanks for any insight on this. Much appreciated!
Ken
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 10.1.1.1:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.1:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.1:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.1:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.gc._
Warning:
Missing CNAME record at DNS server 204.130.255.3:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing CNAME record at DNS server 209.63.0.6:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Matching CNAME record found at DNS server 10.1.1.11:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.11:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.11:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.11:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.gc._
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 209.63.0.6 (<name unavailable>)
6 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 204.130.255.3 (<name unavailable>)
4 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.1.1.1 (PDXAD)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.1.1.11 (PDXDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.2.1.1 (VANDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.3.1.1 (SEADC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
DNS server: 207.173.86.6 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: corp.nbsrealtors.com
PDXAD PASS WARN FAIL PASS PASS FAIL n/a
seadc PASS PASS PASS PASS PASS PASS n/a
vandc PASS PASS PASS PASS PASS PASS n/a
PDXDC PASS WARN FAIL PASS PASS FAIL n/a
......................... corp.nbsrealtors.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
Primer: DNS issue. Windows mixed domain (nbsrealtors.com) with both 2003 and 2008 servers. Currently four DNS servers in three different subnets. Most recently added dns server is 2008, all others 2003.
So, I've been experiencing occasional odd little DNS issues on my network ever since starting at my company three years ago. Example, every now and then a client will not be able to resolve a server name. When that happens, a flushdns or reboot seems to correct the issue. Occasionally, it doesn't and I add the server info to the clients hosts file. These issues have been rare and never enough to warrant a deep investigation of the issue - just didn't have the time.
The issue has come to a head with the addition of a secondary dns server in our primary home office subnet. Name resolution works fine, but when adding new computers to the domain, I am receiving an RPC error. In troubleshooting this issue, I have run a DCDIAG DNSTEST and am receiving the following error info withing the results.
The origininal dns server and primary domain controller for the domain is pdxad at 10.1.1.1
The recently added 2008 dns server and secondary dc is pdxdc at 10.1.1.11
The dns forwarding servers from our ISP are 209.63.0.6 and 204.130.255.3, neither of which are pingable.
So, my questions - Is it normal for DNS to attempt to resolve records like
_kerberos._tcp.dc._msdcs.c
_ldap._tcp.corp.nbsrealtor
_kerberos._tcp.corp.nbsrea
etc.
...against the forwarding server addresses, as seems to be happening below? If this is normal, are the failures in the below report anything to be concerned about? If they are not normal, is there some way to istruct DNS to not attempt resolving these local records against those forwarding domains?
Thanks for any insight on this. Much appreciated!
Ken
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 10.1.1.1:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.1:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.1:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.1:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.1:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.1:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.1:
_ldap._tcp.PDX._sites.gc._
Warning:
Missing CNAME record at DNS server 204.130.255.3:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 204.130.255.3:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 204.130.255.3:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing CNAME record at DNS server 209.63.0.6:
17f447cc-5493-47a9-81fa-c9
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
PDXDC.corp.nbsrealtors.com
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.4dfb845e-dc87-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.dc._msdcs.c
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.dc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._udp.corp.nbsrea
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kpasswd._tcp.corp.nbsreal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.corp
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.dc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_kerberos._tcp.PDX._sites.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.gc._msdcs.corp.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 209.63.0.6:
gc._msdcs.corp.nbsrealtors
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_gc._tcp.PDX._sites.corp.n
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 209.63.0.6:
_ldap._tcp.PDX._sites.gc._
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Matching CNAME record found at DNS server 10.1.1.11:
17f447cc-5493-47a9-81fa-c9
Matching A record found at DNS server 10.1.1.11:
PDXDC.corp.nbsrealtors.com
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.corp.nbsrealtor
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.4dfb845e-dc87-4
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.dc._msdcs.c
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.dc._msdcs.corp.
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._udp.corp.nbsrea
Matching SRV record found at DNS server 10.1.1.11:
_kpasswd._tcp.corp.nbsreal
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.corp
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.dc._
Matching SRV record found at DNS server 10.1.1.11:
_kerberos._tcp.PDX._sites.
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.gc._msdcs.corp.
Matching A record found at DNS server 10.1.1.11:
gc._msdcs.corp.nbsrealtors
Matching SRV record found at DNS server 10.1.1.11:
_gc._tcp.PDX._sites.corp.n
Matching SRV record found at DNS server 10.1.1.11:
_ldap._tcp.PDX._sites.gc._
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 209.63.0.6 (<name unavailable>)
6 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 204.130.255.3 (<name unavailable>)
4 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.corp.nbsrealtor
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 10.1.1.1 (PDXAD)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.1.1.11 (PDXDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.2.1.1 (VANDC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.3.1.1 (SEADC)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
DNS server: 207.173.86.6 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: corp.nbsrealtors.com
PDXAD PASS WARN FAIL PASS PASS FAIL n/a
seadc PASS PASS PASS PASS PASS PASS n/a
vandc PASS PASS PASS PASS PASS PASS n/a
PDXDC PASS WARN FAIL PASS PASS FAIL n/a
......................... corp.nbsrealtors.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2
2-
2
- +2
8 Comments
Active 4 days ago
When setting up my dns servers I never use any address except that of itself. I never add forwarders or reverse look ups. Some people do I dont. Also I just leave the root servers as is. Never have issues.
Interesting. So how do your servers & client know how to resolve DNS requests? They just request against the default root hint servers?
Active today
Root hints and forwarders are both acceptable methods of handling external DNS queries. Each has its own set of advantages and disadvantages, so in most cases it comes down to personal preference.
In your particular case, those SRV queries should never be sent outside, as all of your internal servers should be authoritative for the corp.nbsrealtors.com zone. Is the server you ran the test on only using those internal DNS servers for resolution, or are the ISP servers configured as alternates? (Ipconfig /all will show this.)
In your particular case, those SRV queries should never be sent outside, as all of your internal servers should be authoritative for the corp.nbsrealtors.com zone. Is the server you ran the test on only using those internal DNS servers for resolution, or are the ISP servers configured as alternates? (Ipconfig /all will show this.)
Active 4 days ago
I'm in agreement with BillBondo - I do not generally use forwarders either. I've had too many instances where DNS issues cropped up and were actually caused by misbehaving DNS forwarders. What happens when you remove the forwarders is simply that your DNS servers will query the root servers directly, instead of the forwarders, for the correct NS servers for the particular domain you're querying, and then will go to those NS servers to find the domain host IP addresses that it needs.
If you want to stop using forwarders, all you need to do is make sure that the root hints tab shows the list of root servers and IP addresses, and remove the forwarders from your DNS servers. In particular, on your 2008 DNS server, you need to double-check the settings to make sure that it will look at the root hints instead of forwarders, and has a list of root servers, as this is not set up automatically all the time as it is on 2003 DNS servers.
If you want to stop using forwarders, all you need to do is make sure that the root hints tab shows the list of root servers and IP addresses, and remove the forwarders from your DNS servers. In particular, on your 2008 DNS server, you need to double-check the settings to make sure that it will look at the root hints instead of forwarders, and has a list of root servers, as this is not set up automatically all the time as it is on 2003 DNS servers.
If local entries are not found, forwarder is always query. This is to ensure you can always resolve system you do know now before hand.
What's the primary DNS entry for those DNS servers?
What's the primary DNS entry for those DNS servers?
Active today
If local entries are not found, forwarder is always query. This is to ensure you can always resolve system you do know now before hand.That's not correct. A DNS server will never forward queries for anything in a zone that it's authoritative for (a zone that's actually present on that server, in other words). If it doesn't find a record matching the query, it will simply send an authoritative negative response.
For example, assume your DNS server hosts the mydomain.local forward lookup zone and you query for the address of win7client.mydomain.local.
Dr.Dave is correct, for zones it has Auth. it will send "unknown host" and ends the query.
I was implying external known root domains.
I was implying external known root domains.
Maybe I'm misreading the results of the test, but it sure looks like it's trying to resolve a local root domain name against an external forwarder, based on the results above, doesn't it?
Regardless, I have removed the forwarding addresses, making sure all dns servers have the appropriate root hints in place, and everything seems to be running smoothly. I re-ran the dcdiag and it's not failing the forwarding part of the test.
Oh, and I did discover that the adapters for each dc also had the dns resolver addresses added in the adapter dns settings, so I dumped those as well.
So I guess that's that issue. This is just part of a larger RPC issue, but I'm still cracking away at that one, and if I cannot resolve it (heh, no pun intended), then you can anticipate another post shortly.
Thanks a ton for the responses folks, and have a great holiday!
KM
Regardless, I have removed the forwarding addresses, making sure all dns servers have the appropriate root hints in place, and everything seems to be running smoothly. I re-ran the dcdiag and it's not failing the forwarding part of the test.
Oh, and I did discover that the adapters for each dc also had the dns resolver addresses added in the adapter dns settings, so I dumped those as well.
So I guess that's that issue. This is just part of a larger RPC issue, but I'm still cracking away at that one, and if I cannot resolve it (heh, no pun intended), then you can anticipate another post shortly.
Thanks a ton for the responses folks, and have a great holiday!
KM
Featured Post
Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 8 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
632 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.