Solved

How do I locate all DNS servers?

Posted on 2013-01-08
20
303 Views
Last Modified: 2013-01-08
While adding a new 2008 R2 DC the message displayed during my DNS and Global Catalog choices that there were 2 DNS servers in our Domain.  However, that isn't the case.  The new DC that I'm building actually re-building was previously a DNS server, however it was properly demoted and removed from the domain before re-build.  

I ran a scan using WSPing Pro and it only shows 1 DNS server.

So is the Windows message and error or do I have a rogue DNS server?  How do I verify?
0
Comment
Question by:jrsitman
  • 11
  • 3
  • 3
  • +3
20 Comments
 
LVL 3

Expert Comment

by:costanos
ID: 38755747
What shows up when you run NSlookup in CMD?
0
 
LVL 10

Expert Comment

by:George Khairallah
ID: 38755749
Perhaps you can try doing it with nslookup?
nslookup
Set type=NS
contoso.com

Open in new window

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38755752
You can use nslookup


nslookup
set type = NS
Your domain name

Look on the name servers tab in DNS and look for entries for the old box in DNS.

Thanks

Mike
0
 

Author Comment

by:jrsitman
ID: 38755781
when I run NSlookup I get "default server unknown 172.17.1.30".  which was the old DNS server that was removed but has now been added back in with the same IP and it is now a DNS server again
0
 

Author Comment

by:jrsitman
ID: 38755790
if I run it from the new DNS server I get the same results but with the ip address of the other DNS server.
0
 
LVL 10

Expert Comment

by:George Khairallah
ID: 38755798
Is your DNS configuration of that server correct?
Have you verified that this DNS server is functioning?
What is your ipconfig on your workstation like? are you able to resolve (forward and reverse) the name/IP of that server from your workstation?
If you can't, then you need to address that issue to make sure that is working.
0
 
LVL 18

Expert Comment

by:sarang_tinguria
ID: 38755966
make sure you have setup DNS correctly in your env follow below best practices

Best practices for DNS client settings on DC and domain members.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

Also run dcdiag /test:dns to check the DNS issue on the dc
0
 

Author Comment

by:jrsitman
ID: 38755967
DNS settings verified.
Yes DNs is working.  No problems
ipconfig from the workstation shows the proper DNS servers and DHCP server

So as far as I can tell there isn't a problem, that I can see
0
 

Author Comment

by:jrsitman
ID: 38755989
OK.  I'll post later.  Got to get to a meeting
0
 

Author Comment

by:jrsitman
ID: 38756949
when I run dcdiag /test:dns I get unrecognized command.  I get the same thing if I run ipconfig /flushdns
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 25

Expert Comment

by:DrDave242
ID: 38756994
You get "unrecognized command" when you run ipconfig /flushdns?  If that's the case, something's gone very wrong.

Wait, you're not still in nslookup, are you?  If so, type exit and try again from the normal command prompt.
0
 
LVL 10

Expert Comment

by:George Khairallah
ID: 38757025
Also, when you're doing these commands, you might want to open the command prompt with elevated privileges.
ipconfig /flushdns will work with normal privilege, but, ipconfig /registerdns won't.
0
 

Author Comment

by:jrsitman
ID: 38757109
yep was still in nslookup.  Attached are the results.  It is trying to find a DNS server that has been gone at least 2 years spcala02
dnsfail.jpg
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 38757177
Open the DNS console on one of your DNS servers, right-click your domain's forward lookup zone, and select Properties.  What's listed in the Name Servers tab?  (Check any other forward lookup zones you've got too.)
0
 

Author Comment

by:jrsitman
ID: 38757207
There are 3 forward lookup zones.  see attached.  In all three the only DNS server listed is the one that was removed two weeks ago and then added back today.  I used the same server name and IP address when adding it back to the domain
dnsforward.jpg
0
 

Author Comment

by:jrsitman
ID: 38757251
I just did ipconfig /all from a workstation and it has all the correct servers. DNS/DHCP
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 400 total points
ID: 38757263
I just noticed that the failure occurs in the Delegations test.  Given your zone setup, there's probably only one delegation present, and that's for the _msdcs.LASPCA.CORP zone.  However, the delegation record itself will be inside the LASPCA.CORP forward lookup zone.  Open that zone and look for a record named _msdcs.  It should look like a grayed-out folder.  Right-click that record and select Properties.  In the Name Servers tab of the properties window, I'm guessing the bogus server will be listed.  If so, remove it from the list.
0
 

Author Comment

by:jrsitman
ID: 38757273
yep it was.  I'll rerun the test.
0
 

Author Comment

by:jrsitman
ID: 38757291
The initial rogue DNS server is gone but the other errors are still there.  I'll award the points for this and open a new case.  Please watch for it.  You obviously know what you're doing.

Thanks
0
 

Author Closing Comment

by:jrsitman
ID: 38757294
thanks
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now