DNS Entries are missing but still can be NSLOOKUP

1. Yes, I can't see those hosts in any of my AD integrated DNS servers using GUi.
2. Yes, nslookup is showing one of my dns servers.
3. Yes, i have run nslookup for all dns servers.
4. I didn't check the ipconfig all on clients but im sure they are configured with correct dns server.
5. I guess new dynamic entries are being registered but i will check tomorrow. I'm in GMT +3 zone.

Regarding Item 2, I would try all of the DNS in turn. If any of them have a given entry it may resolve.

Regarding Item 4, I would only check the DNS settings of the host from which you run your diagnostics.  The others are not critical to your diagnostics.

I'm UTC/GMT -8.

 - Tom

Hi,

You had commented above stating able to perform NSLOOKUP and it resolves fine.

One of your AD integrated DNS server only resolves it right,

Then connect to the DNS server in the DNS management console, navigate to the corresponding zone name in which the DNS entry resides (as per nslookup result),

then use the Filter option to search the DNS entry in that particular zone. The record should exist there for sure..., :)

You  are not able to view the record may be because of following reason,

Might have enabled Filter option by using some other DNS entry name in the DNS console.

You may need to increase the Display limit, click on View->Filter->Display limit tab in DNS console..,

Hi Again,

So I have checked again. I ran the ipconfig /all on the machine where I am pinging and looking up NS; it shows one of my DNS servers.

None of the DNS servers have those entries; I have checked manually all the DNS servers via their GUIs.

There is no filter option enabled.

Limit is already 10000. I have bumped it up to 20000.

I know, this is an amazing stuff but I am experiencing right now. I can understand that there could be reasons when entries are missing but how am I able to resolve them, this is confusing.

So there is an update. I have checked it again. I guess not all dynamic registrations are being happened. I guess, DHCP couldn't register dynamic entries to DNS. How can I check that?

Then login to your DHCP server and check for option 006 which is meant for DNS server, in to which the dynamic registration will happen.

Check in both server option and scope option in the DHCP server also check you are able to ping or communicate the IPADDRESS configured in the 006 Option (in the DHCP server).

*Note: Also check the Dynamic registration is allowed in DNS server(which is configured in DHCP server 006 option).Hope it might be enabled just for heads up.

Yes, it is enabled and I can ping that DNS server from DHCP server.

Can you share the namespace lookup result here...,

Also can you execute ipconfig /registerdns command in the problematic workstation and then check whether the IPADDRESS is registered dynamically or not.

Also check the IPADDRESS configured in 066 option in DHCP server, check you're able to ping the same from your DHCP server...,

You can use NETMON tool to check is there any packet drop happens between the DHCP and DNS server(IPADDRESS configured in 006 option in DHCP server).

What about DHCP credentials that is used to update dynamic entry. Should it have an permissions on DNS ACL?

I doubt it wont be an issue with DNS ACL. Can you check the number of days you had set in the Aging and scavenging period in the DNS server.

Share the no.of days configured in it. Also check is there any Time SYNC issue persist between DHCP server & DNS(just to ensure).

Aging and scavenging period (no-refresh interval and refresh interval) = 3 days.
DHCP lease = 5 days.

DHCP and DNS servers are on same box which DC as well.

There is another thing, I can't see dhcpuser or DHCP server in DNS zone's ACL. Does it make any difference?

Then check the DNS integrity in the DC using the below command,

dcdiag /test:dnscheck , analyze the result in the command and share the same here to proceed further..,

Excuse me,

the command is dcdiag /test:dns while typing the above comment failed to give space inbetween dcdiag /test:dns and check ..,

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = xxxx-DS1

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site\xxxx-DS1

      Starting test: Connectivity

         ......................... xxxx-DS1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site\xxxx-DS1

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... xxxx-DS1 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : qatar

   
   Running enterprise tests on : xxxx.xxxx.edu

      Starting test: DNS

         Test results for domain controllers:

           
            DC: xxxx-DS1.xxxx.xxxx.edu

            Domain: xxxx.xxxx.edu

           

                 
               TEST: Basic (Basc)
                  Warning: adapter

                  [00000007] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

                  has invalid DNS server: xxx.xxx.88.108 (<name unavailable>)

                  Warning: adapter

                  [00000007] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)

                  has invalid DNS server: xxx.xxx.88.109 (<name unavailable>)

                  Warning: The AAAA record for this DC was not found
                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone xxxx.xxxx.edu
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client):

                 

                     Warning:
                     Missing AAAA record at DNS server xxx.xxx.88.77:
                     xxxx-DS1.xxxx.xxxx.edu
                     
                     Warning:
                     Missing AAAA record at DNS server xxx.xxx.88.77:
                     gc._msdcs.xxxx.xxxx.edu
                     
               Warning: Record Registrations not found in some network adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: xxx.xxx.88.108 (<name unavailable>)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server xxx.xxx.88.108               Name resolution is not functional. _ldap._tcp.xxxx.xxxx.edu. failed on the DNS server xxx.xxx.88.108
               
            DNS server: xxx.xxx.88.109 (<name unavailable>)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server xxx.xxx.88.109               Name resolution is not functional. _ldap._tcp.xxxx.xxxx.edu. failed on the DNS server xxx.xxx.88.109
               
               xxxx-DS1                    PASS WARN PASS PASS WARN WARN n/a  
         ......................... xxxx.xxxx.edu passed test DNS

this is the latest one:


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = XXXXX-DS1

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site\XXXXX-DS1

      Starting test: Connectivity

         ......................... XXXXX-DS1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site\XXXXX-DS1

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

 ERROR: NO DNS servers for IPV6 stack was found
         ......................... XXXXX-DS1 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : qatar

   
   Running enterprise tests on : xxx.xxx.edu

      Starting test: DNS

         Test results for domain controllers:

           
            DC: XXXXX-DS1.xxx.xxx.edu

            Domain: xxx.xxx.edu

           

                 
               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client):

                 

                     Warning:
                     Missing AAAA record at DNS server xxx.xxx88.77:
                     XXXXX-DS1.xxx.xxx.edu
                     
                     Warning:
                     Missing AAAA record at DNS server xxx.xxx.88.77:
                     gc._msdcs.xxx.xxx.edu
                     
                     Warning:
                     Missing AAAA record at DNS server xxx.xxx.88.26:
                     XXXXX-DS1.xxx.xxx.edu
                     
                     Warning:
                     Missing AAAA record at DNS server xxx.xxx.88.26:
                     gc._msdcs.xxx.xxx.edu
                     
               Warning: Record Registrations not found in some network adapters

         
               XXXXX-DS1                    PASS WARN PASS PASS PASS WARN n/a  
         ......................... xxx.xxx.edu passed test DNS

Hi

Check the configuration of DHCP scopes to update the DNS automatically and DNS forward lookup zones settings set to replicate all domain controllers. Please refer the below screenshots.

Thanks
Jai
dhcp.jpg
DNS.jpg

These are my settings.

Interestingly, I could not find anything in logs. It seems DHCP is not even trying to update DNS dynamically. If I release and renew addresses on clients, DHCP log just shows that new addresses registered but didn't try to update in DNS.
DHCPDNS.JPG
dns-nameProtection.JPG

I agree with Jaihunt, answer is there in your question. It is DNS Scavenginh settings that are causing issue. Check the links that Jaihunt gave you, also for reference check these links as well.

DNS Scavenging

DNS Best Practices

I already read those links but I will check again. I don't think scavenging is the issue because it's happening but DHCP isn't registering the new ones.

I will try to un check name protection.
DHCP lease is 5 days. DNS scavenging and aging is 3 days (non-refresh and refresh). Scavenging is happening every 7 days.

A part of the question still exists. How can I nslookup for some machines that don't exist in any of my DNS. Nslookup shows that it is bringing up that value from a specific DNS where that host entry doesn't exist.

We also have WINS in our network.

Alright guys, now DHCP has started updating DNS but only for few clients not all.

Interestingly, if I look at DHCP logs, it is updating some clients not all in the same zone.

What could be the reason?