Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS zone 'dissappeared'

Posted on 2013-05-17
4
Medium Priority
?
391 Views
Last Modified: 2013-07-22
Hi,

I had an issue where the DNS zone 'disappeared' from the network DNS and that change was replicated to all AD DNS servers.

I want to know if the two changes I made with regards to DNS would have done that.

BACKGROUND;

HQDC01 & DC02 = Win2012
BRANCHDC01 = Win08R2

A branch DC/ DNS server was not replicating the netlogon folder, on HQDC01 I discovered that the branch DC was not replying to NetBIOS / FQDN pings but IP pings was fine. On the branch DC (connected to HQ via a firewall VPN)  the DC could not ping itself either.

TROUBLESHOOTING;
I check the DNS resource A record. That was fine. THE DC was in the Name server tabs. I added in a second IP on the server and added in an A record and that pinged okay, I removed the second IP and the  record. IT had to be the A Record, So I deleted the A record of the Branch server and manually added it again. I pinged itself the NetBIOS replied okay but the FQDN replied with the wan IP of the site.
On the HQ servers the branch server now also replied with WAN IP on bother NETBIOS and FQDN names.
In the DNS manager on HQDC01 on the zone. I reloaded it, then went through the setting and saw that in the zone transfer tab it was unticked. I ticked it and selected to all in the named server tabs. I checked the other HQDC02 DNS server but when I clicked on the zone it would not expand and after a refresh of the console it was gone, then they same back on HQDC01. the branch server was fine. I stopped the DNS server and tried to copy the ..\\system32\dns folder in the fear that the missing zone with replicate to this server. IT did when I started the service again.

On the branch server the dns zone's .dns file was in the \dns folder but on the two HQ servers it was not. I copied the .dns folder to both their their \dns folder and recreated the zone and clicked on reload, but it did not repopulate. I then had to recreated some A host record of member servers and eventually it started to repopulate as Machines started to communicate with them.


QUESTION: Can the Removal of a DNS server's A host record do this or changing the Transfer Zone settings or both?

Thanks,

GNS
0
Comment
Question by:ggntt
  • 2
  • 2
4 Comments
 
LVL 41

Assisted Solution

by:footech
footech earned 1500 total points
ID: 39175320
No.  Changing the Transfer Zone settings could affect a secondary zone but not a primary.
Are the zones set up as AD-integrated on all servers?
You may want to run dcdiag /v /test:dns and repadmin /showrepl on each of the machines.
Also, you might want to check out the article.  Duplicate zones could be a cause for the zones disappearing.
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
0
 

Author Comment

by:ggntt
ID: 39185921
Hi footech

The two tests run fine now as I created a new zone.

Looking at the duplicate zones link. The zones that we 'had' where there for years. The 2012 Servers where live for about three weeks. Just trying to fine out what happened.

I have noticed that some of the member servers even though they detect the network location is a domain, it does not recognise it has internet, yet IE shows otherwise!


-Thanks

GNS
0
 
LVL 41

Accepted Solution

by:
footech earned 1500 total points
ID: 39186194
See here for a good explanation of how the Network Connectivity Status Indicator works.
http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

In case the link ever changes, here's the most relevant content.
Windows does indeed check a Microsoft site for connectivity, using the Network Connectivity Status Indicator site. There are a few variations of the connection checking process:
1.NCSI performs a DNS lookup on www.msftncsi.com, then requests http://www.msftncsi.com/ncsi.txt. This file is a plain-text file and contains only the text Microsoft NCSI.
2.NCSI sends a DNS lookup request for dns.msftncsi.com. This DNS address should resolve to 131.107.255.255. If the address does not match, then it is assumed that the internet connection is not functioning correctly.

The exact sequence of when which test is run is not documented; however, a little bit of digging around with a packet sniffing tool like Wireshark reveals some info. It appears that on any connection, the first thing NCSI does is requests the text file (step 1 above). NCSI expects a 200 OK response header with the proper text returned. If the response is never received, or if there is a redirect, then a DNS request for dns.msftncsi.com is made. If DNS resolves properly but the page is inaccessible, then it is assumed that there is a working internet connection, but an in-browser authentication page is blocking access to the file. This results in the pop-up balloon above. If DNS resolution fails or returns the wrong address, then it is assumed that the internet connection is completely unsuccessful, and the “no internet access” error is shown.

The order of events appears to be slightly different depending on whether the wireless network is saved, has been connected to before even if it is not in the saved connections list, and possibly depending on the encryption type. The DNS and HTTP requests and responses showing up in Wireshark were not always consistent, even connecting to the same network, so it’s not entirely clear what causes different methods of detection under different scenarios.
0
 

Author Comment

by:ggntt
ID: 39344145
I have given up on this. Not because of lack of answers, but because the customers has not pushed for an answer.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question