Missing .local in prt record

I have been noticing DNS problems on the network. Timeouts, failed lookups, etc. While checking the ptr records on the domain controllers, I noticed that all other records show server.domain.local. While all 3 domain controllers have an additional ptr that show only server.domain. and missing the "local." on the end. If I delete these seemingly unnecessary entries, they are automatically re-created. It seems like this could be the source of my DNS problems. Is this normal for MS DNS?

We use our TWC Fiber ISP servers for DNS forwarders, and Open DNS. We've also used google DNS, but those seem to be worse for external lookups.

I've also run colosoft capsa 7 from my workstation and find hundreds of "DNS Server Error" and "TCP slow response" errors. When I run the BPA scan I get multiple warnings saying that the root hint servers must respond to queries for the root zone.

We have all NEW Dell server equipment, and new Cisco 48 port switches all set up in February. These problems just started recently.  I'm not sure what could be causing these issues. Could someone help?
Who is Participating?
timgbaldwinConnect With a Mentor Author Commented:
Wanted to add that the issue was resolved by disabling the intrusion prevention on the cisco small business firewall. I have since then upgraded to a barracuda NG 400.. Much nicer.
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Please run the command below on your DCs and see if it registers the correct records:

ipconfig /registerdns

If the correct records are not there then check IP configuration, Advanced, DNS tab and ensure that there are no zones entered with .local missing and if so then correct it.
timgbaldwinAuthor Commented:
Actually I did add the .local in the dns tab of the virtual adapter shortly after posting. This did get rid of the "extra" entry missing the .local. I'm still having quite a few DNS problems though. Root hint servers not responding, DNS forwarders not responding, and my 2012 DNS server is showing a warning in the BPA - DNS:Zone TrustAnchors secondary server should respond to queries for the zone. I don't have a zone called TrustAnchors.
Managed Security Services Webinar - March 15

Selecting the right managed security services platform to grow your business can be a huge undertaking. Join WatchGuard and Frost & Sullivan in an upcoming webinar as we dive into the key elements of selecting a vendor platform and partnership to fuel a successful MSSP business.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Could you run the following command and see if resolves it for you:

nslookup www.ati.com

What this command is to do is to try to resolve www.ati.com to its respective IP using DNS server   If this command doesn't work then it means that your server cannot talk to DNS servers on the Internet.  In that case ensure TCP and UDP ports 53 are open for your DNS server as it could be blocked on the firewall.
timgbaldwinAuthor Commented:
We have rules in the firewall to allow DNS traffic to the internal DNS servers. When performing nslookups, sometimes they time out, and sometimes they go through. Sometimes there is one timeout, and then resolves on the 2nd attempt. All 3 internal DNS servers act the same way, and it wasn't like this until recently. I asked TWC if there was any issue with the router, or DNS traffic. They have no answers either.
timgbaldwinAuthor Commented:
Because this was the reason that DNS traffic was being dropped and causing all of the DNS problems.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.