Solved

Missing DNS Zone?

Posted on 2013-11-26
11
465 Views
Last Modified: 2013-11-27
I think my DNS / AD is screwed up.  My client has been reporting some weird behavior in their network.  Suddenly, mapped drives or network based apps are not accessible.  Some are reporting that they are not getting an IP address via DHCP.  In fact, they are getting nothing - not even the default machine address.

I saw some events in a workstations logs (didn't collect it for this report - I will if necessary).

I looked at the DNS on the domain controller and I saw this (see attached):  There is a forward zone for the domain but not one for the active directory (sorry, I don't understand this part very well so I might be using the wrong nomenclature).  So, there is no '_msdcs.domain.local' zone.

Not sure but something tells me this is a big deal.  Can you help me confirm this?  And, if so, what can I do about it?
Bad-DNS.png
0
Comment
Question by:crapshooter
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
Comment Utility
Hi,

You have a problem but not a grave one and the solution:

1. Backup the DNS zone as of current.
2. http://support.microsoft.com/kb/294328/en-gb

Still works for Windows 2008 :)

See if this thread leads you anywhere:
http://www.petri.co.il/forums/showthread.php?p=76140#post76140
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
Comment Utility
What do you see if you expand that node, example from my lab

1
Thanks

Mike
0
 
LVL 6

Assisted Solution

by:jasons73
jasons73 earned 125 total points
Comment Utility
How many domain controllers are running in your enviroment?

Without specifics on the number of domain controllers, At the very least I'd run the following on from an elevated command prompt each domain controller


ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
It is valid to have either _msdcs as its own zone, or as a subdomain of your <domainname> zone.  The information as requested by mkline71 would show us which you have.  Typically when _msdcs is its own zone, you will have a delegation for it (which would appear as a grayed-out icon) under your <domainname> zone.
0
 

Author Comment

by:crapshooter
Comment Utility
Mike, yes those entries are all there.

There is only one DC.  I will try all of the commands that you gave me (and KB articles) and report back.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 57

Expert Comment

by:Mike Kline
Comment Utility
If your zone looks like what I have they you should be ok,  do you see all the SRV records and host records in the zone?

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Imtiaz Hasham
Imtiaz Hasham earned 125 total points
Comment Utility
I would actually run a DCDiag just to check where exactly the issue is before I carry on further
0
 
LVL 39

Expert Comment

by:footech
Comment Utility
When you say that all the entries are there - does _msdcs appear as a grayed-out icon (delegation) or a subdomain?  If it is a delegation then you should have a separate _msdcs zone.  If it is a subdomain then what you showed in your screenshot with your original question isn't a problem.
dcdiag /test:dns /v should reveal if there is an issue.
0
 

Author Comment

by:crapshooter
Comment Utility
I ran dcdiag /test:dns /v and all tests passed.

Attached is the expanded view of the DNS.

I ran
ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
and all came up "passed" or "successful"

I guess I am OK then, eh?
Bad-DNS-Expanded.png
0
 
LVL 39

Accepted Solution

by:
footech earned 125 total points
Comment Utility
Yes, everything looks fine.
BTW, if you deleted your _msdcs subdomain, and created a separate _msdcs.<yourdomain.com> zone, then upon restart of the Netlogon service all the records in it should be automatically created.
Also, a little background - prior to Server 2003, _msdcs was created by default as a subdomain.  For any domains that were migrated to newer DCs this structure was not automatically changed, but when setting up a new domain with Server 2003+ by default _msdcs is created as a separate zone.
0
 

Author Closing Comment

by:crapshooter
Comment Utility
Thanks for the help, all!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now