Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Missing DNS Zone?

Posted on 2013-11-26
11
Medium Priority
?
477 Views
Last Modified: 2013-11-27
I think my DNS / AD is screwed up.  My client has been reporting some weird behavior in their network.  Suddenly, mapped drives or network based apps are not accessible.  Some are reporting that they are not getting an IP address via DHCP.  In fact, they are getting nothing - not even the default machine address.

I saw some events in a workstations logs (didn't collect it for this report - I will if necessary).

I looked at the DNS on the domain controller and I saw this (see attached):  There is a forward zone for the domain but not one for the active directory (sorry, I don't understand this part very well so I might be using the wrong nomenclature).  So, there is no '_msdcs.domain.local' zone.

Not sure but something tells me this is a big deal.  Can you help me confirm this?  And, if so, what can I do about it?
Bad-DNS.png
0
Comment
Question by:crapshooter
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 12

Expert Comment

by:Imtiaz Hasham
ID: 39679170
Hi,

You have a problem but not a grave one and the solution:

1. Backup the DNS zone as of current.
2. http://support.microsoft.com/kb/294328/en-gb

Still works for Windows 2008 :)

See if this thread leads you anywhere:
http://www.petri.co.il/forums/showthread.php?p=76140#post76140
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 39679181
What do you see if you expand that node, example from my lab

1
Thanks

Mike
0
 
LVL 8

Assisted Solution

by:J S
J S earned 500 total points
ID: 39679192
How many domain controllers are running in your enviroment?

Without specifics on the number of domain controllers, At the very least I'd run the following on from an elevated command prompt each domain controller


ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 41

Expert Comment

by:footech
ID: 39679236
It is valid to have either _msdcs as its own zone, or as a subdomain of your <domainname> zone.  The information as requested by mkline71 would show us which you have.  Typically when _msdcs is its own zone, you will have a delegation for it (which would appear as a grayed-out icon) under your <domainname> zone.
0
 

Author Comment

by:crapshooter
ID: 39679240
Mike, yes those entries are all there.

There is only one DC.  I will try all of the commands that you gave me (and KB articles) and report back.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39679246
If your zone looks like what I have they you should be ok,  do you see all the SRV records and host records in the zone?

Thanks

Mike
0
 
LVL 12

Assisted Solution

by:Imtiaz Hasham
Imtiaz Hasham earned 500 total points
ID: 39679273
I would actually run a DCDiag just to check where exactly the issue is before I carry on further
0
 
LVL 41

Expert Comment

by:footech
ID: 39679362
When you say that all the entries are there - does _msdcs appear as a grayed-out icon (delegation) or a subdomain?  If it is a delegation then you should have a separate _msdcs zone.  If it is a subdomain then what you showed in your screenshot with your original question isn't a problem.
dcdiag /test:dns /v should reveal if there is an issue.
0
 

Author Comment

by:crapshooter
ID: 39680859
I ran dcdiag /test:dns /v and all tests passed.

Attached is the expanded view of the DNS.

I ran
ipconfig /registerdns
dcdiag /fix
nltest /dsregdns
ipconfig /flushdns
and all came up "passed" or "successful"

I guess I am OK then, eh?
Bad-DNS-Expanded.png
0
 
LVL 41

Accepted Solution

by:
footech earned 500 total points
ID: 39681218
Yes, everything looks fine.
BTW, if you deleted your _msdcs subdomain, and created a separate _msdcs.<yourdomain.com> zone, then upon restart of the Netlogon service all the records in it should be automatically created.
Also, a little background - prior to Server 2003, _msdcs was created by default as a subdomain.  For any domains that were migrated to newer DCs this structure was not automatically changed, but when setting up a new domain with Server 2003+ by default _msdcs is created as a separate zone.
0
 

Author Closing Comment

by:crapshooter
ID: 39681275
Thanks for the help, all!
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question