[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

DNS question

Posted on 2013-11-27
16
Medium Priority
?
253 Views
Last Modified: 2013-12-03
If we have a secondary dns that goes offline, shouldnt it round robin back to the primary dns? It seems our secondary DNS crashed and after that we were getting DNS issues. Could it be the request round robin'ed back to the primary but timed out by that time? Thanks
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
16 Comments
 
LVL 17

Expert Comment

by:Chris Millard
ID: 39681250
Your client machines ned to be aware of the other DNS server. DHCP should be handing out primary and secondary DNS details to your clients. If the client cannot contact the primary DNS server, it will contact the secondary.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681253
make sure your computers can ping the dns server using fqdn

A test would be to stop the DNS services on one and see if it works
Then stop dns on the other and see if they still work.

nslookup would also be a good tool to use for this
0
 

Author Comment

by:Thomas N
ID: 39681254
Can the primary DNS be inundated with requests and go to the secondary, then if the secondary is offline it will time out. Is that a possibility? Im just trying to figure out why the requests are timing out even if the secondary goes down.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 23

Assisted Solution

by:Thomas Grassi
Thomas Grassi earned 1000 total points
ID: 39681267
What DNS errors are you getting? Have you check the DNS event log?
0
 

Author Comment

by:Thomas N
ID: 39681296
Machines just cant resolve names but they can by IP. Some machines when we do a nslookup we get the error below.

The DNS server (165.) that is being used for VPN is having issues again:
c:\>nslookup outlook.com
Server:  .net
Address:  165.
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
0
 

Author Comment

by:Thomas N
ID: 39681305
Also nothing in the DNS logs
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681310
What OS are the Server?

run this on them

@echo off
dcdiag >dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDM>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
exit

Post results
0
 

Author Comment

by:Thomas N
ID: 39681362
2008 server. Am I suppose to create a bat or vbs script with the commands you gave, then run it? Or am I suppose to do it at the command prompt?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681382
Thomas

My name is Thomas also

Yes you can run them from a command prompt.

I just create a dctest.cmd file

I run this on  my servers weekly  just a thought
0
 

Author Comment

by:Thomas N
ID: 39681405
Thanks for your help Thomas!

How long does it run for? I created a cmd file and it pulls up a blank DOS screen and stays there.
dns.png
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681421
It does not run long

Make sure you have dcdiag on your servers.

It comes with the support tools from Windows 2003 server

http://www.microsoft.com/en-us/download/details.aspx?id=15326
0
 

Author Comment

by:Thomas N
ID: 39681452
I have it on the server. I used dcdiag on it before. I just did each one individually.

Strange, when I run the line "dcdiag /c /v >>dclogx.txt" and "dcdiag /test:dns >>dclogx.txt" it hangs. The other 2 I have attached the log files.
dclogx.txt
dclog.txt
0
 

Author Comment

by:Thomas N
ID: 39681469
I tried to run the command without sending it to the log file. This is what I get.

Z:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: TXSDC\server
      Starting test: Connectivity
         ......................... server passed test Connectivity

Doing primary tests

   Testing server: TXSDC\server

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681475
They look ok

But you have many system event log errors. Some we need to review.

the dcdiag /test:dns hangs not good

I found this take a look

http://social.technet.microsoft.com/Forums/windowsserver/en-US/eeddc6f7-c603-4f1a-9340-f783e1077d59/dcdiag-fix?forum=winserverDS
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681493
Do you have IPV6 enabled on the network adapters for these Servers?

Disable all IPV6.

Check thru all your DNS records A Records Pointer Records and make sure the servers all have the correct Ip address and make sure no servers are registering IPV6 in the dns.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 1000 total points
ID: 39683266
Starting test: Replications

         REPLICATION-RECEIVED LATENCY WARNING

         IEPSZW002:  Current time is 2013-11-27 11:13:26.

            DC=ForestDnsZones,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            DC=DomainDnsZones,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:59
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            CN=Schema,CN=Configuration,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:52
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            CN=Configuration,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:52
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:54
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:57
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:54
               WARNING:  This latency is over the Tombstone Lifetime of 180

The above log indicates that you have replication issue between DCs and the server has reached tombstone lifecycle period.

As the Server has reached the tombstone lifecycle period.To fix the issue you need to demote and promote the server.You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.If faulty DC is fsmo role holder server the you need to seize the FSMO role on other DC.

Once done you can promote the Server back as ADC.Also configure authorative time server role on PDC role holder server.

Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htm
Authorative time server: http://support.microsoft.com/kb/816042
Configuring the time service on the PDC Emulator FSMO role holder

You need to first fix replication issue between DC.Also ensure correct dns setting on DCs and client as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question