Solved

DNS question

Posted on 2013-11-27
16
244 Views
Last Modified: 2013-12-03
If we have a secondary dns that goes offline, shouldnt it round robin back to the primary dns? It seems our secondary DNS crashed and after that we were getting DNS issues. Could it be the request round robin'ed back to the primary but timed out by that time? Thanks
0
Comment
Question by:Thomas N
16 Comments
 
LVL 17

Expert Comment

by:Chris Millard
ID: 39681250
Your client machines ned to be aware of the other DNS server. DHCP should be handing out primary and secondary DNS details to your clients. If the client cannot contact the primary DNS server, it will contact the secondary.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681253
make sure your computers can ping the dns server using fqdn

A test would be to stop the DNS services on one and see if it works
Then stop dns on the other and see if they still work.

nslookup would also be a good tool to use for this
0
 

Author Comment

by:Thomas N
ID: 39681254
Can the primary DNS be inundated with requests and go to the secondary, then if the secondary is offline it will time out. Is that a possibility? Im just trying to figure out why the requests are timing out even if the secondary goes down.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 23

Assisted Solution

by:Thomas Grassi
Thomas Grassi earned 250 total points
ID: 39681267
What DNS errors are you getting? Have you check the DNS event log?
0
 

Author Comment

by:Thomas N
ID: 39681296
Machines just cant resolve names but they can by IP. Some machines when we do a nslookup we get the error below.

The DNS server (165.) that is being used for VPN is having issues again:
c:\>nslookup outlook.com
Server:  .net
Address:  165.
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
0
 

Author Comment

by:Thomas N
ID: 39681305
Also nothing in the DNS logs
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681310
What OS are the Server?

run this on them

@echo off
dcdiag >dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDM>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
exit

Post results
0
 

Author Comment

by:Thomas N
ID: 39681362
2008 server. Am I suppose to create a bat or vbs script with the commands you gave, then run it? Or am I suppose to do it at the command prompt?
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681382
Thomas

My name is Thomas also

Yes you can run them from a command prompt.

I just create a dctest.cmd file

I run this on  my servers weekly  just a thought
0
 

Author Comment

by:Thomas N
ID: 39681405
Thanks for your help Thomas!

How long does it run for? I created a cmd file and it pulls up a blank DOS screen and stays there.
dns.png
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681421
It does not run long

Make sure you have dcdiag on your servers.

It comes with the support tools from Windows 2003 server

http://www.microsoft.com/en-us/download/details.aspx?id=15326
0
 

Author Comment

by:Thomas N
ID: 39681452
I have it on the server. I used dcdiag on it before. I just did each one individually.

Strange, when I run the line "dcdiag /c /v >>dclogx.txt" and "dcdiag /test:dns >>dclogx.txt" it hangs. The other 2 I have attached the log files.
dclogx.txt
dclog.txt
0
 

Author Comment

by:Thomas N
ID: 39681469
I tried to run the command without sending it to the log file. This is what I get.

Z:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: TXSDC\server
      Starting test: Connectivity
         ......................... server passed test Connectivity

Doing primary tests

   Testing server: TXSDC\server

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681475
They look ok

But you have many system event log errors. Some we need to review.

the dcdiag /test:dns hangs not good

I found this take a look

http://social.technet.microsoft.com/Forums/windowsserver/en-US/eeddc6f7-c603-4f1a-9340-f783e1077d59/dcdiag-fix?forum=winserverDS
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 39681493
Do you have IPV6 enabled on the network adapters for these Servers?

Disable all IPV6.

Check thru all your DNS records A Records Pointer Records and make sure the servers all have the correct Ip address and make sure no servers are registering IPV6 in the dns.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 250 total points
ID: 39683266
Starting test: Replications

         REPLICATION-RECEIVED LATENCY WARNING

         IEPSZW002:  Current time is 2013-11-27 11:13:26.

            DC=ForestDnsZones,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            DC=DomainDnsZones,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:59
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            CN=Schema,CN=Configuration,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:52
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:55
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            CN=Configuration,DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:58
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:52
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:54
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

            DC=txaccess,DC=net
               Last replication received from PWZW007 at
          2013-05-21 11:21:57
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZD001 at
          2013-05-21 11:32:53
               WARNING:  This latency is over the Tombstone Lifetime of 180

         days!

               Last replication received from VZR032 at
          2013-05-21 11:14:54
               WARNING:  This latency is over the Tombstone Lifetime of 180

The above log indicates that you have replication issue between DCs and the server has reached tombstone lifecycle period.

As the Server has reached the tombstone lifecycle period.To fix the issue you need to demote and promote the server.You cannot demote the faulty DC gracefully you need to do forcefull removal.You need to ran dcpromo/force removal and then run matadata cleanup on other DC(healthy) to remove the instance of faulty DC from AD database and DNS.If faulty DC is fsmo role holder server the you need to seize the FSMO role on other DC.

Once done you can promote the Server back as ADC.Also configure authorative time server role on PDC role holder server.

Reference link
Forcefull removal of DC: http://support.microsoft.com/kb/332199
Metadata cleanup: http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Seize FSMO role: http://www.petri.co.il/seizing_fsmo_roles.htm
Authorative time server: http://support.microsoft.com/kb/816042
Configuring the time service on the PDC Emulator FSMO role holder

You need to first fix replication issue between DC.Also ensure correct dns setting on DCs and client as this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question