DNS question

Default Server:   mydnsserver

Server:   mydnsserver

*** mydnsserver can't find Query refused
> server12
Server:  mydnsserver

*** mydnsserver can't find client: Non-existent domain

I spoke to the person who manage the DNS server,  he said "You have the incorrect DNS servers listed here, this is in the prod domain not dev domain

What I don't understand is I am able to resolve another server which is in the same domain as where server12 is sitting.

He made some some changes in DNS server and it worked. I need to know what exactly the problem and trying to understand the issue. He doesn't want to explain and putting me the problem on my side.

please help.

doesn't this mean the issue on the DNS server side?
*** mydnsserver can't find Query refused
ittechlabLinux SupportAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sounds like to separate networks? Did he include both DNS servers in the ip config? Change default gateways? Need more information.
If that happens again, you can try pinging the address itself to make sure it can see the address.  If it can, then it would be a DNS issue.

To resolve the issue, he could have reloaded/refreshed the DNS records.  It might be possible that the IP address had once been assigned to another name and he had to clear it out of cache for it to resolve correctly.

It could be possible that he entered it incorrectly, and didn't want to admit it...

Hope that helps
ittechlabLinux SupportAuthor Commented:
Here is the scenario

I have four servers and when I did nslookup in dev environment.

from my windows 7 pc when I tried to do nslookup I see three servers working fine. for one server I am getting the following message. What does it mean?

*** mydnsserver can't find Query refused (by IP address)
*** mydnsserver can't find client: Non-existent domain (by Name)
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

ittechlabLinux SupportAuthor Commented:
""It could be possible that he entered it incorrectly, and didn't want to admit it..."

Can I able to see the log and see what change he made on the DNS server.
You might be able to use the below method to track changes, however it would need to be enabled prior to tracking.

1. Enable Directory Service Access auditing in your default Domain Policy:
a) Edit the Domain Security Policy
b) Navigate to Local Policies -> Audit Policy
c) Define 'Audit directory service access' for success and failure
d) Refresh the policy on all Domain Controllers
2. Enable auditing on the DNS zone:
a) Open ADSIEdit (Start, Run, adsiedit.msc)
b) Right-click ADSI Edit, and connect to the DC=DomainDnsZones,DC=<domain>,DC=<top level domain> container
c) Expand MicrosoftDNS, and navigate to the location of the DNS zone
d) Right-click the zone and choose Properties
e) On the Security tab, click the Advanced button
f) Select the Auditing tab, and click Add
g) Under User or Group, type in Everyone
h) On the Object tab, select Success and Failure for access types Write All Properties, Read All Properties, Delete, and Delete Subtree
3. When a record is changed from DNS, Event ID such as 566 will be logged in the Security Event Log on the related DC.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ittechlabLinux SupportAuthor Commented:
here is the setup on my company. I have two DNS servers such as dnsA and dnsB.

Both domains are not trusted.

If I create a record on dnsA and anybody pointing to dnsB should be able to resolve the name. what should be done?
You are going to need to add either a forwarder on dnsB pointing to a DNS server on dnsA network for that domain, or add a zone onto dnsB.  Although, if they are not trusted, I don't know if adding a zone will work for sure.

Right now, are you able to ping IP addresses on dnsA from dnsB?
If you can ping a DNS server on dnsA network, a test you can try is to add a secondary DNS server address to a pc of dnsA DNS server, and than see if you can resolve names.

The question will be does dnsB network know how to get to or route to dnsA network.  If not, you would need to add a route to your router.
ittechlabLinux SupportAuthor Commented:
based on my existing setup on my windows 7, I was able to resolve 3 servernames on the dev network but not the last one.  Where could be the problem. DNS admin keep pointing the finger at me.
ittechlabLinux SupportAuthor Commented:
I logged into both dns servers and I noticed dev.local zone. How do i know how is replicated. Both says secondary running. I am confused.
What are you trying to accomplish? Perhaps you have wrong server name and or ip? Firewall on the server? Can you log on that server? If you cant ping by ip than its not a dns issue.
Ok, a couple possible scenarios to your setup could be as follows:

The below would be the DNS settings for the respective server (this is assuming that DNS services are running on dnsA and dnsB)

dnsA server:

- Should have an active directory integrated zone for the internal domain network
- Could have a secondary zone for the dnsB server network domain with the name server of dnsB server

dnsB server:

- Should have an active directory integrated zone for the internal domain network
- Could have a secondary zone for the dnsA server network domain with the name server of dnsA server.

In this scenario, both network would need to be on separate IP addressing schemes so as not to confuse routing.  If they are on the same IP address scheme, it would be hard to know which traffic would be from the remote network

If they are on separate IP addressing networks, there would need to be a routing statement telling the server how to reach the remote network and what would be "interesting" traffic that would be destined for that network

As another possibility:

dnsA Server

- Should have an active directory integrated zone for the internal domain network
- Have a forwarder address pointing the dnsB server

dnsB Server

- Should have an active directory integrated zone for the internal domain network
- Have a forwarder address pointing the dnsA server

The problem with this configuration is that all your Internet bound resolution will be going through the other networks DNS server.  It will check it's own network for resolution, if not found would then go to the other networks DNS server, again if not found would then go to the Internet for resolution.  This causes much additional unneeded traffic.

It can be a bit confusing.  I usually look at it as if I were a packet or address.  What would be my path to resolving the name to IP and then what path would I take to get there.  

Ask these questions:

- Does the server I am asking know the IP address?
- If not, what is the next server I am going to be sent to and ask the question again
- Once I find the IP address, is it a local address or a remote address?
- If it's a remote address, does my network know how to reach it or where to send it to next?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.