Solved

understand dns

Posted on 2014-04-27
8
384 Views
Last Modified: 2014-05-06
I have installed active directory , dns and dcpromo etc etc on windows 2008 r2

my ip settings for this server are:

static ip: 192.168.0.2
subnet mask :255.255.255.0
default gateway: 192.168.0.1

prefered DNS: 192.168.0.2

My problem is with the nslookup commands - see below, comments included.


Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  ::1

> exit

(I should get the server or ip address thrown back to me of THIS server as it is the DNS Server)





C:\Users\Administrator>nslookup 192.168.0.2
Server:  UnKnown
Address:  ::1

*** UnKnown can't find 192.168.0.2: Non-existent domain


(This should throw back the FQDN of the DNS server - i.e. THIS server)






C:\Users\Administrator>nslookup server1.local
Server:  UnKnown
Address:  ::1

Name:    server1.local
Address:  192.168.0.2


(here I am doing an nslookup on the domain -  why does it say server unknown?)




C:\Users\Administrator>nslookup win2k8r2
Server:  UnKnown
Address:  ::1

Name:    win2k8r2.server1.local
Address:  192.168.0.2

(This throws back the correct data I believe)
0
Comment
Question by:Ikky786
  • 2
  • 2
  • 2
  • +1
8 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40026342
You need to set up refers lookup zones and PTR records. Or reverse lookups won't work. That explains why your 192.168.0.2 failed AND why "unknown" is being returned as the DBS server name. The address ::1 is the IPv6 loopback address and has no server name associated with it.
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40026344
Do yourself a favor and turn off IPv6.  It's more headache than it's worth, and nobody is using it in the real world.

start/run/ncpa.cpl

local area connection properties

TCP/IP v6, untick
0
 
LVL 7

Assisted Solution

by:Delete
Delete earned 250 total points
ID: 40026360
Cliff Galiher is correct and creating and populating a reverse DNS zone with the DNS servers PTR records as he suggested will resolve your question.

When promoting a Domain Controller with DNS only the Forward zones are automatically created as they are needed for AD to function.  Reverse zones on the other hand aren't absolutely necessary and therefore are left for you to manually create.
0
 

Author Comment

by:Ikky786
ID: 40026361
PTR record worked - many thanks everyone.

followed this guide -

http://www.rickygao.com/how-to-solve-nslookup-shown-unknown-for-the-default-dns-server/


To be honest I would like to know what each option means - I dont like to follow guides without learning what is actually going on in the background.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40026363
which options?
0
 

Author Comment

by:Ikky786
ID: 40026368
the difference between primary zone, secondary zone, etc
0
 
LVL 7

Assisted Solution

by:Delete
Delete earned 250 total points
ID: 40026373
If you truly want to learn what each option means and what is happening in the background then I suggest first understanding what DNS is and how it works.  There are plenty of short books, blogs, and articles available that will help with this.  One example is: http://www.amazon.com/DNS-BIND-5th-Edition-Cricket/dp/0596100574

Once you understand the concepts and underlings of DNS, then continue on to understand Windows DNS.  Example: http://technet.microsoft.com/en-us/library/cc728412(v=ws.10).aspx

You can even just use that second link to get a broad overview of both items.
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 40028412
Justin has provided some good resources and I concur. Nothing replaces a good book if you really want to "dig in" on how DNS works.

With that said, I feel I have to follow up on some advice given here. Please do *not* disable IPv6. There are plenty of "wrong" ways to disable it, and even if you do it right, Microsoft doesn't recommend it (officially stated here:)

http://blogs.technet.com/b/netro/archive/2010/11/24/arguments-against-disabling-ipv6.aspx

Note that the article was written in 2010, and as they allude to in the last few paragraphs, support for IPv6 is being baked in now into products. I can tell you first-hand that there are services that now expect IPv6 to be running and you often end up with worse performance, or downright breakage, if you disable IPv6, even if you disable it properly.

Core features still revert to IPv4, but many roles and services increasily rely on IPv6, so you end up spinning unnecessary cycles troubleshooting. There was a time when disabling IPv6 might've been valid advice. But in the 2008 R2/Win7/2012+ era, it is increasily a bad idea and will only become more convoluted moving forward.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now