asked on In Direct Access nslookup unknown
Hi Experts
in my DC server Power shell when i nslookup for isatap i got this
PS C:\Users\Administrator> nslookup isatap
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: ::1
Name: isatap.domain.net
Address: 192.168.1.200
why
in my DC server Power shell when i nslookup for isatap i got this
PS C:\Users\Administrator> nslookup isatap
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: ::1
Name: isatap.domain.net
Address: 192.168.1.200
why
Remote AccessActive DirectoryVPNNetworkingWindows Server 2012
Last Comment
Naveen Joshi
Check your network adapters DNS configuration, it seems you have set some dns server that is not responding as primary DNS.
You can check this by running "ipconfig /all" and under "Local area connection" (usually) check entries under "DNS servers".
You can check this by running "ipconfig /all" and under "Local area connection" (usually) check entries under "DNS servers".
After seeing the details you provided , it seems that ::1 is entered in preferred DNS Server , which is the IPv6 representation of what's known as 127.0.0.1 in IPv4.
And when you do nslookup it is pointing to 'unknown' as AAAA/PTR record is missing from DNS for ipv6 address.
extended info in nslookup suggests that ipv4 record for your DC is working fine on your network.
So, If you are not using ipv6 you can safely remove this from your preferred dns server's entry.
For removing it see my first comment.
And when you do nslookup it is pointing to 'unknown' as AAAA/PTR record is missing from DNS for ipv6 address.
extended info in nslookup suggests that ipv4 record for your DC is working fine on your network.
So, If you are not using ipv6 you can safely remove this from your preferred dns server's entry.
For removing it see my first comment.
ASKER
thanks all
@Naveen Joshi but i think ipv6 required for Direct Access ?
@Naveen Joshi but i think ipv6 required for Direct Access ?
ASKER
thanks all
@Uros Gaber this is my ipconfig /all
PS C:\Users\Administrator> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-03-EE-61
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6122:88a0:197:1189%1
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 251661353
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-02-C9-35-00
DNS Servers . . . . . . . . . . . : ::1
192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A4DCD5D7-FBC9-4B07
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:c4da:3d75:1:0:5efe:19
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.100%1
Default Gateway . . . . . . . . . : fe80::5efe:192.168.1.200%1
DNS Servers . . . . . . . . . . . : ::1
192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Disabled
@Uros Gaber this is my ipconfig /all
PS C:\Users\Administrator> ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-03-EE-61
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6122:88a0:197:1189%1
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 251661353
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-02-C9-35-00
DNS Servers . . . . . . . . . . . : ::1
192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{A4DCD5D7-FBC9-4B07
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:c4da:3d75:1:0:5efe:19
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.100%1
Default Gateway . . . . . . . . . : fe80::5efe:192.168.1.200%1
DNS Servers . . . . . . . . . . . : ::1
192.168.1.100
NetBIOS over Tcpip. . . . . . . . : Disabled
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
ok
dns check
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DC passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.net
Starting test: DNS
Test results for domain controllers:
DC: DC.domain.net
Domain: domain.net
TEST: Forwarders/Root hints (Forw)
Error: Both root hints and forwarders are not configured or broken. Please make sure at least one of
them works.
TEST: Records registration (RReg)
Network Adapter [00000010] Intel(R) 82574L Gigabit Network Connection:
Warning:
Missing AAAA record at DNS server 192.168.1.100:
DC.domain.net
Warning:
Missing AAAA record at DNS server 192.168.1.100:
gc._msdcs.domain.net
Warning:
Missing AAAA record at DNS server ::1:
DC.domain.net
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.domain.net
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: domain.net
DC PASS PASS FAIL PASS PASS WARN n/a
......................... domain.net failed test DNS
PS C:\Users\Administrator>
dns check
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC
Starting test: Connectivity
......................... DC passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... DC passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.net
Starting test: DNS
Test results for domain controllers:
DC: DC.domain.net
Domain: domain.net
TEST: Forwarders/Root hints (Forw)
Error: Both root hints and forwarders are not configured or broken. Please make sure at least one of
them works.
TEST: Records registration (RReg)
Network Adapter [00000010] Intel(R) 82574L Gigabit Network Connection:
Warning:
Missing AAAA record at DNS server 192.168.1.100:
DC.domain.net
Warning:
Missing AAAA record at DNS server 192.168.1.100:
gc._msdcs.domain.net
Warning:
Missing AAAA record at DNS server ::1:
DC.domain.net
Warning:
Missing AAAA record at DNS server ::1:
gc._msdcs.domain.net
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: domain.net
DC PASS PASS FAIL PASS PASS WARN n/a
......................... domain.net failed test DNS
PS C:\Users\Administrator>
This seems to be a ipv6 record reg issue and you'll have to add an AAAA record to resolve nslookup issue.
https://technet.microsoft.com/en-us/library/cc816775(v=ws.10).aspx
If you dont want to add. your first step would be to remove ::1 from the preferred dns . let it remain 192.168.1.100 only.
I believe it will not break Direct Access.
FYI : http://windowsitpro.com/networking/q-it-true-directaccess-only-works-ipv6
https://technet.microsoft.com/en-us/library/cc816775(v=ws.10).aspx
If you dont want to add. your first step would be to remove ::1 from the preferred dns . let it remain 192.168.1.100 only.
I believe it will not break Direct Access.
FYI : http://windowsitpro.com/networking/q-it-true-directaccess-only-works-ipv6
ASKER
After remove ::1 from ipv6 dns
i got this
PS C:\Users\Administrator> nslookup isatap
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.100
Name: isatap.domain.net
Address: 192.168.1.200
i got this
PS C:\Users\Administrator> nslookup isatap
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.100
Name: isatap.domain.net
Address: 192.168.1.200
I am sorry i meant 192.168.1.200 in my last comment. Do this in both the network adapters. My mistake.
ASKER
yes it's working
removed ::1
and change ipv4 dns from 192.168.1.100 to 127.0.0.1
removed ::1
and change ipv4 dns from 192.168.1.100 to 127.0.0.1
I am glad it worked. Cheers !
Hope this help.