My DNS thinks it should register my servers with another domain
Last April I started managing a network that had not been taken care of. I first noticed 5774 Netlogon errors on my DC where it was trying to dynamically register a server with a "graphics.com" (one of my internal domains is "graphics.local") domain controller. Of course this registration fails, like it should. I have gone through my DNS and AD with a fine tooth comb and I cannot find any reference to a 'graphics.com' anywhere. I'm sure it was a mis-configuration from the previous admin (left over 10 years ago). How can I fix this mess up?
Enabling the DNS debug trace I find the following:
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF43621B0 UDP Rcv ::1 847f Q [0001 D NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68461D0 UDP Snd 208.67.222.222 6533 Q [0001 D NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF3E3A1B0 UDP Rcv 208.67.222.222 6533 R Q [8081 DR NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68461D0 UDP Snd 208.67.222.222 e1dd Q [0001 D NOERROR] A (3)ns1(6)mbhllc(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68EE0F0 UDP Rcv 208.67.222.222 e1dd R Q [8081 DR NOERROR] A (3)ns1(6)mbhllc(3)com(0)
Below is the relevent info from the Netlogon 5774
The dynamic registration of the DNS record '_ldap._tcp.5f865ed3-9e54-
DNS server IP address: 54.172.57.17
Returned Response Code (RCODE): 5
Returned Status Code: 9017
Enabling the DNS debug trace I find the following:
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF43621B0 UDP Rcv ::1 847f Q [0001 D NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68461D0 UDP Snd 208.67.222.222 6533 Q [0001 D NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF3E3A1B0 UDP Rcv 208.67.222.222 6533 R Q [8081 DR NOERROR] SOA (8)graphics(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68461D0 UDP Snd 208.67.222.222 e1dd Q [0001 D NOERROR] A (3)ns1(6)mbhllc(3)com(0)
1/26/2018 8:32:18 AM 0FC8 PACKET 0000000BF68EE0F0 UDP Rcv 208.67.222.222 e1dd R Q [8081 DR NOERROR] A (3)ns1(6)mbhllc(3)com(0)
Below is the relevent info from the Netlogon 5774
The dynamic registration of the DNS record '_ldap._tcp.5f865ed3-9e54-
DNS server IP address: 54.172.57.17
Returned Response Code (RCODE): 5
Returned Status Code: 9017
ASKER
Thanks for the info Peter. I'm planning on migrating and merging my two domains, but that is a project for another day.
That's weird; it's definitely trying to register an SRV record in _msdcs.graphics.com. I wonder if that's a relic from a domain rename performed in the past. On that server, open this file:
C:\Windows\system32\config
Search that file for graphics.com and let me know if you find anything.
C:\Windows\system32\config
Search that file for graphics.com and let me know if you find anything.
ASKER
Nice catch DrDave!
I've verified that these entries are in netlogon.dns on both my PDC and BDC (Forrest level 2000)
Here's the pertient information from netlogon.dns:
graphics.com. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_ldap._tcp.pdc._msdcs.grap
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.graphics._sites
_ldap._tcp.b5ed43ba-00f9-4
gc._msdcs.graphics.com. 1800 IN A 192.168.1.2
70586341-26d9-49b0-a0fb-07
_kerberos._tcp.dc._msdcs.g
_kerberos._tcp.communicati
_kerberos._tcp.graphics._s
_ldap._tcp.dc._msdcs.graph
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_kerberos._tcp.graphics.co
_kerberos._tcp.communicati
_kerberos._tcp.graphics._s
_gc._tcp.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_gc._tcp.graphics._sites.g
_kerberos._udp.graphics.co
_kpasswd._tcp.graphics.com
_kpasswd._udp.graphics.com
I also found the following entries in NETLOGON.DNS my second domain (communications.local)
_ldap._tcp.5f865ed3-9e54-4
bfd10ef6-7673-4632-9e55-88
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.communications.
gc._msdcs.graphics.com. 600 IN A 192.168.0.250
_gc._tcp.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.loc
_gc._tcp.communications._s
I've verified that these entries are in netlogon.dns on both my PDC and BDC (Forrest level 2000)
Here's the pertient information from netlogon.dns:
graphics.com. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.com. 1800 IN SRV 0 100 389 Logic.graphics.local.
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_ldap._tcp.pdc._msdcs.grap
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.graphics._sites
_ldap._tcp.b5ed43ba-00f9-4
gc._msdcs.graphics.com. 1800 IN A 192.168.1.2
70586341-26d9-49b0-a0fb-07
_kerberos._tcp.dc._msdcs.g
_kerberos._tcp.communicati
_kerberos._tcp.graphics._s
_ldap._tcp.dc._msdcs.graph
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_kerberos._tcp.graphics.co
_kerberos._tcp.communicati
_kerberos._tcp.graphics._s
_gc._tcp.graphics.com. 1800 IN SRV 0 100 3268 Logic.graphics.local.
_gc._tcp.graphics._sites.g
_kerberos._udp.graphics.co
_kpasswd._tcp.graphics.com
_kpasswd._udp.graphics.com
I also found the following entries in NETLOGON.DNS my second domain (communications.local)
_ldap._tcp.5f865ed3-9e54-4
bfd10ef6-7673-4632-9e55-88
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.communications.
gc._msdcs.graphics.com. 600 IN A 192.168.0.250
_gc._tcp.graphics.com. 600 IN SRV 0 100 3268 commdc2.communications.loc
_gc._tcp.communications._s
Wow, that's a lot more than I expected to see in there! On that first DC, are there corresponding graphics.local records listed, or are the graphics.com records the only ones in the file?
ASKER
Yes DrDave,
There are similar listings for graphics.local (a sample is excerpted below):
graphics.local. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.local.
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.graphics._sites
_ldap._tcp.b5ed43ba-00f9-4
I have records for kerberos, ldap and records for DomainDnsZones and ForestDnsZones.
There are similar listings for graphics.local (a sample is excerpted below):
graphics.local. 1800 IN A 192.168.1.2
_ldap._tcp.graphics.local.
_ldap._tcp.communications.
_ldap._tcp.graphics._sites
_ldap._tcp.gc._msdcs.graph
_ldap._tcp.graphics._sites
_ldap._tcp.b5ed43ba-00f9-4
I have records for kerberos, ldap and records for DomainDnsZones and ForestDnsZones.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Again Hat Tip to you DrDave!
Hidden in exactly where indicated, msDS-DNSRootAlias is set to graphics.com! Even though in the 'nCName' is DC=Graphics,DC=local
Hidden in exactly where indicated, msDS-DNSRootAlias is set to graphics.com! Even though in the 'nCName' is DC=Graphics,DC=local
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks DrDave,
I would have never found those keys without your assistance.
I would have never found those keys without your assistance.
See this article: http://www.mdmarra.com/2012/11/why-you-shouldnt-use-local-in-your.html