DNS entries missing from DNS manager but NSLOOKUP works perfectly

Single Windows 2012 Server R2 as a DC with DHCP and DNS running - no other servers on the network. NSLOOKUP works perfectly resolving to correct client IP addresses and reverse works as well, but no entries are populating in the DNS Manager GUI.  Event viewer mentions event ID 800 stating the A record for the primary server in the zone's SOA record is not available on this DNS server.
Scott JacksonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ensure that server is pointing to own real IP as preferred DNS under tcp/ip and then restart netlogon service followed by DNS service and check if records are visible
Scott JacksonAuthor Commented:
Server has it's own real IP as preferred DNS.  I restarted netlogon service and then DNS service - no change.  There is no A record in the forward lookup zone.  When I try to add it, it says "Warning: The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found." Well, the reverse lookup zone is there.  When I click "Okay" and refresh the forward zone, the entry I just created is gone.
Scott JacksonAuthor Commented:
Oh, and when I uncheck the box for "Create associated pointer (PTR) record" and attempt to create the A record without a PTR, it says, "The host record *********** cannot be created. The record already exists."  

However, it's clearly not there.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

can you try create another ad integrated zone with any other domain name and check if you can create entries there and it stays there forever..?
Scott JacksonAuthor Commented:
I created a test zone and added an A record and it behaves the same as the other zone.  One thing I failed to mention is the first time it is created, it says it was successful, but then upon refresh, it's gone.
This is something I never faced / heard before

Can you run dcdiag /v from elevated cmd and post output here


run dcdiag /fix and check what happens

if still issue persists,

what you can do, you can uninstall dns role from server and reinstall same and check

The zone should load automatically after reinstall role, if not, you can create zone with same name as domain name, make it ad integrated and restart netlogon service
Scott JacksonAuthor Commented:
dcdiag /v returned a lot of info.  Passed on most all tests, but issues identified with and failed test SystemLog.  Issues are all related to DNS EventID: 0x00001695

I uninstalled dns role a couple days ago and reinstalled it hoping that would fix the issues, but it didn't.  I'll gladly do it again if you think that will work.
Scott JacksonAuthor Commented:
I removed and reinstalled dns role, and the problem persists.  Funny thing now though... reverse lookups for the server ip address come back with the servername.testforwardlookupzone instead of the servername.properdomainname.  I just deleted the test zone that I had previously created that got added back when I readded the DNS role.
So, I checked the reverse lookup zone and there was no entries.  So, I just deleted the reverse lookup zone associated with the subnet the server is on and recreated it and did a ipconfig /registerdns on the server and now it resolves fine again from anywhere, but I'm back where I started from - no entries in the dns manager under the forward or reverse zones.
Have u ran dcdiag /fix from elevated cmd
Scott JacksonAuthor Commented:
Yes, that was one of the last things I tried last night.
I also came across a blog post by Ace Fekay about similar problems as a symptom of duplicate dns zones in AD. It suggested using ADSI edit to check for duplicate zones. Well, I’ve never used ADSI edit before, but I was able to follow the steps and at least locate the zones in AD, and guess what? I didn’t see any duplicates, but the ones that are there look like they have several records that do not appear in DNS Manager. So, this is really weird. I create a zone in DNS Manager, it shows in DNS Manager, but no records show there. I can even create records there, but they are gone upon refresh. All the while, everything I do in DNS Manager apparently is being stored correctly in AD and DNS is working correctly, but the records just don’t show in DNS Manager. Almost seems like a permission based issue where it can write records but can’t view them??? Or it seems like DNS Manager is reading from one place where it isn’t finding anything but writing to the correct location.
This is a client’s server, so unfortunately I don’t personally know the history of what may have caused this situation, but I suspect it was an improper migration of non-AD DNS to Windows 2012 AD integrated DNS. My gut is telling me it’s something out of whack in AD because I’ve removed the DNS role twice now and added it back and it doesn’t seem to change anything (all the zones reappear with no records, but yet nslookup works perfectly). I even tested nslookup after stopping dns in DNS Manager, and while the role was removed and surprise! It can’t find a DNS server in either case (because it’s either turned off or removed) confirming that it is indeed this DNS server that is doing the work.
the possible issue in your case is corrupted application directory partitions (domain dns zones and forest dns zones) where dns zones are stored

You can try by changing dns zone replication scope from "all dns servers in this domain" to "all domain controllers with 2000 compatibility" which is last in list and hopefully your issue should go away

If above is successful, later point of time you can fix application directory partition issue.
you can delete application directory partition from AD and recreate it with dnscmd built-in DNS tool, if you are not comfortable with that u may hire some AD specialist to do that or even Microsoft support can help you

Scott JacksonAuthor Commented:
I tried changing dns zone replication to "all domain controllers with 2000 capatibility" like suggested, but it made no difference.
DrDave242Senior Support EngineerCommented:
You don't inadvertently have a filter configured in the DNS Manager console, do you? (Check the View menu to see if Filter is checked.) I've been burned by that before.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott JacksonAuthor Commented:

Sometimes the strangest, most mind-boggling problems have just the simplest solution.  Thank you!  I didn't think of having a filter on in the console because it wasn't a system I setup or have worked on in the past, but apparently somebody before me had used a filter (probably searching for something that isn't there now) and left it turned on.
I have to also thank Mahesh for helping me think through the complicated stuff that could have caused something like this.  As with every problem that makes you pull your hair out, I learned a lot on this one.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
dns records

From novice to tech pro — start learning today.