RE: [ActiveDir] DNS Issue
Steve - latest update from Microsoft regarding the DNS issue, install hotfix 919218 which is the latest build of DNS.EXE with the KB article dated July 19, 2006! I'll keep you updated after the usual routine of testing the hotfix then deploying in production then keeping fingers crossed while looking at the MOM console... http://support.microsoft.com/kb/919218/en-us -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 19:13 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue This is similar to the problem that we had seen before with caching and TTLs and I believe may be addressed by this fix: http://support.microsoft.com/kb/903720/en-us. You could confirm it by disabling the cache but your performance will suffer. It has been a while since I actually looked at this type of failure but I believe we worked around the issue temporarily by using stub zones. Since it looks like a possible issue with caching and TTL I would consider opening a case with Product Support Services (PSS) to get to the bottom of it. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Monday, July 24, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue Hi Steve Interesting findings. Firstly, yes I am clearing the DNS Cache and not doing ipconfig /flushdns on the DC. I have shown the d2 output below but also see the following: 1. Clear the DNS cache on DC 2. Submit query for server1.nyc.test.com - success 3. Explicitly delete the record for above host from the cache leaving the nyc parent folder in cache. 4. Submit query for server1.nyc.test.com - fail 5. Delete nyc parent folder 6. Submit query for server1.nyc.test.com - success So what I think is happening is when the TTL for the cached record expires it gets deleted (as per the manual deletion above) then subsequent queries fail. Note that the DNS server for test.com are QIP based - may have a bearing? > server1.nyc.test.com Server: dns1.int.mycorp.com Address: x.x.x.x SendRequest(), len 62 HEADER: opcode = QUERY, id = 15, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN Got answer (135 bytes): HEADER: opcode = QUERY, id = 15, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> int.mycorp.com type = SOA, class = IN, dlen = 47 ttl = 3600 (1 hour) primary name server = dns1.int.mycorp.com responsible mail addr = hostmaster.int.mycorp.com serial = 54966 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) SendRequest(), len 55 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN Got answer (118 bytes): HEADER: opcode = QUERY, id = 16, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> mycorp.com type = SOA, class = IN, dlen = 44 ttl = 86400 (1 day) primary name server = name.int.com responsible mail addr = postmaster.int.com serial = 2006072002 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) SendRequest(), len 47 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN Got answer (47 bytes): HEADER: opcode = QUERY, id = 17, rcode = SERVFAIL header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN *** dns1.int.mycorp.com can't find server1.nyc.test.com: Server failed > -Original Message- From: [EM
RE: [ActiveDir] DNS Issue
PSS is already on the case. I will report back once the fix (hopefully!) has been identified. Cheers so far David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 19:13 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue This is similar to the problem that we had seen before with caching and TTLs and I believe may be addressed by this fix: http://support.microsoft.com/kb/903720/en-us. You could confirm it by disabling the cache but your performance will suffer. It has been a while since I actually looked at this type of failure but I believe we worked around the issue temporarily by using stub zones. Since it looks like a possible issue with caching and TTL I would consider opening a case with Product Support Services (PSS) to get to the bottom of it. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Monday, July 24, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue Hi Steve Interesting findings. Firstly, yes I am clearing the DNS Cache and not doing ipconfig /flushdns on the DC. I have shown the d2 output below but also see the following: 1. Clear the DNS cache on DC 2. Submit query for server1.nyc.test.com - success 3. Explicitly delete the record for above host from the cache leaving the nyc parent folder in cache. 4. Submit query for server1.nyc.test.com - fail 5. Delete nyc parent folder 6. Submit query for server1.nyc.test.com - success So what I think is happening is when the TTL for the cached record expires it gets deleted (as per the manual deletion above) then subsequent queries fail. Note that the DNS server for test.com are QIP based - may have a bearing? > server1.nyc.test.com Server: dns1.int.mycorp.com Address: x.x.x.x SendRequest(), len 62 HEADER: opcode = QUERY, id = 15, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN Got answer (135 bytes): HEADER: opcode = QUERY, id = 15, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> int.mycorp.com type = SOA, class = IN, dlen = 47 ttl = 3600 (1 hour) primary name server = dns1.int.mycorp.com responsible mail addr = hostmaster.int.mycorp.com serial = 54966 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) SendRequest(), len 55 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN Got answer (118 bytes): HEADER: opcode = QUERY, id = 16, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> mycorp.com type = SOA, class = IN, dlen = 44 ttl = 86400 (1 day) primary name server = name.int.com responsible mail addr = postmaster.int.com serial = 2006072002 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) SendRequest(), len 47 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN Got answer (47 bytes): HEADER: opcode = QUERY, id = 17, rcode = SERVFAIL header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN *** dns1.int.mycorp.com can't find server1.nyc.test.com: Server failed > -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 3:58 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue David, A few more questions. When you state you cleared the cache I wa
RE: [ActiveDir] DNS Issue
This is similar to the problem that we had seen before with caching and TTLs and I believe may be addressed by this fix: http://support.microsoft.com/kb/903720/en-us. You could confirm it by disabling the cache but your performance will suffer. It has been a while since I actually looked at this type of failure but I believe we worked around the issue temporarily by using stub zones. Since it looks like a possible issue with caching and TTL I would consider opening a case with Product Support Services (PSS) to get to the bottom of it. Thanks, -Steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wyatt, David Sent: Monday, July 24, 2006 10:44 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue Hi Steve Interesting findings. Firstly, yes I am clearing the DNS Cache and not doing ipconfig /flushdns on the DC. I have shown the d2 output below but also see the following: 1. Clear the DNS cache on DC 2. Submit query for server1.nyc.test.com - success 3. Explicitly delete the record for above host from the cache leaving the nyc parent folder in cache. 4. Submit query for server1.nyc.test.com - fail 5. Delete nyc parent folder 6. Submit query for server1.nyc.test.com - success So what I think is happening is when the TTL for the cached record expires it gets deleted (as per the manual deletion above) then subsequent queries fail. Note that the DNS server for test.com are QIP based - may have a bearing? > server1.nyc.test.com Server: dns1.int.mycorp.com Address: x.x.x.x SendRequest(), len 62 HEADER: opcode = QUERY, id = 15, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN Got answer (135 bytes): HEADER: opcode = QUERY, id = 15, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> int.mycorp.com type = SOA, class = IN, dlen = 47 ttl = 3600 (1 hour) primary name server = dns1.int.mycorp.com responsible mail addr = hostmaster.int.mycorp.com serial = 54966 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) SendRequest(), len 55 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN Got answer (118 bytes): HEADER: opcode = QUERY, id = 16, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> mycorp.com type = SOA, class = IN, dlen = 44 ttl = 86400 (1 day) primary name server = name.int.com responsible mail addr = postmaster.int.com serial = 2006072002 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) SendRequest(), len 47 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN Got answer (47 bytes): HEADER: opcode = QUERY, id = 17, rcode = SERVFAIL header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN *** dns1.int.mycorp.com can't find server1.nyc.test.com: Server failed > -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 3:58 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue David, A few more questions. When you state you cleared the cache I want to insure this meant clearing the Cache on the DNS Server not the client resolver cache. Also if you open the DNS snap-in in advanced mode and look in the cache do you see a record for nyc.test.com and if so can you provide a screenshot of the entry from the DNS MMC? Finally can you go the DNS server open a cmd
RE: [ActiveDir] DNS Issue
Hi Steve Interesting findings. Firstly, yes I am clearing the DNS Cache and not doing ipconfig /flushdns on the DC. I have shown the d2 output below but also see the following: 1. Clear the DNS cache on DC 2. Submit query for server1.nyc.test.com - success 3. Explicitly delete the record for above host from the cache leaving the nyc parent folder in cache. 4. Submit query for server1.nyc.test.com - fail 5. Delete nyc parent folder 6. Submit query for server1.nyc.test.com - success So what I think is happening is when the TTL for the cached record expires it gets deleted (as per the manual deletion above) then subsequent queries fail. Note that the DNS server for test.com are QIP based - may have a bearing? > server1.nyc.test.com Server: dns1.int.mycorp.com Address: x.x.x.x SendRequest(), len 62 HEADER: opcode = QUERY, id = 15, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN Got answer (135 bytes): HEADER: opcode = QUERY, id = 15, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.int.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> int.mycorp.com type = SOA, class = IN, dlen = 47 ttl = 3600 (1 hour) primary name server = dns1.int.mycorp.com responsible mail addr = hostmaster.int.mycorp.com serial = 54966 refresh = 900 (15 mins) retry = 600 (10 mins) expire = 86400 (1 day) default TTL = 3600 (1 hour) SendRequest(), len 55 HEADER: opcode = QUERY, id = 16, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN Got answer (118 bytes): HEADER: opcode = QUERY, id = 16, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: server1.nyc.test.com.mycorp.com, type = A, class = IN AUTHORITY RECORDS: -> mycorp.com type = SOA, class = IN, dlen = 44 ttl = 86400 (1 day) primary name server = name.int.com responsible mail addr = postmaster.int.com serial = 2006072002 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) SendRequest(), len 47 HEADER: opcode = QUERY, id = 17, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN Got answer (47 bytes): HEADER: opcode = QUERY, id = 17, rcode = SERVFAIL header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: server1.nyc.test.com, type = A, class = IN *** dns1.int.mycorp.com can't find server1.nyc.test.com: Server failed > -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 24 Jul 2006 3:58 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue David, A few more questions. When you state you cleared the cache I want to insure this meant clearing the Cache on the DNS Server not the client resolver cache. Also if you open the DNS snap-in in advanced mode and look in the cache do you see a record for nyc.test.com and if so can you provide a screenshot of the entry from the DNS MMC? Finally can you go the DNS server open a cmd prompt and launch nslookup. Type "set d2" without the quotes so that you get additional debug output and then type in nyc.test.com and post the output. Why am I asking all of these questions? Well we had a few issues where the DNS servers cache may not correctly cache entries causing the behavior that you are seeing. Sometimes even though you clear the cache if the record is looked up frequently then even clearing the cache will not resolve the issue long enough to see it corrected. I thought that all of these had been addressed by the build that you are running however the output from the above tests should let us see what is going on. Thanks, -Steve **
RE: [ActiveDir] DNS Issue
David, A few more questions. When you state you cleared the cache I want to insure this meant clearing the Cache on the DNS Server not the client resolver cache. Also if you open the DNS snap-in in advanced mode and look in the cache do you see a record for nyc.test.com and if so can you provide a screenshot of the entry from the DNS MMC? Finally can you go the DNS server open a cmd prompt and launch nslookup. Type "set d2" without the quotes so that you get additional debug output and then type in nyc.test.com and post the output. Why am I asking all of these questions? Well we had a few issues where the DNS servers cache may not correctly cache entries causing the behavior that you are seeing. Sometimes even though you clear the cache if the record is looked up frequently then even clearing the cache will not resolve the issue long enough to see it corrected. I thought that all of these had been addressed by the build that you are running however the output from the above tests should let us see what is going on. Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Wyatt, David Sent: Sat 7/22/2006 7:45 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue Hi Steve Binary version is 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Clearing the cache does not fix the issue. Thanks David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 22 Jul 2006 0:56 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue What version of the DNS binary are you running and if you clear the cache instead of restart DNS does it resolve the issue? Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Wyatt, David Sent: Fri 7/21/2006 4:39 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS Issue We have a single Windows 2003 SP1 forest/domain. DCs run AD integated zones. We have Forwarders configured for a domain e.g. test.com with 2 IP addresses entered for the DNS servers in test.com. We have seen a strange issue where queries for a host in the sub-domain nyc.test.com fail (even when doing an nslookup directly from the DC). When we restart the DNS service on the DC resolution succeeds for a host in nyc.test.com. After time it appears resolution fails again. Another observation is when (after time) name resolution fails for a host in nyc.test.com and we explicitly add nyc.test.com as another Forwarder and without restarting the DNS service names in nyc.test.com resolves. Remove the forwarding to nyc.test.com and resolution fails! Any ideas? Regards David This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DNS Issue
Hi Steve Binary version is 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) Clearing the cache does not fix the issue. Thanks David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Linehan Sent: 22 Jul 2006 0:56 To: ActiveDir@mail.activedir.org; ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue What version of the DNS binary are you running and if you clear the cache instead of restart DNS does it resolve the issue? Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Wyatt, David Sent: Fri 7/21/2006 4:39 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS Issue We have a single Windows 2003 SP1 forest/domain. DCs run AD integated zones. We have Forwarders configured for a domain e.g. test.com with 2 IP addresses entered for the DNS servers in test.com. We have seen a strange issue where queries for a host in the sub-domain nyc.test.com fail (even when doing an nslookup directly from the DC). When we restart the DNS service on the DC resolution succeeds for a host in nyc.test.com. After time it appears resolution fails again. Another observation is when (after time) name resolution fails for a host in nyc.test.com and we explicitly add nyc.test.com as another Forwarder and without restarting the DNS service names in nyc.test.com resolves. Remove the forwarding to nyc.test.com and resolution fails! Any ideas? Regards David This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
RE: [ActiveDir] DNS Issue
What version of the DNS binary are you running and if you clear the cache instead of restart DNS does it resolve the issue? Thanks, -Steve From: [EMAIL PROTECTED] on behalf of Wyatt, David Sent: Fri 7/21/2006 4:39 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS Issue We have a single Windows 2003 SP1 forest/domain. DCs run AD integated zones. We have Forwarders configured for a domain e.g. test.com with 2 IP addresses entered for the DNS servers in test.com. We have seen a strange issue where queries for a host in the sub-domain nyc.test.com fail (even when doing an nslookup directly from the DC). When we restart the DNS service on the DC resolution succeeds for a host in nyc.test.com. After time it appears resolution fails again. Another observation is when (after time) name resolution fails for a host in nyc.test.com and we explicitly add nyc.test.com as another Forwarder and without restarting the DNS service names in nyc.test.com resolves. Remove the forwarding to nyc.test.com and resolution fails! Any ideas? Regards David This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
[ActiveDir] DNS Issue
Title: Message We have a single Windows 2003 SP1 forest/domain. DCs run AD integated zones. We have Forwarders configured for a domain e.g. test.com with 2 IP addresses entered for the DNS servers in test.com. We have seen a strange issue where queries for a host in the sub-domain nyc.test.com fail (even when doing an nslookup directly from the DC). When we restart the DNS service on the DC resolution succeeds for a host in nyc.test.com. After time it appears resolution fails again. Another observation is when (after time) name resolution fails for a host in nyc.test.com and we explicitly add nyc.test.com as another Forwarder and without restarting the DNS service names in nyc.test.com resolves. Remove the forwarding to nyc.test.com and resolution fails! Any ideas? Regards David This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. �
RE: [ActiveDir] DNS Issue
Which is why we always preach that you bring your TTL down prior to moving resources. If your TTL was fro, say, 2 days, and you plan to move resources, bring it down to, say, 1 hour, at least 2 days before the actual move. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] Sent: Thu 12/22/2005 7:00 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS Issue When we moved www.msmvps.com it took anywhere from 1 to 3 days for some cache sites to update even after we messed with the TTL value. If you go to www.dnsstuff.com you can see how long some of them take. Shane De Jager wrote: >Hi, > >I am running a DNS server on my Windows Server. Our hosting company has moved our website to new server. The problem is that when i try to access our website it resolves to the incorrect server. It is still refering to the IP address of the old server and not the new. Is there a way to reset the DNS cache or something? > > > > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS Issue
When we moved www.msmvps.com it took anywhere from 1 to 3 days for some cache sites to update even after we messed with the TTL value. If you go to www.dnsstuff.com you can see how long some of them take. Shane De Jager wrote: Hi, I am running a DNS server on my Windows Server. Our hosting company has moved our website to new server. The problem is that when i try to access our website it resolves to the incorrect server. It is still refering to the IP address of the old server and not the new. Is there a way to reset the DNS cache or something? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS Issue
On Thu, 22 Dec 2005 12:43:15 +, Shane De Jager wrote > Hi, > > I am running a DNS server on my Windows Server. Our hosting company > has moved our website to new server. The problem is that when i try > to access our website it resolves to the incorrect server. It is > still refering to the IP address of the old server and not the new. > Is there a way to reset the DNS cache or something? Every zone in DNS has it's Time To Live (TTL) which determines time for which records in this zone are valid and should be cached on the DNS servers. You can clear Your DNS cache with dnscmd command: http://www.windowsitpro.com/Article/ArticleID/41229/41229.html Of course it may be a problem of Your client cache in this case ipconfig /flushdns should help. -- Tomasz Onyszko - [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS Issue
Hi, I am running a DNS server on my Windows Server. Our hosting company has moved our website to new server. The problem is that when i try to access our website it resolves to the incorrect server. It is still refering to the IP address of the old server and not the new. Is there a way to reset the DNS cache or something? -- Shane De Jager Technical Developer INTERGAGE High-performance, updateable Web sites Switchboard +44 (0)845 456 1022 == www.intergage.co.uk [EMAIL PROTECTED] Are you aware of our referral scheme? Learn how you could profit personally from passing us leads. Click here to pass a referral: www.intergage.co.uk/referrals List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS issue
that is because the server is a root server. a DNS server is a root server when it contains a root zone called .(dot) If you want to use forwarders and/or root hint servers you should delete the root zone cheers, jorge From: [EMAIL PROTECTED] on behalf of Antonio Aranda Sent: Tue 12/13/2005 6:27 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] DNS issue I have a bit of a problem and I'm hoping some can help me. The forwarding tab is grayed out. It won't allow me to add an IP for forwarding unresolved queries. It said that forwarding is not available because this is a root server. What does this mean and how can I change it? Thanks Antonio This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. <>
RE: [ActiveDir] DNS issue
Hi Antonio, This could be a starting point for you --> http://support.microsoft.com/default.aspx?scid=kb;en-us;229840 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Antonio ArandaSent: Tuesday, December 13, 2005 12:28 PMTo: ActiveDir@mail.activedir.orgSubject: [spam] [ActiveDir] DNS issue I have a bit of a problem and I’m hoping some can help me. The forwarding tab is grayed out. It won’t allow me to add an IP for forwarding unresolved queries. It said that forwarding is not available because this is a root server. What does this mean and how can I change it? Thanks Antonio To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.
[ActiveDir] DNS issue
I have a bit of a problem and I’m hoping some can help me. The forwarding tab is grayed out. It won’t allow me to add an IP for forwarding unresolved queries. It said that forwarding is not available because this is a root server. What does this mean and how can I change it? Thanks Antonio
RE: [ActiveDir] DNS Issue
You're apparently getting the text for the posts that come to me blank. That at least would account for the lost text, as energy must go somewhere Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph B. Luptak Sent: Tuesday, August 02, 2005 9:28 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue I keep getting two emails for every post to this group. Any ideas? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
Al, Good questions all. The server isn't running anything to my knowledge besides DNS and WINS. I believe that it was that sites DC before they migrated to our central AD which they are just now deploying there. I'm not getting they timeout error any more, I'm receiving a non-authorative response. (I do run the testing feature in the DNS MMC and it returned successfully on both tests, but I'm not sure if that means a true request won't time out.) I don't know why DNS1 is deployed, politics and all that. It's just became my problem when they are no longer able to find my servers and I need to provide rational to my boss as to why this server is breaking things. I can't say they that they need to remove it without giving them technical reasons as to why. I think is weird as well. When you say what about permissions, which ones are you referring to? I know that the security on this box isn't the same as the DNS servers on the DCs. I also believe that the DNS on the domain1.rootdomain.com was supposed to be AD integrated, but the DNS on the DNS1 box is obviously a secondary DNS server. (Oh, and I can access the DNS on DNS1 but not on the domain controllers using the MMC so I know the security is different, I just don't know what detail you are asking about. Charlie -Original Message- From: Al Mulnick [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:30 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] DNS Issue I don't think that would solve the issue to be totally honest. I think the problem is more to do with DNS1.Domain1.rootdomain.com and possibly a time-out or other weirded out configuration. To clarify: What software is DNS1 running? Are you just timing out in your query causing the failures? Why is DNS1 deployed in the first place? What purpose does it serve in that environment? Why does DNS1 forward to a host that hosts the same domain it does? That's weird to me. I realize it hosts other domains, but it's silly and inefficient to do things that way. What about permissions? Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Tuesday, August 02, 2005 10:11 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS Issue In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues > and I was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our > domains are divided for divisions who all operate individually (with > the exception of the root of course.) We have shared resources in > each others domains that we all need to and some of our DNS isn't work > and some of it is. I know why things aren't working but at times I'm > not sure why it is. Very confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it > is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has > a number of zones configured including the _msdcs.rootdomain.com zone > (for forwarding forest traffic lookup and they forward all other > traffic to their internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers > and they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with > forwards to rootdomain.com with the IP address of the rootdomain DNS > servers and then all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they > are using the dns2.domain1.rootdomain.com server they are unable to > find all of the servers in the domain2.rootdomain.com domain. > Although I think the approach of domain1 isn't what I would consider > optimal because I prefer AD integrated DNS, I would still think that > with the extra hop these server should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com PC > queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com >
RE: [ActiveDir] DNS Issue
We could do that. In fact, in the long run that might be a good idea because of the amount of traffic that we have between these two domains. But one thing I have been noticing is that site DNS server in domain 1 can't obtain any authortive responses from domain 2 even though the DC DNS servers in domain 1 can obtain the authorative responses. I'm getting more confused as I look into this issue. -Original Message- From: Phil Renouf [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:11 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS Issue In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues and I > was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our domains > are divided for divisions who all operate individually (with the exception > of the root of course.) We have shared resources in each others domains > that we all need to and some of our DNS isn't work and some of it is. I > know why things aren't working but at times I'm not sure why it is. Very > confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has a > number of zones configured including the _msdcs.rootdomain.com zone (for > forwarding forest traffic lookup and they forward all other traffic to their > internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers and > they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with forwards > to rootdomain.com with the IP address of the rootdomain DNS servers and then > all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they are > using the dns2.domain1.rootdomain.com server they are unable to find all of > the servers in the domain2.rootdomain.com domain. Although I think the > approach of domain1 isn't what I would consider optimal because I prefer AD > integrated DNS, I would still think that with the extra hop these server > should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com > PC queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com > dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, cannot > find it, it forwards to rootdomain.com > rootdomain.com then forwards request to dc.domain2.rootdomain.com, which > returns the IP address of srv2.domain2.rootdomain.com > > Maybe this is too confusing to put in an e-mail or maybe I didn't word it > right. But if I did, does this sound correct. > > I do know that when I have the PCs at that site1 change their DNS servers > from the dns1.domain1.rootdomain.com to dc.domain1.rootdomain.com and try to > query they are able to get to my servers. I'm wondering if we just need to > add a few more forward lookup for the rootdomain.com or add the > _msdcs.rootdomain.com to that servers DNS? > > Wow, I'm long winded today. > > Charlie > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
I don't think that would solve the issue to be totally honest. I think the problem is more to do with DNS1.Domain1.rootdomain.com and possibly a time-out or other weirded out configuration. To clarify: What software is DNS1 running? Are you just timing out in your query causing the failures? Why is DNS1 deployed in the first place? What purpose does it serve in that environment? Why does DNS1 forward to a host that hosts the same domain it does? That's weird to me. I realize it hosts other domains, but it's silly and inefficient to do things that way. What about permissions? Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Sent: Tuesday, August 02, 2005 10:11 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] DNS Issue In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues > and I was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our > domains are divided for divisions who all operate individually (with > the exception of the root of course.) We have shared resources in > each others domains that we all need to and some of our DNS isn't work > and some of it is. I know why things aren't working but at times I'm > not sure why it is. Very confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it > is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has > a number of zones configured including the _msdcs.rootdomain.com zone > (for forwarding forest traffic lookup and they forward all other > traffic to their internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers > and they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with > forwards to rootdomain.com with the IP address of the rootdomain DNS > servers and then all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they > are using the dns2.domain1.rootdomain.com server they are unable to > find all of the servers in the domain2.rootdomain.com domain. > Although I think the approach of domain1 isn't what I would consider > optimal because I prefer AD integrated DNS, I would still think that > with the extra hop these server should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com PC > queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com > dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, > cannot find it, it forwards to rootdomain.com rootdomain.com then > forwards request to dc.domain2.rootdomain.com, which returns the IP > address of srv2.domain2.rootdomain.com > > Maybe this is too confusing to put in an e-mail or maybe I didn't word > it right. But if I did, does this sound correct. > > I do know that when I have the PCs at that site1 change their DNS > servers from the dns1.domain1.rootdomain.com to > dc.domain1.rootdomain.com and try to query they are able to get to my > servers. I'm wondering if we just need to add a few more forward > lookup for the rootdomain.com or add the _msdcs.rootdomain.com to that > servers DNS? > > Wow, I'm long winded today. > > Charlie > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
I keep getting two emails for every post to this group. Any ideas? List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS Issue
In the interest of making the name resolution more straight forward, is it possible for the Domain 1 DC to setup a conditional forwarder for Domain 2 and point it at Domain 2 (and not the root)? Phil On 8/2/05, Carerros, Charles <[EMAIL PROTECTED]> wrote: > Alright, I'm not the best at DNS and we are running into some issues and I > was hoping for some feedback. > > First we are using an empty root multi-domain forest structure. Our domains > are divided for divisions who all operate individually (with the exception > of the root of course.) We have shared resources in each others domains > that we all need to and some of our DNS isn't work and some of it is. I > know why things aren't working but at times I'm not sure why it is. Very > confusing so here is some more details. > > One of the domains have sites that aren't working. > > They have configured (this isn't one of my sites) a local DNS server > [dns1.domain1.rootdomain.com] that has one zone configured > [domain1.rootdomain.com](a secondary zone for the domain to which it is a > part) and then they forward all other network traffic to their primary > domain controller for that domain. > > The domain controller for that domain [dc.domain1.rootdomain.com] has a > number of zones configured including the _msdcs.rootdomain.com zone (for > forwarding forest traffic lookup and they forward all other traffic to their > internet DNS servers. > > My domain uses AD integrated DNS with all DCs serving as DNS servers and > they replicate all of the zones across. They basically have the > domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with forwards > to rootdomain.com with the IP address of the rootdomain DNS servers and then > all other traffic to our internet providers. > > When people at site one try to reach a server at my location if they are > using the dns2.domain1.rootdomain.com server they are unable to find all of > the servers in the domain2.rootdomain.com domain. Although I think the > approach of domain1 isn't what I would consider optimal because I prefer AD > integrated DNS, I would still think that with the extra hop these server > should be able to find mine. > > The traffic flow logic would look something like this: > > PC in site1 is looking for a server srv1.domain2.rootdomain.com > PC queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS > there, it forwards to dc.domain1.rootdomain.com > dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, cannot > find it, it forwards to rootdomain.com > rootdomain.com then forwards request to dc.domain2.rootdomain.com, which > returns the IP address of srv2.domain2.rootdomain.com > > Maybe this is too confusing to put in an e-mail or maybe I didn't word it > right. But if I did, does this sound correct. > > I do know that when I have the PCs at that site1 change their DNS servers > from the dns1.domain1.rootdomain.com to dc.domain1.rootdomain.com and try to > query they are able to get to my servers. I'm wondering if we just need to > add a few more forward lookup for the rootdomain.com or add the > _msdcs.rootdomain.com to that servers DNS? > > Wow, I'm long winded today. > > Charlie > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS Issue
Alright, I'm not the best at DNS and we are running into some issues and I was hoping for some feedback. First we are using an empty root multi-domain forest structure. Our domains are divided for divisions who all operate individually (with the exception of the root of course.) We have shared resources in each others domains that we all need to and some of our DNS isn't work and some of it is. I know why things aren't working but at times I'm not sure why it is. Very confusing so here is some more details. One of the domains have sites that aren't working. They have configured (this isn't one of my sites) a local DNS server [dns1.domain1.rootdomain.com] that has one zone configured [domain1.rootdomain.com](a secondary zone for the domain to which it is a part) and then they forward all other network traffic to their primary domain controller for that domain. The domain controller for that domain [dc.domain1.rootdomain.com] has a number of zones configured including the _msdcs.rootdomain.com zone (for forwarding forest traffic lookup and they forward all other traffic to their internet DNS servers. My domain uses AD integrated DNS with all DCs serving as DNS servers and they replicate all of the zones across. They basically have the domain2.rootdomain.com zone and the _msdcs.rootdomain.com zone with forwards to rootdomain.com with the IP address of the rootdomain DNS servers and then all other traffic to our internet providers. When people at site one try to reach a server at my location if they are using the dns2.domain1.rootdomain.com server they are unable to find all of the servers in the domain2.rootdomain.com domain. Although I think the approach of domain1 isn't what I would consider optimal because I prefer AD integrated DNS, I would still think that with the extra hop these server should be able to find mine. The traffic flow logic would look something like this: PC in site1 is looking for a server srv1.domain2.rootdomain.com PC queries dns1.domain1.rootdomain.com but cannot find the domain2 DNS there, it forwards to dc.domain1.rootdomain.com dc.domain1.rootdomain.com queries for srv1.domain2.rootdomain.com, cannot find it, it forwards to rootdomain.com rootdomain.com then forwards request to dc.domain2.rootdomain.com, which returns the IP address of srv2.domain2.rootdomain.com Maybe this is too confusing to put in an e-mail or maybe I didn't word it right. But if I did, does this sound correct. I do know that when I have the PCs at that site1 change their DNS servers from the dns1.domain1.rootdomain.com to dc.domain1.rootdomain.com and try to query they are able to get to my servers. I'm wondering if we just need to add a few more forward lookup for the rootdomain.com or add the _msdcs.rootdomain.com to that servers DNS? Wow, I'm long winded today. Charlie List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS Issue
Deji, could you give me a shout at [EMAIL PROTECTED] Thanks On 9/23/04 12:36 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Awesome. Glad you got it working :) > > I am in San Jose, in sunny California. > > 1. Yes > 2. Yes > > Make sure you manually check and remove any lingering reference to the old > computer in ADUC (Domain Controllers OU), AD Site and Services and WINS. > After that, you should be good to go. > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > > > From: [EMAIL PROTECTED] on behalf of Aaron Visser > Sent: Thu 9/23/2004 10:34 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DNS Issue > > > Deji it worked AWESOME Thanks a ton man, Where are you located? Couple more > questions or concerns: > 1) I am in the process of rebuiling the downed server and I plan to make it > the secondary DC am I able to give it the same computer name or will this > cause some problems > 2) When setting up a new DNS zone on the new DC I tried to do the top optoin > (this server will supply DNS for your forest) but got a 'Server > Failure Error' So I Restarted the New Zone wizard and selected the Bottom > option (this server will supply DNS for your Domain Controllers ) > and it is working. :) is this ok? > > Thanks, > Aaron > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Deji Akomolafe > Sent: Wednesday, September 22, 2004 11:35 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DNS Issue > > > In case you are still reading this, I'm still up for the next 30 > minutes in case you need someone to bounce ideas off of. If not, good luck. > > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > > > From: Aaron Visser > Sent: Wed 9/22/2004 9:26 PM > To: [EMAIL PROTECTED] > Subject: Re: [ActiveDir] DNS Issue > > > Deji, Thanks for the info I am heading back to work to give this a > try. My only concern is the fact that I did not have DNS running on the > secondary DC before the 1st one went down. > > Aaron Visser > > > On 9/22/04 7:28 PM, "Deji Akomolafe" <[EMAIL PROTECTED]> wrote: > > > > Look at the TCP/IP properties of the new server and make sure > that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure > that the option to "use lmhosts..." is uncheck. Make sure you've properly > removed traces of the dead server from AD. Make sure that you remove all > replication links between the new and dead server (AD SItes and Services) > > Take a look at my little "FSMO" pep talk here: > http://www.akomolafe.com/docs/xferfsmos.htm > > You should be able to create your zone without the presence > of the dead server. Check eventlog for relevant errors. Also be sure to > modify your DHCP scope to reflect the fact that this is now your main DNS > server (at least for the time being) > > > Sincerely, > > Dèjì Akómöláfé, MCSE MCSA MCP+I > Microsoft MVP - Directory Services > www.readymaids.com <http://www.readymaids.com> - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were > worried about Yesterday? -anon > > > > > From: Aaron Visser > Sent: Wed 9/22/2004 5:59 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DNS Issue > > Ok here it goes, > > Windows 2003 Servers > > Today the Raid controller lost the HD config on my main AD > server after hour > or so of trying to get it back online I decided to opt for > the promotion of > AD to my secondary Domain controller and just rebuild the 1st > one. Well the > big problem I faced was that I never installed DNS on the > second domain > controller. I decieded to go ahead with the FSMO promotion > and everything > was seized just fine. But now I sit with no DNS (I installed > DNS before the > Seizer of roles) but it is not creating any Zones. I have > tried to create a > new Zone but it keeps looking for the downed server? > > Any help in this would be greatly appreciated > > Thanks, > Aaron Visser > > List info : http://www.activedir.org
RE: [ActiveDir] DNS Issue
Awesome. Glad you got it working :)
I am in San Jose, in sunny California.
1. Yes
2. Yes
Make sure you manually check and remove any lingering reference to the old
computer in ADUC (Domain Controllers OU), AD Site and Services and WINS.
After that, you should be good to go.
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: [EMAIL PROTECTED] on behalf of Aaron Visser
Sent: Thu 9/23/2004 10:34 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS Issue
Deji it worked AWESOME Thanks a ton man, Where are you located? Couple more
questions or concerns:
1) I am in the process of rebuiling the downed server and I plan to make it
the secondary DC am I able to give it the same computer name or will this
cause some problems
2) When setting up a new DNS zone on the new DC I tried to do the top optoin
(this server will supply DNS for your forest) but got a 'Server
Failure Error' So I Restarted the New Zone wizard and selected the Bottom
option (this server will supply DNS for your Domain Controllers )
and it is working. :) is this ok?
Thanks,
Aaron
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Deji Akomolafe
Sent: Wednesday, September 22, 2004 11:35 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS Issue
In case you are still reading this, I'm still up for the next 30
minutes in case you need someone to bounce ideas off of. If not, good luck.
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
From: Aaron Visser
Sent: Wed 9/22/2004 9:26 PM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] DNS Issue
Deji, Thanks for the info I am heading back to work to give this a
try. My only concern is the fact that I did not have DNS running on the
secondary DC before the 1st one went down.
Aaron Visser
On 9/22/04 7:28 PM, "Deji Akomolafe" <[EMAIL PROTECTED]> wrote:
Look at the TCP/IP properties of the new server and make sure
that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure
that the option to "use lmhosts..." is uncheck. Make sure you've properly
removed traces of the dead server from AD. Make sure that you remove all
replication links between the new and dead server (AD SItes and Services)
Take a look at my little "FSMO" pep talk here:
http://www.akomolafe.com/docs/xferfsmos.htm
You should be able to create your zone without the presence
of the dead server. Check eventlog for relevant errors. Also be sure to
modify your DHCP scope to reflect the fact that this is now your main DNS
server (at least for the time being)
Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com <http://www.readymaids.com> - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were
worried about Yesterday? -anon
From: Aaron Visser
Sent: Wed 9/22/2004 5:59 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] DNS Issue
Ok here it goes,
Windows 2003 Servers
Today the Raid controller lost the HD config on my main AD
server after hour
or so of trying to get it back online I decided to opt for
the promotion of
AD to my secondary Domain controller and just rebuild the 1st
one. Well the
big problem I faced was that I never installed DNS on the
second domain
controller. I decieded to go ahead with the FSMO promotion
and everything
was seized just fine. But now I sit with no DNS (I installed
DNS before the
Seizer of roles) but it is not creating any Zones. I have
tried to create a
new Zone but it keeps looking for the downed server?
Any help in this would be greatly appreciated
Thanks,
Aaron Visser
RE: [ActiveDir] DNS Issue
Title: Re: [ActiveDir] DNS Issue Deji it worked AWESOME Thanks a ton man, Where are you located? Couple more questions or concerns: 1) I am in the process of rebuiling the downed server and I plan to make it the secondary DC am I able to give it the same computer name or will this cause some problems 2) When setting up a new DNS zone on the new DC I tried to do the top optoin (this server will supply DNS for your forest) but got a 'Server Failure Error' So I Restarted the New Zone wizard and selected the Bottom option (this server will supply DNS for your Domain Controllers ) and it is working. :) is this ok? Thanks, Aaron -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Deji AkomolafeSent: Wednesday, September 22, 2004 11:35 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] DNS Issue In case you are still reading this, I'm still up for the next 30 minutes in case you need someone to bounce ideas off of. If not, good luck. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron VisserSent: Wed 9/22/2004 9:26 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] DNS Issue Deji, Thanks for the info I am heading back to work to give this a try. My only concern is the fact that I did not have DNS running on the secondary DC before the 1st one went down.Aaron VisserOn 9/22/04 7:28 PM, "Deji Akomolafe" <[EMAIL PROTECTED]> wrote: Look at the TCP/IP properties of the new server and make sure that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure that the option to "use lmhosts..." is uncheck. Make sure you've properly removed traces of the dead server from AD. Make sure that you remove all replication links between the new and dead server (AD SItes and Services)Take a look at my little "FSMO" pep talk here: http://www.akomolafe.com/docs/xferfsmos.htmYou should be able to create your zone without the presence of the dead server. Check eventlog for relevant errors. Also be sure to modify your DHCP scope to reflect the fact that this is now your main DNS server (at least for the time being)Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+IMicrosoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron VisserSent: Wed 9/22/2004 5:59 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS IssueOk here it goes,Windows 2003 ServersToday the Raid controller lost the HD config on my main AD server after houror so of trying to get it back online I decided to opt for the promotion ofAD to my secondary Domain controller and just rebuild the 1st one. Well thebig problem I faced was that I never installed DNS on the second domaincontroller. I decieded to go ahead with the FSMO promotion and everythingwas seized just fine. But now I sit with no DNS (I installed DNS before theSeizer of roles) but it is not creating any Zones. I have tried to create anew Zone but it keeps looking for the downed server?Any help in this would be greatly appreciatedThanks,Aaron VisserList info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
Title: Re: [ActiveDir] DNS Issue In case you are still reading this, I'm still up for the next 30 minutes in case you need someone to bounce ideas off of. If not, good luck. Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron VisserSent: Wed 9/22/2004 9:26 PMTo: [EMAIL PROTECTED]Subject: Re: [ActiveDir] DNS Issue Deji, Thanks for the info I am heading back to work to give this a try. My only concern is the fact that I did not have DNS running on the secondary DC before the 1st one went down.Aaron VisserOn 9/22/04 7:28 PM, "Deji Akomolafe" <[EMAIL PROTECTED]> wrote: Look at the TCP/IP properties of the new server and make sure that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure that the option to "use lmhosts..." is uncheck. Make sure you've properly removed traces of the dead server from AD. Make sure that you remove all replication links between the new and dead server (AD SItes and Services)Take a look at my little "FSMO" pep talk here: http://www.akomolafe.com/docs/xferfsmos.htmYou should be able to create your zone without the presence of the dead server. Check eventlog for relevant errors. Also be sure to modify your DHCP scope to reflect the fact that this is now your main DNS server (at least for the time being)Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+IMicrosoft MVP - Directory Serviceswww.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron VisserSent: Wed 9/22/2004 5:59 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS IssueOk here it goes,Windows 2003 ServersToday the Raid controller lost the HD config on my main AD server after houror so of trying to get it back online I decided to opt for the promotion ofAD to my secondary Domain controller and just rebuild the 1st one. Well thebig problem I faced was that I never installed DNS on the second domaincontroller. I decieded to go ahead with the FSMO promotion and everythingwas seized just fine. But now I sit with no DNS (I installed DNS before theSeizer of roles) but it is not creating any Zones. I have tried to create anew Zone but it keeps looking for the downed server?Any help in this would be greatly appreciatedThanks,Aaron VisserList info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] DNS Issue
Title: Re: [ActiveDir] DNS Issue Deji, Thanks for the info I am heading back to work to give this a try. My only concern is the fact that I did not have DNS running on the secondary DC before the 1st one went down. Aaron Visser On 9/22/04 7:28 PM, "Deji Akomolafe" <[EMAIL PROTECTED]> wrote: Look at the TCP/IP properties of the new server and make sure that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure that the option to "use lmhosts..." is uncheck. Make sure you've properly removed traces of the dead server from AD. Make sure that you remove all replication links between the new and dead server (AD SItes and Services) Take a look at my little "FSMO" pep talk here: http://www.akomolafe.com/docs/xferfsmos.htm You should be able to create your zone without the presence of the dead server. Check eventlog for relevant errors. Also be sure to modify your DHCP scope to reflect the fact that this is now your main DNS server (at least for the time being) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron Visser Sent: Wed 9/22/2004 5:59 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Issue Ok here it goes, Windows 2003 Servers Today the Raid controller lost the HD config on my main AD server after hour or so of trying to get it back online I decided to opt for the promotion of AD to my secondary Domain controller and just rebuild the 1st one. Well the big problem I faced was that I never installed DNS on the second domain controller. I decieded to go ahead with the FSMO promotion and everything was seized just fine. But now I sit with no DNS (I installed DNS before the Seizer of roles) but it is not creating any Zones. I have tried to create a new Zone but it keeps looking for the downed server? Any help in this would be greatly appreciated Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
I assume you created the proper named forward zone, this happened to me once. Make sure the zone allows dynamic updates. Once the new server is pointing to itself for DNS run net stop netlogon and net start netlogon from the command prompt. This should re-register the proper SRV records. You might want to run ipconfig /flushdns and ipconfig /registerdns to clear out any stale DNS data. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Visser Sent: Wednesday, September 22, 2004 6:00 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] DNS Issue Ok here it goes, Windows 2003 Servers Today the Raid controller lost the HD config on my main AD server after hour or so of trying to get it back online I decided to opt for the promotion of AD to my secondary Domain controller and just rebuild the 1st one. Well the big problem I faced was that I never installed DNS on the second domain controller. I decieded to go ahead with the FSMO promotion and everything was seized just fine. But now I sit with no DNS (I installed DNS before the Seizer of roles) but it is not creating any Zones. I have tried to create a new Zone but it keeps looking for the downed server? Any help in this would be greatly appreciated Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DNS Issue
Look at the TCP/IP properties of the new server and make sure that it is pointing to itself for DNS (and WINS, if you use WINS). Make sure that the option to "use lmhosts..." is uncheck. Make sure you've properly removed traces of the dead server from AD. Make sure that you remove all replication links between the new and dead server (AD SItes and Services) Take a look at my little "FSMO" pep talk here: http://www.akomolafe.com/docs/xferfsmos.htm You should be able to create your zone without the presence of the dead server. Check eventlog for relevant errors. Also be sure to modify your DHCP scope to reflect the fact that this is now your main DNS server (at least for the time being) Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: Aaron VisserSent: Wed 9/22/2004 5:59 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] DNS Issue Ok here it goes, Windows 2003 Servers Today the Raid controller lost the HD config on my main AD server after hour or so of trying to get it back online I decided to opt for the promotion of AD to my secondary Domain controller and just rebuild the 1st one. Well the big problem I faced was that I never installed DNS on the second domain controller. I decieded to go ahead with the FSMO promotion and everything was seized just fine. But now I sit with no DNS (I installed DNS before the Seizer of roles) but it is not creating any Zones. I have tried to create a new Zone but it keeps looking for the downed server? Any help in this would be greatly appreciated Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] DNS Issue
Ok here it goes, Windows 2003 Servers Today the Raid controller lost the HD config on my main AD server after hour or so of trying to get it back online I decided to opt for the promotion of AD to my secondary Domain controller and just rebuild the 1st one. Well the big problem I faced was that I never installed DNS on the second domain controller. I decieded to go ahead with the FSMO promotion and everything was seized just fine. But now I sit with no DNS (I installed DNS before the Seizer of roles) but it is not creating any Zones. I have tried to create a new Zone but it keeps looking for the downed server? Any help in this would be greatly appreciated Thanks, Aaron Visser List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
