1 of 3 Secondaries Updating OK, looks fine in MMC, but returns wrong info

[Ken Post]

Hi all-

I've been running 4 Windows 2000 DNS servers for the last couple of
years, running on the public Internet, serving a bunch of domains, not
AD integrated. All was working right, until recently.

A couple days ago, I updated 2 address records' IP addresses and added
a 3rd address on the primary server. Now, when I do an nslookup
setting the server to the primary server or the first or second
secondary server, all is fine - the updates and new address are
returned.

However, when I set the server to the 3rd secondary, querying for the
new record returns "Non-existent domain" and the 2 updated records
still return the old address.

I figured that the 3rd secondary wasn't transferring from the master
for some reason, but the transfer is logged ok, and what's strange is
that on the secondary, the data looks good in the DNS MMC.

I tried deleting the zone from the secondary and it STILL gives the old
ip's for the updated records.

I've tried updating another record and manually changing the serial,
but got the same results.

This is only happening with one of the domains on the one secondary,
other domains and this domain on other servers are fine.

Any suggestions would be kindly appreciated.

-Ken

 

[Herb Martin]

I've been running 4 Windows 2000 DNS servers for the last couple of

years, running on the public Internet, serving a bunch of domains, not
AD integrated. All was working right, until recently.

A couple days ago, I updated 2 address records' IP addresses and added
a 3rd address on the primary server. Now, when I do an nslookup
setting the server to the primary server or the first or second
secondary server, all is fine - the updates and new address are
returned.

However, when I set the server to the 3rd secondary, querying for the
new record returns "Non-existent domain" and the 2 updated records
still return the old address.

Most common reason is probably that 'someone' set the
secondary serial number on the zone higher than it's
master (probably the Primary) -- or reset the Primary
to a low number.

I figured that the 3rd secondary wasn't transferring from the master
for some reason, but the transfer is logged ok, and what's strange is
that on the secondary, the data looks good in the DNS MMC.

So you are saying that this PARTICULAR "3rd" secondary shows
the right answer in the MMC but the wrong answer when queried?

If so, then likely the address is in use by another server.

Focus NSLookup (or your test tool) on that particular server by
specifying it as the last parameter, e.g.,

nslookup test.domain.com 3rd.DNS.ip.address

I tried deleting the zone from the secondary and it STILL gives the old
ip's for the updated records.

While the zone is deleted? Then it is either getting it from
some other server or your aren't really addressing that server?

 

[Ken Post]

Herb:

Thanks for the speedy reply.

I've checked and double checked the serials. They are the same on the
master and the 3rd secondary. If I increment on master, it gets
incremented on the 3rd secondary. And yes, everything looks fine in
MMC on the 3rd secondary.

I've used nslookup both using
nslookuup busted.sub.mydomain.com 3rddns.mydomain.com
and
nslookup
server=3rddns.mydomain.com
busted.sub.mydomain.com
with the same results.

And when I delete the zone completely from the 3rd secondary I get the
same results.

I've never seen anything like this....

It's as if the whole domain is cached somewhere.

If I stop the DNS server completely, then nslookup doesn't produce any
results for any query addressed to it (that's about the only thing that
actually works how it should).

Any other ideas?

 

[Ken Post]

Oh, 1 other thing, the server seems accessible using its IP. I doubt
that there's another machine on the network that's using the same ip.
THe other services seem to work fine on the IP and the other domains
that are hosted on the dns server work. It's just this one crazy
domain.

 

[Herb Martin]

I've checked and double checked the serials. They are the same on the

master and the 3rd secondary. If I increment on master, it gets
incremented on the 3rd secondary. And yes, everything looks fine in
MMC on the 3rd secondary.

I've used nslookup both using
nslookuup busted.sub.mydomain.com 3rddns.mydomain.com

Are you using the NAME for the specification of the DNS
server?

Then likely that name is not resolving (itself) to the right DNS
server and you are checking (therefore) the wrong place.

I've never seen anything like this....

While it is perfectly 'legal' to use the name in NSLookup it
is a poor practice since presumably you already have a DNS
problem or at least wish to verify precisely the results you
obtain.

It's as if the whole domain is cached somewhere.

If I stop the DNS server completely, then nslookup doesn't produce any
results for any query addressed to it (that's about the only thing that
actually works how it should).

Any other ideas?

 

[Herb Martin]

Oh, 1 other thing, the server seems accessible using its IP. I doubt
that there's another machine on the network that's using the same ip.
THe other services seem to work fine on the IP and the other domains
that are hosted on the dns server work. It's just this one crazy
domain.

I was betting that the name of the server was not resolving
to the same IP as you expected -- this pretty much confirms
it.

 

[Ken Post]

Well I fixed it...

Thanks Herb for all of your suggestions. This was a wierd one and none
of the standard attempts worked.

I had been trying using both the name and ip of the dns server. Same
results. And if I stoped the dns server and tried again using name or
ip, I'd get no results for any domain. So it seems that the dns server
I thought I was querying was the one that was (or wasn't) replying.

Something was really screwed up with this dns server. It's working
now, and I'm hoping that this was just a fluke and won't happen again.

Here's what I did to get it working.

1) Removed domain mydomain.com from secondary
2) Went into c:\winnt\system32\dns and deleted the zone files manually
- noticed that there was not only a mydomain.com.dns file, but also a
sub.mydomain.com.dns file. Deleted them both.
3) Rebooted machine
4) Went into DNS mmc and created SUB.mydomain.com zone as primary on
secondary server
5) Created mydomain.com zone as primary on secondary server.
6) Deleted the zones SUB.mydomain and mydomain andimmediately deleted
the SUB.mydomain.dns entry.
7) Went into c:\winnt\system32\dns again and deleted mydomain.com.dns
and sub.mydomain.com.dns again
8) Created mydomain.com as secondary

Now it works. Confirmed by adding and updating other records both to
mydomain.com and under sub.mydomain.com.

Go figure.

Thanks again for your ideas.

Ken

 

[Ken Post]

RESOLVED. See above post for my (lucky and seemingly random) solution.