Odd DNS Issues: Please Help

  • Thread starter Thread starter MJC
  • Start date Start date
M

MJC

I recently upgraded my Windows 2000 DNS server to Windows 2003, All seemed
fined at first except for the following:

- Intermittently, I receive calls that Active Directory logins are slow. I
check DNS and the service is running but my DNS server cannot resolve itself
and others.

- When I do a NSLOOKUP this is what I get:
server: unknown
10.18.1.32 (which is the IP of my server)

If I restart the service, everything works fine. Any ideas would be helpful.

Thank you,

Mike
 
MJC said:
I recently upgraded my Windows 2000 DNS server to Windows 2003, All seemed
fined at first except for the following:

- Intermittently, I receive calls that Active Directory logins are slow. I
check DNS and the service is running but my DNS server cannot resolve itself
and others.
Click to expand...

Check you server and make sure that it's OWN CLIENT NIC
settings point ONLY to the internal DNS server set.

(If you need to resolve "The Internet" then you use the Forwarder
tab on the DNS server properties.)

Make sure that ALL clients (servers are clients too) are set to
ONLY use the internal DNS server (set.)

Make sure that the internal DNS Primary (or AD-integrated) servers
are set to ALLOW DYNAMIC UPDATES (or secure updates) for
the zone.
- When I do a NSLOOKUP this is what I get:
server: unknown
10.18.1.32 (which is the IP of my server)
Click to expand...

That is an irrelevant error generated by NSLookup which may
be safely ignored. (Really -- it is just an NSLookup artifact.)

The key is if the following information -- the actual resolution --
works or not, and gives the correct info if it works.
If I restart the service, everything works fine. Any ideas would be
Click to expand...
helpful.

What Service Pack etc? What clients?

If you have legacy clients, you might have a WINS/NetBIOS problem (too.)
 
If it's giving you the "unknown" then it seems to me you
are not able to reverse resolution either. Since it's able
to reach a DNS server (since there is some response, not a
time out) I would guess that your zone files/AD stuff is
broken some how. You may want to turn on detailed logging
so you can get more information. Check your event logs. Do
you have other DNS servers in this environment or is it
your only box?
 
Jeremy@gilbarco said:
If it's giving you the "unknown" then it seems to me you
are not able to reverse resolution either. Since it's able
to reach a DNS server (since there is some response, not a
time out) I would guess that your zone files/AD stuff is
broken some how.
Click to expand...

No, this is (almost) totally an irrelevant artifact of the
NSLookup tool.

Most people don't need the reverse zones for internal use
anyway.
You may want to turn on detailed logging
so you can get more information. Check your event logs. Do
you have other DNS servers in this environment or is it
your only box?
Click to expand...

It's usually simpler to just go set them up right -- there are
only a few things that go are likely to be wrong and detailed
logging will likely be too much information for someone who
cannot just go check the DNS servers and clients NIC settings.

DCDiag.exe, output sent to a text file to search for FAIL, WARN,
and ERROR will likely give more useful info -- which can be
posted here easily if the problems are not resolvable immediately.
 
My server was already pointing to itself as a DNS server and my Clients
point to this server and another secondary only. The server listens on one
NIC, connected to our private network.

I did however, check my reverse zone and found that my PTR record was not
there. I'm not sure if this has always been this way but if it was, I'm not
sure what the problem is happening now.

My NETBIOS resolution is fine...and since the DNS issue is intermitent and
not reproducable, its been tough to troubleshoot.
 
MJC said:
My server was already pointing to itself as a DNS server and my Clients
point to this server and another secondary only. The server listens on one
NIC, connected to our private network.

I did however, check my reverse zone and found that my PTR record was not
there. I'm not sure if this has always been this way but if it was, I'm not
sure what the problem is happening now.
Click to expand...

Reverse zones are usually irrelevant internally, but many people
who do set them up forget to make them dynamic and so nothing
but manual records (which they never defined) get in there.

Ignore the NSLookup "reverse error" at the top of the output,
where it mentions the DNS server and concentrate on failures
to resolve down below in the actual queries.

Again, I would suggest DCDiag be run against every DC and
report (or just fix) the results.
My NETBIOS resolution is fine...and since the DNS issue is intermitent and
not reproducable, its been tough to troubleshoot.
Click to expand...

If you have subnets you need WINS server(s).
 
In
Herb Martin said:
Reverse zones are usually irrelevant internally, but many people
who do set them up forget to make them dynamic and so nothing
but manual records (which they never defined) get in there.

Ignore the NSLookup "reverse error" at the top of the output,
where it mentions the DNS server and concentrate on failures
to resolve down below in the actual queries.

Again, I would suggest DCDiag be run against every DC and
report (or just fix) the results.


If you have subnets you need WINS server(s).
Click to expand...


Herb,

This was mutliposted (not cross posted). I replied in another newsgroup to
this post as well. Too bad it wasn't cross posted. MJC would have to jump
around now looking for responses.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top