DNS forward lookup

When I run a changeip -checkhostname all returns ok from the server. When I run a dig -x on that DNS server IP all is ok. When I run a dig on the server name it fails. So forward lookup fails, reverse is fine. Any reason why?

What DNS server(s) are involved here? Your own? ISP? A combination?
Is the server resolving DNS itself? If so, then the network controllers reference the local box and the local DNS via the name localhost (or 127.0.0.1), and the local DNS server then connects to the upstream servers.
Does dig with the @dns.example.com specifier for the DNS server you're interested in work?

Similar Messages

  • DNS Forward Lookups Not Working

    My DNS experience and knowledge is pretty limited. Having said that it appears that our xserves can do reverse lookups for both of our xserves, but can't do a forward lookup. How can I fix this?
    Here are the lookup information from network utility:
    Lookup has started ... dataxserve.w.k12.ia.us
    ; <<>> DiG 9.3.4 <<>> dataxserve.w.k12.ia.us
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37918
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;dataxserve.w.k12.ia.us. IN A
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:26:53 2008
    ;; MSG SIZE rcvd: 49
    Lookup has started ... 192.168.0.3
    ; <<>> DiG 9.3.4 <<>> -x 192.168.0.3
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19034
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;3.0.168.192.in-addr.arpa. IN PTR
    ;; ANSWER SECTION:
    3.0.168.192.in-addr.arpa. 86400 IN PTR dataxserve.w.k12.ia.us.
    ;; AUTHORITY SECTION:
    0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
    0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:32:01 2008
    ;; MSG SIZE rcvd: 122
    Lookup has started ...xserve.w.k12.ia.us
    ; <<>> DiG 9.3.4 <<>> xserve.w.k12.ia.us
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 10240
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;xserve.w.k12.ia.us. IN A
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:32:52 2008
    ;; MSG SIZE rcvd: 45
    Lookup has started ...192.168.0.2
    ; <<>> DiG 9.3.4 <<>> -x 192.168.0.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49722
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;2.0.168.192.in-addr.arpa. IN PTR
    ;; ANSWER SECTION:
    2.0.168.192.in-addr.arpa. 86400 IN PTR xserve.w.k12.ia.us.
    ;; AUTHORITY SECTION:
    0.168.192.in-addr.arpa. 86400 IN NS xserve.w.k12.ia.us.
    0.168.192.in-addr.arpa. 86400 IN NS dataxserve.w.k12.ia.us.
    ;; Query time: 0 msec
    ;; SERVER: 192.168.0.3#53(192.168.0.3)
    ;; WHEN: Tue Jan 15 13:33:26 2008
    ;; MSG SIZE rcvd: 122
    Please help

    Hi
    You don't have to if you don't want to. You can leave both servers running internal DNS Services. The DHCP Service does not require DNS. It all depends on how you want to push out network services to your clients.
    I don't know your particular circumstances but its not absolutely necessary to run DNS on your mail server. It depends a great deal on how you want the server to handle mail for your domain. I'm not an expert but the way I generally do a mail server is to use external MX Records and duplicate the external record internally. Its a fairly simple method and should send and receive mail for your clients internally as well as externally.
    You could configure internal DNS Services on one server only and just add a machine record for the second server. You could expand on this and configure DNS Services on both servers with a machine record for each server on both. There is enough in the GUI to allow you to do this. For example server01.mydomain.com with an IP address of 192.168.254.254 and server02.mydomain.com with an IP address of 192.168.254.253. This way if one server was to go down the other server should still provide a DNS Service to your local clients. However without knowing fully your network environment and your requirements its difficult to advise.
    However is this a new setup and are you trying to get it to work? Or has it been working OK for a while and something has broken it? If its the latter what errors are you seeing?
    If you want to know more about DNS purchase a copy of Paul Ablitz and Cricket Lui's book 'DNS & Bind' and start reading.
    Hope this helps, Tony

  • DNS forward lookups failing

    My system is the only DC and running Server 2012 R2 and is the only DNS server on a small network. There are 2 forwarders for internet name resolution and the root domains are also configured...all resolve without issue. Repeated simple & recursive test
    inquires all pass. The DNS timeout is set to 5 seconds.
    On every network client, approximately one-third of forwarded lookups fail on the first attempt. The second attempt may get a response. By the third attempt, the name resolves. There appears to be no relation between the domain lookups which fail. In
    fact, the same domain may fail on one day but, after clearing the cache, the same lookup won't fail
    No errors post to either the server or client event logs. I've removed the DNS service and reinstalled but the issue persists.
    Any guidance is much appreciated.
    Best,
    Bill
    Best,
    Bill

    Does the DNS lookup for your AD domain resolution or is it for public DNS names resolution?
    If it fails for public DNS names resolution, you can consider updating your DNS forwarders to be your ISP ones.
    Please also make sure that your DC is pointing only to its private IP address as primary DNS server and 127.0.0.1 as secondary one. On your client computers, make sure that they point to your DC as primary DNS server.
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • Delegate DNS Forward Lookup Zone

    A: DNS - I would like to delegate the ability of creating Forward Lookup Zones at the root of my DNS (not subdomain).
    For example, i would like to delegate to my "Tier 1" staff with the ability to modify our DNS. i want our "Tier 1" staff to have the ability to create a Primary Zone in order to redirect users that attempt to access a site with known malware content to an internal site with a warning message notifying the user that they have attempted to access a site that is not allowed.
    Is this possible?

    Hiya,
    I'm about 86% sure that if they need permissions to  create primary zones, they will have access to the complete DNS administration. So it's just a question if that is ok?
    If that is okay you can add the users to the DNSadmin group and they should have access to perform the above from the DNS administration tool, which can be installed anywhere.

  • DNS: Forward Lookup Domain with Just the MX Record

    Our Active Directory domain is olddomain.com. I have a Forward Lookup Zone for olddomain.com with CNAME, MX, and many A records. The MX record points to an internal mail server.
    We just acquired newdomain.com.
    newdomain.com is resolving to external DNS and it works. However, I need to route the internal mail flow of newdomain.com to our internal mail server and not have it pass out to the internet before coming back in.
    I would like to add JUST the mx record for newdomain.com to DNS. All other lookups (newdomain.com,  subdomains.newdomain.com, etc) should work exactly as they do now.
    I have had two thoughts how to do this, but need advice:
    Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
    Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
    I tried adding a new Forward Lookup Zone for newdomain.com with just the SOA, two NS, and the MX record. This broke resolution for http://newdomain.com and http://www.newdomain.com until I added two A records. I do not want to be manually adding records
    for all of our newdomain.com subdomains.
    What do you recommend?
    Thank you in advance!

    Can I have all newdomain.com DNS lookups point to an external DNS, except for the one MX record?
    You cannot as you will face the problem you already described.
    However, you might think about doing it that way:
    Get a copy of your external DNS zone (If you can do it of course) using
    NSlookup: http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx
    Create a zone named newdomain.com
    Develop a script that will create all the DNS records from the extracted copy except for the MX record
    Can I have all newdomain.com resolve to olddomain.com IPs (including subdomains), except for the newdomain.com MX?
    Same answer as before.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Setting Forward Lookup Zones in DNS based on the port queried

    I have the following problem.
    We are using Dynamic DNS to access our site and the modem/router differentiates via port forwarding what server the query goes to based on the port number ie all request go to abc.dyndns.org:port number.
    Based on the port eg. port 3389 goes to server1 (192.168.0.1), port 8080 goes to server 2(192.168.0.2), port 80 goes to server 3 (192.168.0.3). This all works well if you are entering from OUTSIDE the local network.
    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
    come into play?

    As I said before, DNS doesn't do this. DNS has nothing to do with ports resolution. It's purely a name to IP or IP to name resolution. THAT'S IT!
    But you can port translate each individual port from the WAN IP to different IPs  internally. I thought I said that earlier? Maybe I wasn't clear. I apologize for not fully explaining it, for I thought you understood that part.
    Revisiting the bottom of your original post:
    INSIDE the local network, I have setup a Forward Lookup Zone on a Domain server using DNS where the Host A resolves abc.dyndns.org to the local IP address of server 1 (192.168.0.1). This works fine.
    How do I get the abc.dyndns.org:other ports to go to the other servers IP addresses as you can only setup one Host A record of  abc.dyndns.org to one address 192.168.0.1, if someone queries from INSIDE the local network as the modem/router does not
    come into play?
    You still have to specify the port internally. Assuming mail.domain.com is server4 (since you didn't specify that port in your original post), you simply create a mail.domain.com zone and give it a blank IP for (making this up) 192.168.0.3, then type in
    the same exact thing you would do from the outside:
    http://mail.domain.com:8083/folder  
    Like I said, it's in the application. DNS just resolve to an IP. There are 65,536 port numbers, and DNS does not deal with resolving any of them. That's the responsibility of the application or service and the client (such as a browser) connecting to
    it.
    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
    This post is provided AS-IS with no warranties or guarantees and confers no rights.

  • Create a "New Zone" in the "Forward Lookup Zone"

    I am working I Windows Server 2008 R2 SP1. 
    I went to DNS Server and tried to create a "New Zone" in the "Forward Lookup Zone" under "subdomain.domain.com". 
    I got the error: "Zone Not Loaded by DNS Server".
    Tried to F5 to Refresh but still same error.
    How do I get a new child or "subdomain" that will work in forest or "domain.com"?

    Hi
    You need to create a new child Domain in a new server.
    Build a new server and follow the belwo link as how to create a new child domain. This will create a subdomain as well a DNS
    http://technet.microsoft.com/en-us/library/cc771856(v=ws.10).aspx

  • When trying to assign IP reservation in IPAM, Domain does not appear in Forward lookup zone drop-down list

    I am trying to assign reserved IP Addresses through IPAM that is installed on a Server 2012 OS.  Here is the procedure I have been following:
    Login to IPAM server
    Open Server Manager
    In left-hand column select IPAM
    In left-center column expand IP ADDRESS SPACE
    Select IP Address Range Groups
    Right-click the appropriate address range and select Find and Allocate Available IP Address
    In new window, scroll down to Basic Configurations
    I can input the basic configurations with no problem.  DHCP Reservation Synchronizations look good too.  But when I get down to DNS Record Synchronization, I can't do anything with the Forward lookup zones because nothing appears in the drop-down
    lists and I cannot manually enter the zone name.  Here is a screen shot of what I see at this point:
    Without completing this information, I cannot complete the Address Reservation.
    Any help or insight will be greatly appreciated.
    Thanks!
    Tom LaLumiere

    Hi Tom,
    This happens if your DNS servers that are managed by IPAM are not authoritative and primary for any zones, if they are not authoritative for the appropriate zones, or if there are not any DNS servers managed by IPAM.
    See the examples below. Here my DNS server is authoritative for 4 forward zones and 2 reverse zones. I can choose any of the forward zones but assuming I pick a range such as 10.0.1.0, I would be unable to choose the 168.192.in-addr.arpa zone because the
    IP addresses do not match.
    -Greg

  • Unable to create DNS forwarder in my AD integrated DNS

    Hi,
    I have my mix AD servers (2003 + 2008) and im trying to create DNS forwarder to send requests to outside the Domain over natted IP for the name resolution. However, it works perfectly fine in my test environment.
    Now, when i try to create on my production server, i get below error:
    The operation requested is not permitted on the root DNS server
    Please suggest.

    Hi, it is worth checking if you have got a root (period) forward lookup zone. If you have, you will need to remove that before you can setup a forwarder. Hope this helps. If in doubt, please post some details of your forward lookup zones (with fake names).
    Thank you
    MCTS, MCSE 2000/2003, MCSA 2000/2003, CNA

  • Msdsc folder and forward lookup zone

    I have a customer running a 2012 domain. In DNS, there is a Forward Lookup Zone named _msdcs.domain.name and also a folder named _msdcs inside the domain.name
    Forward Lookup Zone.
    The folder is grayed out. From what I've read, this folder may be a leftover from a previous domain OS upgrade. Can it be deleted safely?
    Also, we think there may be some corruption in the _msdcs.domain.name zone. From what I have read, it seems like we can delete it and Active Directory will re-create it. Do I have that correct?
    Jonathan

    The grayed out _msdcs folder is a delegation that should contain NS (Name Server) records for the DNS servers that hold the _msdcs.domain.ext zone - However it's only used in scenarios where the _msdcs.domain.ext zone isn't replicated or available at all
    DCs - in a multi-domain environment for example.
    No you should not delete the zone, it's needed for replication, if you wish to re-create it for a good reason, you have to point _all_ DCs to one single DNS Server where you re-create the zone.
    But there is no need to do this unless in rare situations, if you think information is missing dcidiag /test:dns /E will find out.
    Enfo Zipper
    Christoffer Andersson – Principal Advisor
    http://blogs.chrisse.se - Directory Services Blog
    So if this is a single domain with 2 Windows 2012 DNS servers, it seems like I can delete that grayed out folder. Correct?
    As for deleting and re-creating the zone, we believe there may be corruption in it and have read that if the zone is deleted, then AD will automatically re-create it.
    Jonathan

  • Forward Lookup is messed up

    Hi everyone,
    I just installed Solaris 10 yesterday. I wanted to get the Box on the Net. Within the console when I do an nslookup it works just fine, but when I ping google.com it tells me unknown host. So for kicks I open up a browser, and of course it tells me can't find the site, but I can surf by IP address. So now all I have to learn is over a billion IP addresses and I am set, LoL.
    Does anyone have any ideas about how I can fix my Forward Lookup? I am just using a hostname of Solaris since this is just a home network.
    Thanks for your time

    Thank you for the help. I looked at nsswitch.conf last night and made the mistake of doing this:
    for hosts: files
    I put
    dnshosts: files
    I put the DNS in the wrong place.
    Thanks again and sorry for the trouble

  • 10.4 DNS forward

    I just upgraded to 10.4 from 10.3 and it has killed my DNS forwarding. I set it up in 10.3 with Server Admin but in 10.4, Apple in their infinite wisdom, decided that that forwarding was a bad thing and removed it from the GUI. Worse yet: it overwrote my working DNS files.
    Now I am at the point that DNS forwarding does not work and I do not know how to fix that. I do not even know what files I should modify. Here is what I do know:
    zone "xyz.com" IN {
    type forward;
    file "fwd. xyz.com";
    forwarders {10.0.6.32; 10.0.6.36;};
    The forward is over a VPN.
    Can anyone help?
    TIA,
    Dan
    Loud Fan XServe   Mac OS X (10.4.3)  

    The following is taken from a working /etc/named.conf file:
    // Include keys file
    include "/etc/rndc.key";
    // Declares control channels to be used by the rndc utility.
    // It is recommended that 127.0.0.1 be the only address used.
    // This also allows non-privileged users on the local host to manage
    // your name server.
    // Default controls
    controls {
    inet 127.0.0.1 port 54 allow {any;} keys {
    "rndc-key";
    options {
    directory "/var/named";
    forwarders {
    xxx.xx.1.10;
    xx.xx.100.10;
    Meh.... there's whitespace in there that gets ignored by this (Apple's) forum software.
    You should - of course - only use forwarding to DNS servers you should be using (eg: your ISPs)

  • DNS forwarder with 2 real DNS servers, querying them simultaneously

    DNS forwarder with >2 real DNS servers, querying them simultaneously and ignoring "server can't find" errors
    Hi. When I connect to VPN, my normal DNS isnt queried, and DNS given by VPN answers: "server can't find"
    An extract from 'man resolv.conf'
    If there are multiple servers, the resolver library queries them in the  order  listed.
    I need another logic. All servers should be queried at the same time, and the soonest positive reply should be used.
    The algorithm  used  is to try a name server, and if the query times out, try the next, until out of name servers, then repeat trying all  the  name  servers  until  a  maximum number of etries are made.
    So, if I get "server can't find" error, the next DNS server not queried. I want the DNS forwarder to ignore such answers and wait for replies from other servers.
    What software can do this? Maybe dnsmasq? I plan to add 'nameserver 127.0.0.1' to the top of my resolv.conf and configure my scripts to add other nameservers below.

    All servers should be queried at the same time
    --all-servers
    dnsmasq: ignoring nameserver 127.0.0.1 - local interface
    good.
    How to tell dnsmasq to completely disable dhcp? List all interfaces like this?
    no-dhcp-interface=eth0
    no-dhcp-interface=tun0
    no-dhcp-interface=vboxnet0
    no-dhcp-interface=wlan0

  • Does the Extreme support dns forwarding?

    I can find no field to enter information for DNS forwarding.  Am I missing something?

    The AirPorts do not have a DNS server service built-in, thus DNS forwarding is not a user configuration option within the AirPort Utility.

  • Does Krb5LoginModule module support DNS based lookup of KDC ?

    Hi,
    I am trying to use kerberos based authentication. Current setup of kerberos uses DNS based lookup of KDCs .i.e KDCs are not listed in krb5.conf file.
    Could someone let me know if can this be achieved ?
    Thanks
    Praveena M

    I would love to know this as well, because it certainly doesn't look like it. The only reference I have found to such is this old listserver thread from March 2004: http://archives.java.sun.com/cgi-bin/wa?A2=ind0403&L=java-security&P=4755
    However, I can't find a bug report or any other mention of it.

Maybe you are looking for