Primary DNS server
Hello,
I am trying to setup a local primary dns server that will resolve local server names but at the same time forward request that it doens't have.
like i would like it to resolve our internal web address and still pull up google.com. I put in about ten records and all those work but when i try anything else it doesn't work. Can someone help?
Thanks,
Jay
What's different about 10.4.9 in this
case?
10.4.9 update "Addresses slow performance of non-cached DNS queries and provides an update to BIND version 9.3.2."
You may still prefer to add forwarders but, taking above on face value, no longer necesary for those who do not want to manually edit files.
Mind you, I have not actually tested the default DNS in 10.4.9 so cannot confirm that the previous problems do not still occur (but just to a lesser extent .
-david
Similar Messages
-
Hi,
I have connected a Sony Vaio with a Linksys WRT54G router, using broadband cable provided by a Motorola Surfboard Modem (model 5b5100i)
I followed all the steps from the router´s CD.
Finally I connected a network cable to the port 1 of the router and on the other extreme the Motorola Modem is now connected. As result, since I have a desktop already connected to the modem, there are now 2 connections on the back of the motorola modem, 1 for a desktop that uses its USB plug and a 2nd, which uses a network cable (ethernet connection) and that plugs at the end to the Linksys router. connection is ok based on the Linksys CD.
The wireless card of 2 different laptops recognize the router´s signal, but no internet copnnection is available.
after diagnostic on network problems by Vista Windows, I receive the following message
¨"Cannot communicate with the primary DNS Server 200.49.156.5"
What does it mean? what needs to be set in order to make it work?
Thanks in advance for any helpI talked to a tech support form my cable company and the motorola only provides 1 IP address, therefore, in order to make a router work (it will need its own IP address, a 2nd one), you need to buy an ADDITIONAL internet connection or access point....this company is in Argentina. While I lived in the US (last month) they allowed me to have multiple computers from the same one connection.
bottom line, calll your ISP and tell them you need either to install the router on your connection OR to have an additional internet cable input....
just my 2 cents...business rules. -
GSS as primary DNS Server for Intranet
Hi,
Can the GSS be used as a as primary DNS server for Intranet? An additional DNS server can be configured to answer the unknown Records like MX by GSS.
if it can be configured, I would be thankful if anyone shares with me the brief configuration steps Apart from configuring Answers, answer groups, domain lists, source address lists, DNS rules.
with thanks
sathappanYeah I'd certainly recommend against it! So essentially the client machines are unable to update or query dynamic AD related DNS records since they're not pointing to the DNS servers actually used by your AD server(s). I could well imagine that causing
issues, and meaning that some AD functionality won't work correctly.
I know you can directly integrate BIND with AD, eg so that the BIND servers are the ones used by AD, though I haven't tried it, but this seems to be neither.
I can't find any articles relating to your exact situation, presumably no one else has tried to use such a mixed and disjoined setup. I'd focus on looking for articles relating to why you shouldn't point your users at a router (most commonly in small setups
on ADSL) for the DNS rather than directing them to the server for DNS and then having that query the router for external results. It's a more common scenario and you're more likely to find articles relating to it.
One article you might find useful is
http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx which talks in terms of using your ISP's DNS servers on the client machines, but in your situation it sounds like the BIND servers are essentially providing an equivalent
setup.
There's also various discussions and comments on the topic elsewhere on these forums, for instance
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c3ba3859-765e-4b3f-add0-eaf2c18e1068/i-have-dns-in-a-router-and-i-want-to-install-domain-controller?forum=winservergen and
http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5df8fd4-7ab2-4d1e-afe2-c5263c4d69c3/dns-server-forwarding-and-clients-getting-address-of-registrars-ip?forum=winserverNIS which are worth checking out. -
Remote login: cannot connect to primary DNS server
To what should I set the DNS under 'Computers and Services'? I cannot get any computers (Mac or Win) to remotely connect to the network, it says cannot connect to primary DNS. The goal is to have users have access to home directories from remote locations but I cannot seem to get a connection. Help please...
Message was edited by: mrsmittysHi
A bit vague on details and I have to question why you would want to do this anyway? For example 10-20 users all accessing home directories remotely would be hard work if not practically impossible. What is the bandwidth on the host’s broadband service?
That said there are a number of ways of doing this the easiest being a VPN. Ideally a fixed public IP address at the site that the server is at and a router capable of supporting VPN connections. I’ve always found ZyXel Prestige 662 Routers and IPSecuritas (which is available free as a download – just remember to donate) a good combination. Once the tunnel has been built the remote client will be able to access any resource at the host site as if it was in the same building.
Again I would steer you away from this as the connection may prove to be unreliable depending on users and usage. A more workable solution would be Portable Home Directories. With PHD you can work with Home Folders without being connected to the host network. The Home folders would synchronize the next time the client connected to the network.
Are your home folders Open Directory networked home folders or just folders created that are defined as a paticular user’s folder? If its an Open Directory Networked Home folder then internal DNS Services configured and running somewhere would be absolutely crucial as Open Directory will not function without it.
I have to be honest and say I dont think you have really thought this through (no offense intended), however keep posting. No doubt others will offer views and opinions that may further assist you.
Tony -
Changing primary DNS server in Unity 10.5
We have a Unity server that has a DNS setting that is no longer valid. I was wondering if it would change the license MAC and invalidate the licenses if I were to change that primary and secondary DNS setting.
Thanks,
JordanI believe you only need to delete and add again in PLM if you do that, and you're using co-res PLM where you're changing that
-
PC not asking the alternate DNS Server after the primary is unavailable
Hello,
Our PCs are members of AD Domain and are configured to use two internal DNS servers, one as the primary and the seconde as the alternate. The two DSN server are DCs.
I've faced an odd probleme yesterday when I've restarted the Primary dns server ...The server started normaly but the DNS Server service didn't. All the PC's where unable to resolve IP addresses! When I looked closely I found the it was a dns issue, the PCs
were not asking to resolve name using the alternate dns server.
Is there a specific configuration to setup on the client PCs to overcome this issue
Best regards,Hello zinezine,
What is your current situation?
Have you try to check the firewall as mystifeid mentioned?
If the issue still exists, please refer to the following blog to capture the network traffic, upload it to OneDrive and share it with us.
http://blogs.technet.com/b/messageanalyzer/archive/2012/09/17/meet-the-successor-to-microsoft-network-monitor.aspx
Upload to OneDrive:
http://windows.microsoft.com/en-us/onedrive/add-photos-files
Share files:
http://windows.microsoft.com/en-us/onedrive/share-file-folder
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
DNS Server Having Intermittent Issues with Open Directory
I work for a school and we're undertaking the large task of moving from Xserves running 10.6.8 to Mac Minis running 10.9. I have a lot of experience with OS X Server (I held ACSA up until they ditched it, and ACTC through the current OS) but I've hit a fairly large snag in configuring our DNS server. We currently run DNS via an AD server that is being retired at the end of the summer, so this is the first time our DNS will be Mac-based. That said, our network is ridiculously simple as we are a very small school. For the most part it's a flat network using the same IP range for our wired and wireless internal clients (we do have a vlan for guests but that's through Aerohive). I configured the DNS by hand, recreating the entries in our AD server (there were only about a dozen) and then adding in things that should have been there in the first place (e.g. printers and some other devices with static IPs that I'd like FQDNs for). Everything seemed to be working fine...until trying to log into Open Directory accounts.
For some background, the DNS server running 10.9 was the first server we upgraded and it was a completely clean install. We run DHCP on another Mac Server currently running 10.6.8 and it does have the proper OD server listed. All DNS entries for the OD server match our current DNS server. The issue is that it's taking some users 5-6 tries to log in with their network accounts. The errors they receive range from the login window shaking to it stating the user cannot log in at this time. This seems to be worse on client machines running 10.9. but it's appearing on machines running 10.6.8-10.9.3.
In my troubleshooting, I found that if I log in as a local user to one of those machines and do a dig for the OD server the results vary, this is where it gets weird. For example, if I dig ourodserver.ourdomain.org it will sometimes return host not found or it will sometimes resolve. If I ping the same thing it will sometimes work (even after stating it cannot resolve the host) and it will sometimes fail. If I then try a dig for the .local (e.g. ourodserver.local) it also yields the same varied results. However, on every machine that I've tested if I then open a Finder window and navigate to the server via the "Shared" menu and connect I have no trouble connecting and then magically my digs and pings in terminal work. If I revert DNS back to point to our old Windows server the issue goes away. I have meticulously combed through that server many many times now and am not seeing any missed entries. Any idea what could be causing this?You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable. -
How to configure DNS server to redirect all web traffic to one external website?
I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
(BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof. So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc.
If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address. This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server. Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests. There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want. Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too. But this is also rather more pieces than a DNS redirect, too. -
How do I create a backup DNS server?
Hi All,
I've got my production server (Xserve Intel) running 10.6 and it is our primary DNS server. I've gotta take it down to do some work on it, but by doing so, no one in the organization will be able to access the internet.
I'd like to set up my old Xserve (G5, running 10.5) as a backup DNS server that can handle the DNS requests whenever I need to take the main server down. Unfortunately, I'm kind of a DNS n00b.
What is the best way to go about this?
Thanks,
ChrisOh, quite embarrassing. I complained about not understanding the author of the article when I was actually speaking to the author. How rude! Apologies, kind sir.
I've now got it set up correctly with your help, it seems. I've just got a few other questions regarding the Secondary DNS Server if you don't mind:
1) Do I set any forwarder IP Addresses on the secondary server? Should I put the same forwarders that I use on my primary, or should I put the IP address of my primary in there, or should I just leave it blank?
2) *Edit - Ignore question 2; found the answer in your guide*
3) When I look at the secondary zones, they don't seem to be populated with any data. . . Does this mean that the secondary server is completely reliant on the primary server to function correctly? In other words, *when I take my primary server offline, does the secondary server still work?*
Thanks,
Chris
Message was edited by: cscrofani -
Proper Configuration of DNS server for our new branch office
Hi All,
Our new office will setup a new branch office with a routed network link to our HO. In HO, we have 2 domain controllers configured as AD and DNS just for fail over scenarios.
How will we configure the DNS server of our 3rd domain controller which we will placed in the new branch office. What would be the proper settings of DNS server integrated to AD to work well especially to have a successful replication and communication to
the 2 DC's located in HO?Hi,
If you have multiple DC's in that site i would recommend using any of the partner DC's IP addresses as preferred one and secondary DNS IP to pointing to itself. Dont use loopback addresses configure it with actual IP addresses.
If you have only one server in branch office point itself as the primary DNS and HO DC as secondary and tertiary.
Make sure that all clients in your branch site are pointing to the branch DC as primary DNS server.
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! -
2K8 - Best practice for setting the DNS server list on a DC/DNS server for an interface
We have been referencing the article
"DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers"
http://technet.microsoft.com/en-us/library/dd378900%28WS.10%29.aspx but there are some parts that are a bit confusing. In particular is this statement
"The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain
controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller.
The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.”
The paragraph switches from using the term "its own IP address" to "loopback" address. This is confusing becasuse technically they are not the same. Loppback addresses are 127.0.0.1 through 127.255.255.255. The resolution section then
goes on and adds the "loopback address" 127.0.0.1 to the list of DNS servers for each interface.
In the past we always setup DCs to use their own IP address as the primary DNS server, not 127.0.0.1. Based on my experience and reading the article I am under the impression we could use the following setup.
Primary DNS: Locally assigned IP of the DC (i.e. 192.168.1.5)
Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
Tertiary DNS: 127.0.0.1
I guess the secondary and tertiary addresses could be swapped based on the article. Is there a document that provides clearer guidance on how to setup the DNS server list properly on Windows 2008 R2 DC/DNS servers? I have seen some other discussions
that talk about the pros and cons of using another DC/DNS as the Primary. MS should have clear guidance on this somewhere.Actually, my suggestion, which seems to be the mostly agreed method, is:
Primary DNS: Locally assigned IP of the DC (i.e. 192.168.1.5)
Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
Tertiary DNS: empty
The tertiary more than likely won't be hit, (besides it being superfluous and the list will reset back to the first one) due to the client side resolver algorithm time out process, as I mentioned earlier. Here's a full explanation on how
it works and why:
This article discusses:
WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB).
The DNS Client Side Resolver algorithm.
If one DC or DNS goes down, does a client logon to another DC?
DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders)
Client side resolution process chart
http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-
logon-to-another-dc-and-dns-forwarders-algorithm.aspx
DNS
Client side resolver service
http://technet.microsoft.com/en-us/library/cc779517.aspx
The DNS Client Service Does Not Revert to Using the First Server in the List in Windows XP
http://support.microsoft.com/kb/320760
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I agree with this proposed solution as well:
Primary DNS: Locally assigned IP of the DC (i.e. 192.168.1.5)
Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
Tertiary DNS: empty
One thing to note, in this configuration the Best Practice Analyzer will throw the error:
The network adapter Local Area Connection 2 does not list the loopback IP address as a DNS server, or it is configured as the first entry.
Even if you add the loopback address as a Tertiary DNS address the error will still appear. The only way I've seen this error eliminated is to add the loopback address as the second entry in DNS, so:
Primary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
Secondary DNS: 127.0.0.1
Tertiary DNS: empty
I'm not comfortable not having the local DC/DNS address listed so I'm going with the solution Ace offers.
Opinion? -
Server 2008 R2 DNS Server can not open active directory erro 4000
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly
and reload the zone. The event data is the error code. Error 4000
This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access
Denied. Would you like to add it anyway?
PLEASE HELPHi,
According to your description, my understanding is that DNS unable to open Active Directory with error 4000.
This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC. This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
You may check AD DS using command line “DCdiag” (run as administrator). besides, you may try to stop and restart AD DS service(detailed steps reference the link:
http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx ), make sure that the AD DS is running correctly.
Then restart the DNS service, detailed steps reference the link:
http://technet.microsoft.com/en-us/library/cc735673(v=ws.10).aspx .
If the problem still exits, is there any other DC or DNS on your network? Post the TCP/IP parameters (ipconfig /all) of DC and DNS here.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Change of DNS server setting caused Exchange outages!
I am trying to google/bing my way through this, but here are the main points:
All remote Exchange servers had a) static IP addresses and b) were instructed to use DNS servers in Edmonton and Calgary
If WAN links dropped, they lost DNS
SOLUTION! Point remote servers to the domain controller in that location as the primary DNS server. WAN outage means Exchange still resolves names locally.
Well the day came and we add the local DNS server for each remote site as the primary DNS server at the top of "DNS server addresses, in order of use" portion of advanced TCP/IP settings dialogue box.
A reboot is performed
Voila! Exchange shits the bed! Hub transport servers in Edmonton and Calgary cannot resolve remote server names; as in no host(a) record exists for them anymore. And we have a 91 minute outage until the DNS is sorted out (ipconfig /registerdns run on each
server).
Has anyone encountered this or have some deep knowledge of DNS (relative to my own) that could at least throw out a theory as to why this might happen?Hi, please issue Get-ExchangeServer -Identity "ServerName" -status | fl and check:
CurrentDomainControllers
CurrentGlobalCatalogs
CurrentConfigDomainController
The server must been linked to the wrong server. You can change that in powershell too.
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
Secondary DNS failing to redirect clients when Primary DNS goes down
I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : mydomain.com
Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: IntersiteLooks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Hi All,
I have set up 2 Windows Server 2012 domain controllers (DCA & DCB). DCA points at DCB as the primary DNS, and itself as the alternate DNS. DCB points at DCA as the primary DNS, and itself as the alternate DNS.
When both DCs are running and if I do an nslookup on DCA: The result is as follows:
Default Server: dcb.testdomain.com
Address: 30.30.30.2
nslookup on DCB:
Default Server: dca.testdomain.com
Address: 30.30.30.1
Client PC (Windows 7 Pro):
1st DNS : 30.30.30.31
Alternate DNS: 30.30.30.32
nslookup on the client PC
Default Server: dca.testdomain.com
Address: 30.30.30.1
Up to here everything is fine. Now if I turn off DCA, and do an nslookup, the result is as follows:
DCB nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
Client PC nslookup:
DNS request timed out.
time out was 2 seconds.
Default Server Unknown
Address: 30.30.30.31
I waited for more than 15 minutes an tried again, it didn't help.
I have been reading a few similar posts on this matter, but couldn't find the answer.
I would expected it to display the DCB when I do an nslookup.
Question 1: Shouldn't that display DCB rather than displaying a time out message when I do nslookup?
Question 2: The fact that it displays a time out message, does it mean that more configuration needs to be done? If so please kindly advice what needs to be done.
I did an ipconfig /displaydns command. I realized that the order of DNS have changed on both DCB and the Client PC:
Now, they both display DCB on the top of the list, whereas they were displaying DCA on the top of the list prior to the shut down.
Question 3: Does it mean that the Client PC now knows that the 1st DNS is down and so it's using the 2nd DNS?
If so, why does the nslookup display the time out message?
Question 4: Is it possible to configure either of DNS Server or the DNS client, so it displays the 2nd DNS when the first DNS is not accessible and when I do nslookup?
Thank you for.Hi Ton_2013,
Based on my understanding, the issue we are experiencing is that: when the primary DNS server is down, the result of the tool Nslookup is to diaplay the time out message at first. Right?
Based on my knowledge, timed out message is means that the server did not respond to a request after a certain amount of time and a certain number of retries. Because the primary DNS server is down, it can't respond to this request and time is out. When
the primary DNS server can't respond, the secondary DNS server works to ensure effective work. And the order is changed as you said.
As to the reason why the result is still the same even when the order has changed, we can try to use Network Monitor to capture network traffic and view and analyze it to find the cause. And the cause may be the cache. For your information, please refer
to the following link to download the tool Network Monitor:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
Regards,
Lany Zhang
Maybe you are looking for
-
Issue with adding a new value to the Default Login Page
Hopefully this is an easy one guys, I've added a select list item to the standard login page (P101) to allow the user to select a DOMAIN as well as entering their username and password. When the next page is displayed and I try to retrieve the value
-
Printer issue with Oracle11i Arabic report
Hi We are using Oracle11i(11.5.10.2) on Aix 5.3 Oracle11i Arabic report output is not properly printing on printer. Number in Arabic in Report is not printing ,it is printing international number like 1,2,3 we are using PAST driver and report in Text
-
I have no idea what the password is to use the wlan-17d6 wi-fi?
how do i find the password for wlan-17d6 wi=fi?
-
[Solved] Conky doesn't show network speed
Hello Archers! I have my old conky config with net speed indication which worked in past but stopped working this installation. My user is in "network" group and I have ${font monospace:bold:size=10}NETWORK ${hr 2} ${font monospace:normal:size=10}Dow
-
My ipod nano is almost exactly 1 year old and I need help quick! From the main menu, whenever I click the center button, it resets the ipod. However, it only does it when I try to click on "Music". If I use the center button to select "Photos" or "Se