Primary DNS server

Similar Messages

• Can´t communicate with the primary DNS Server 200.49.156.5: and now?

  Hi,
  I have connected a Sony Vaio with a Linksys WRT54G router, using broadband cable provided by a Motorola Surfboard Modem (model 5b5100i)
  I followed all the steps from the router´s CD.
  Finally I connected a network cable to the port 1 of the router and on the other extreme the Motorola Modem is now connected. As result, since I  have a desktop already connected to the modem, there are now 2 connections on the back of the motorola modem, 1 for a desktop that uses its USB plug and a 2nd, which uses a network cable (ethernet connection) and that plugs at the end to the Linksys router. connection is ok based on the Linksys CD.
  The wireless card of 2 different laptops recognize the router´s signal, but no internet copnnection is available. 
  after diagnostic on network problems by Vista Windows, I receive the following message
  ¨"Cannot communicate with the primary DNS Server 200.49.156.5"
  What does it mean? what needs to be set in order to make it work?
  Thanks in advance for any help

  I talked to a tech support form my cable company and the motorola only provides 1 IP address, therefore, in order to make a router work (it will need its own IP address, a 2nd one), you need to buy an ADDITIONAL internet connection or access point....this company is in Argentina. While I lived in the US (last month) they allowed me to have multiple computers from the same one connection.
  bottom line, calll your ISP and tell them you need either to install the router on your connection OR to have an additional internet cable input....
  just my 2 cents...business rules.

• GSS as primary DNS Server for Intranet

  Hi,
  Can the GSS be used as a as primary DNS server for Intranet? An additional DNS server can be configured to answer the unknown Records like MX by GSS.
  if it can be configured, I would be thankful if anyone shares with me the brief configuration steps Apart from configuring Answers, answer groups, domain lists, source address lists, DNS rules.
  with thanks
  sathappan

  Yeah I'd certainly recommend against it! So essentially the client machines are unable to update or query dynamic AD related DNS records since they're not pointing to the DNS servers actually used by your AD server(s). I could well imagine that causing
  issues, and meaning that some AD functionality won't work correctly.
  I know you can directly integrate BIND with AD, eg so that the BIND servers are the ones used by AD, though I haven't tried it, but this seems to be neither.
  I can't find any articles relating to your exact situation, presumably no one else has tried to use such a mixed and disjoined setup. I'd focus on looking for articles relating to why you shouldn't point your users at a router (most commonly in small setups
  on ADSL) for the DNS rather than directing them to the server for DNS and then having that query the router for external results. It's a more common scenario and you're more likely to find articles relating to it.
  One article you might find useful is
  http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx which talks in terms of using your ISP's DNS servers on the client machines, but in your situation it sounds like the BIND servers are essentially providing an equivalent
  setup.
  There's also various discussions and comments on the topic elsewhere on these forums, for instance
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c3ba3859-765e-4b3f-add0-eaf2c18e1068/i-have-dns-in-a-router-and-i-want-to-install-domain-controller?forum=winservergen and
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/b5df8fd4-7ab2-4d1e-afe2-c5263c4d69c3/dns-server-forwarding-and-clients-getting-address-of-registrars-ip?forum=winserverNIS which are worth checking out.

• Remote login: cannot connect to primary DNS server

  To what should I set the DNS under 'Computers and Services'? I cannot get any computers (Mac or Win) to remotely connect to the network, it says cannot connect to primary DNS. The goal is to have users have access to home directories from remote locations but I cannot seem to get a connection. Help please...
  Message was edited by: mrsmittys

  Hi
  A bit vague on details and I have to question why you would want to do this anyway? For example 10-20 users all accessing home directories remotely would be hard work if not practically impossible. What is the bandwidth on the host’s broadband service?
  That said there are a number of ways of doing this the easiest being a VPN. Ideally a fixed public IP address at the site that the server is at and a router capable of supporting VPN connections. I’ve always found ZyXel Prestige 662 Routers and IPSecuritas (which is available free as a download – just remember to donate) a good combination. Once the tunnel has been built the remote client will be able to access any resource at the host site as if it was in the same building.
  Again I would steer you away from this as the connection may prove to be unreliable depending on users and usage. A more workable solution would be Portable Home Directories. With PHD you can work with Home Folders without being connected to the host network. The Home folders would synchronize the next time the client connected to the network.
  Are your home folders Open Directory networked home folders or just folders created that are defined as a paticular user’s folder? If its an Open Directory Networked Home folder then internal DNS Services configured and running somewhere would be absolutely crucial as Open Directory will not function without it.
  I have to be honest and say I dont think you have really thought this through (no offense intended), however keep posting. No doubt others will offer views and opinions that may further assist you.
  Tony

• Changing primary DNS server in Unity 10.5

  We have a Unity server that has a DNS setting that is no longer valid. I was wondering if it would change the license MAC and invalidate the licenses if I were to change that primary and secondary DNS setting.
  Thanks,
  Jordan

  I believe you only need to delete and add again in PLM if you do that, and you're using co-res PLM where you're changing that

• PC not asking the alternate DNS Server after the primary is unavailable

  Hello,
  Our PCs are members of AD Domain and are configured to use two internal DNS servers, one as the primary and the seconde as the alternate. The two DSN server are DCs.
  I've faced an odd probleme yesterday when I've restarted the Primary dns server ...The server started normaly but the DNS Server service didn't. All the PC's where unable to resolve IP addresses! When I looked closely I found the it was a dns issue, the PCs
  were not asking to resolve name using the alternate dns server.
  Is there a specific configuration to setup on the client PCs to overcome this issue
  Best regards,

  Hello zinezine,
  What is your current situation?
  Have you try to check the firewall as mystifeid mentioned?
  If the issue still exists, please refer to the following blog to capture the network traffic, upload it to OneDrive and share it with us.
  http://blogs.technet.com/b/messageanalyzer/archive/2012/09/17/meet-the-successor-to-microsoft-network-monitor.aspx
  Upload to OneDrive:
  http://windows.microsoft.com/en-us/onedrive/add-photos-files
  Share files:
  http://windows.microsoft.com/en-us/onedrive/share-file-folder
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• DNS Server Having Intermittent Issues with Open Directory

  I work for a school and we're undertaking the large task of moving from Xserves running 10.6.8 to Mac Minis running 10.9. I have a lot of experience with OS X Server (I held ACSA up until they ditched it, and ACTC through the current OS) but I've hit a fairly large snag in configuring our DNS server. We currently run DNS via an AD server that is being retired at the end of the summer, so this is the first time our DNS will be Mac-based. That said, our network is ridiculously simple as we are a very small school. For the most part it's a flat network using the same IP range for our wired and wireless internal clients (we do have a vlan for guests but that's through Aerohive). I configured the DNS by hand, recreating the entries in our AD server (there were only about a dozen) and then adding in things that should have been there in the first place (e.g. printers and some other devices with static IPs that I'd like FQDNs for). Everything seemed to be working fine...until trying to log into Open Directory accounts.
  For some background, the DNS server running 10.9 was the first server we upgraded and it was a completely clean install. We run DHCP on another Mac Server currently running 10.6.8 and it does have the proper OD server listed. All DNS entries for the OD server match our current DNS server. The issue is that it's taking some users 5-6 tries to log in with their network accounts. The errors they receive range from the login window shaking to it stating the user cannot log in at this time. This seems to be worse on client machines running 10.9. but it's appearing on machines running 10.6.8-10.9.3.
  In my troubleshooting, I found that if I log in as a local user to one of those machines and do a dig for the OD server the results vary, this is where it gets weird. For example, if I dig ourodserver.ourdomain.org it will sometimes return host not found or it will sometimes resolve. If I ping the same thing it will sometimes work (even after stating it cannot resolve the host) and it will sometimes fail. If I then try a dig for the .local (e.g. ourodserver.local) it also yields the same varied results. However, on every machine that I've tested if I then open a Finder window and navigate to the server via the "Shared" menu and connect I have no trouble connecting and then magically my digs and pings in terminal work. If I revert DNS back to point to our old Windows server the issue goes away. I have meticulously combed through that server many many times now and am not seeing any missed entries. Any idea what could be causing this?

  You must have a working DNS service, and the server's hostname must match its fully-qualified domain name. To confirm, select the server by name in the sidebar of the Server application window, then select the Overview tab. Click the Edit button on the Host Name line. On the Accessing your Server sheet, Domain Name should be selected. Change the Host Name, if necessary. The server must have at least a three-level name (e.g. "server.yourdomain.com"), and the name must not be in the ".local" top-level domain, which is reserved for Bonjour.
  The primary DNS server used by the server must be 127.0.0.1 (that is, itself) unless you're using another server for internal DNS. The only DNS server set on the clients should be the internal one, which they should get from DHCP if applicable.

• How to configure DNS server to redirect all web traffic to one external website?

  I'd like to use the DNS service on my OS X Server as a way to force all all web traffic to one specific, external website. Not quite sure how to go about configuring it, though - any recommendations?
  (BTW, this is, obviously, not our primary DNS server; I intend to silently update the preferred DNS server for users who fail to complete their timesheets in order to force the issue)

  Web clients don't generate uniquely-identifiable DNS queries; there's no SRV request or related traffic that you could select on and spoof.  So if you do implement this, everything querying the spoofing DNS server will get the spoofed host, or you'll have to spot specific queries that are likely web queries; Facebook, Google, Bing, etc. 
  If you still want to implement this, then I'd probably replace the DNS server with a runt DNS server (maybe hack dnsmasq or maraDNS, or create yourself a trivial DNS server) and have that always return the specified IP address.  This avoids having to hack BIND to be universally authoritative, which is probably on par with hacking a simpler DNS server to always return a fixed IP address, and the latter is probably easier to undo.
  A firewall can spot TCP port 80 and port 443 traffic, unlike a DNS server.   Firewalling outbound port 80 traffic is more typical of these requests, and either trap that traffic to a specific web page based on the capabilities of the firewall, or the web proxy approach that Camelot suggests.  There are folks that tie access into the web proxies into external authentication and related; that'd be able to do what you want.   Web proxies are usually combined with firewall blocks, as most sites want only the web proxy to have external access, too.  But this is also rather more pieces than a DNS redirect, too.

• How do I create a backup DNS server?

  Hi All,
  I've got my production server (Xserve Intel) running 10.6 and it is our primary DNS server. I've gotta take it down to do some work on it, but by doing so, no one in the organization will be able to access the internet.
  I'd like to set up my old Xserve (G5, running 10.5) as a backup DNS server that can handle the DNS requests whenever I need to take the main server down. Unfortunately, I'm kind of a DNS n00b.
  What is the best way to go about this?
  Thanks,
  Chris

  Oh, quite embarrassing. I complained about not understanding the author of the article when I was actually speaking to the author. How rude! Apologies, kind sir.
  I've now got it set up correctly with your help, it seems. I've just got a few other questions regarding the Secondary DNS Server if you don't mind:
  1) Do I set any forwarder IP Addresses on the secondary server? Should I put the same forwarders that I use on my primary, or should I put the IP address of my primary in there, or should I just leave it blank?
  2) *Edit - Ignore question 2; found the answer in your guide*
  3) When I look at the secondary zones, they don't seem to be populated with any data. . . Does this mean that the secondary server is completely reliant on the primary server to function correctly? In other words, *when I take my primary server offline, does the secondary server still work?*
  Thanks,
  Chris
  Message was edited by: cscrofani

• Proper Configuration of DNS server for our new branch office

  Hi All,
  Our new office will setup a new branch office with a routed network link to our HO. In HO, we have 2 domain controllers configured as AD and DNS just for fail over scenarios.
  How will we configure the DNS server of our 3rd domain controller which we will placed in the new branch office. What would be the proper settings of DNS server integrated to AD to work well especially to have a successful replication and communication to
  the 2 DC's located in HO?

  Hi,
  If you have multiple DC's in that site i would recommend using any of the partner DC's IP addresses as preferred one and secondary DNS IP to pointing to itself. Dont use loopback addresses configure it with actual IP addresses.
  If you have only one server in branch office point itself as the primary DNS and HO DC as secondary and tertiary.
  Make sure that all clients in your branch site are pointing to the branch DC as primary DNS server.
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• 2K8 - Best practice for setting the DNS server list on a DC/DNS server for an interface

  We have been referencing the article 
  "DNS: DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers"
  http://technet.microsoft.com/en-us/library/dd378900%28WS.10%29.aspx but there are some parts that are a bit confusing.  In particular is this statement
  "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain
  controller and it points only to itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller.
  The loopback address should be configured only as a secondary or tertiary DNS server on a domain controller.”
  The paragraph switches from using the term "its own IP address" to "loopback" address.  This is confusing becasuse technically they are not the same.  Loppback addresses are 127.0.0.1 through 127.255.255.255. The resolution section then
  goes on and adds the "loopback address" 127.0.0.1 to the list of DNS servers for each interface.
  In the past we always setup DCs to use their own IP address as the primary DNS server, not 127.0.0.1.  Based on my experience and reading the article I am under the impression we could use the following setup.
  Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
  Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
  Tertiary DNS:  127.0.0.1
  I guess the secondary and tertiary addresses could be swapped based on the article.  Is there a document that provides clearer guidance on how to setup the DNS server list properly on Windows 2008 R2 DC/DNS servers?  I have seen some other discussions
  that talk about the pros and cons of using another DC/DNS as the Primary.  MS should have clear guidance on this somewhere.

  Actually, my suggestion, which seems to be the mostly agreed method, is:
  Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
  Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
  Tertiary DNS:  empty
  The tertiary more than likely won't be hit, (besides it being superfluous and the list will reset back to the first one) due to the client side resolver algorithm time out process, as I mentioned earlier. Here's a full explanation on how
  it works and why:
  This article discusses:
  WINS NetBIOS, Browser Service, Disabling NetBIOS, & Direct Hosted SMB (DirectSMB).
  The DNS Client Side Resolver algorithm.
  If one DC or DNS goes down, does a client logon to another DC?
  DNS Forwarders Algorithm and multiple DNS addresses (if you've configured more than one forwarders)
  Client side resolution process chart
  http://msmvps.com/blogs/acefekay/archive/2009/11/29/dns-wins-netbios-amp-the-client-side-resolver-browser-service-disabling-netbios-direct-hosted-smb-directsmb-if-one-dc-is-down-does-a-client-
  logon-to-another-dc-and-dns-forwarders-algorithm.aspx
  DNS
  Client side resolver service
  http://technet.microsoft.com/en-us/library/cc779517.aspx 
  The DNS Client Service Does Not Revert to Using the First Server in the List in Windows XP
  http://support.microsoft.com/kb/320760
  Ace Fekay
  MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.
  I agree with this proposed solution as well:
  Primary DNS:  Locally assigned IP of the DC (i.e. 192.168.1.5)
  Secondary DNS: The assigned IP of another DC (i.e. 192.168.1.6)
  Tertiary DNS:  empty
  One thing to note, in this configuration the Best Practice Analyzer will throw the error:
  The network adapter Local Area Connection 2 does not list the loopback IP address as a DNS server, or it is configured as the first entry.
  Even if you add the loopback address as a Tertiary DNS address the error will still appear. The only way I've seen this error eliminated is to add the loopback address as the second entry in DNS, so:
  Primary DNS:  The assigned IP of another DC (i.e. 192.168.1.6)
  Secondary DNS: 127.0.0.1
  Tertiary DNS:  empty
  I'm not comfortable not having the local DC/DNS address listed so I'm going with the solution Ace offers.
  Opinion?

• Server 2008 R2 DNS Server can not open active directory erro 4000

  The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly
  and reload the zone. The event data is the error code. Error 4000
  This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access
  Denied. Would you like to add it anyway?
  PLEASE HELP

  Hi,
  According to your description, my understanding is that DNS unable to open Active Directory with error 4000.
  This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC. This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
  You may check AD DS using command line “DCdiag” (run as administrator). besides, you may try to stop and restart AD DS service(detailed steps reference the link:
  http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx ), make sure that the AD DS is running correctly.
  Then restart the DNS service, detailed steps reference the link:
  http://technet.microsoft.com/en-us/library/cc735673(v=ws.10).aspx .
  If the problem still exits, is there any other DC or DNS on your network? Post the TCP/IP parameters (ipconfig /all) of DC and DNS here.
  Best Regards,           
  Eve Wang     
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Change of DNS server setting caused Exchange outages!

  I am trying to google/bing my way through this, but here are the main points:
  All remote Exchange servers had a) static IP addresses and b) were instructed to use DNS servers in Edmonton and Calgary
  If WAN links dropped, they lost DNS
  SOLUTION! Point remote servers to the domain controller in that location as the primary DNS server. WAN outage means Exchange still resolves names locally.
  Well the day came and we add the local DNS server for each remote site as the primary DNS server at the top of "DNS server addresses, in order of use" portion of advanced TCP/IP settings dialogue box.
  A reboot is performed
  Voila! Exchange shits the bed! Hub transport servers in Edmonton and Calgary cannot resolve remote server names; as in no host(a) record exists for them anymore. And we have a 91 minute outage until the DNS is sorted out (ipconfig /registerdns run on each
  server).
  Has anyone encountered this or have some deep knowledge of DNS (relative to my own) that could at least throw out a theory as to why this might happen?

  Hi, please issue Get-ExchangeServer -Identity "ServerName" -status | fl and check:
  CurrentDomainControllers
  CurrentGlobalCatalogs  
  CurrentConfigDomainController
  The server must been linked to the wrong server. You can change that in powershell too.
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Secondary DNS failing to redirect clients when Primary DNS goes down

  I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual).  Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x). 
  All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS. 
  DHCP is enabled only on DC1.  (This might be part of the issue, not sure).
  The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients.  Trying to pull up any website results in a "Page cannot be displayed" error.  DC2 is available during this time and can be
  pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations.  However I can log on to DC2 locally and browse the web. 
  Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
  Directory Server Diagnosis
  Performing initial setup:
     * Connecting to directory service on server DC2.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 2 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\DC2
        Starting test: Connectivity
  * Active Directory LDAP Services Check
  Determining IP4 connectivity
  Determining IP6 connectivity
  * Active Directory RPC Services Check
  ......................... DC2 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\DC2
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Starting test: DNS
  DNS Tests are running and not hung. Please wait a few minutes...
  See DNS test in enterprise tests section for results
  ......................... DC2 passed test DNS
     Running partition tests on : ForestDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : DomainDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Schema
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Configuration
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : mydomain
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running enterprise tests on : mydomain.com
        Starting test: DNS
  Test results for domain controllers:
   DC: DC2.mydomain.com
  Domain: mydomain.com
  TEST: Authentication (Auth)
  Authentication test: Successfully completed
  TEST: Basic (Basc)
                    Microsoftr Windows Serverr 2008 Standard 
  (Service Pack level: 2.0)
  is supported
  NETLOGON service is running
  kdc service is running
  DNSCACHE service is running
                    DNS service is running
  DC is a DNS server
  Network adapters information:
  Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
  MAC address is 00:0C:29:91:59:68
  IP Address is static
  IP address: 192.168.0.249
  DNS servers:
  192.168.0.105 (DC1.mydomain.com.) [Valid]
  127.0.0.1 (DC2) [Valid]
  The A host record(s) for this DC was found
  Warning: The AAAA record for this DC was not found
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
                    The SOA record for the Active Directory zone was found
  The Active Directory zone on this DC/DNS server was found primary
  Root zone on this DC/DNS server was not found
  TEST: Forwarders/Root hints (Forw)
  Recursion is enabled
  Forwarders Information:
  192.168.0.105 (DC1.mydomain.com.) [Valid]
  192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
   Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
  TEST: Delegations (Del)
  Delegation information for the zone: mydomain.com.
  Delegated domain name: _msdcs.mydomain.com.
  DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
  TEST: Dynamic update (Dyn)
  Test record _dcdiag_test_record added successfully in zone mydomain.com
  Test record _dcdiag_test_record deleted successfully in zone mydomain.com
  TEST: Records registration (RReg)
  Network Adapter
  [00000006] Intel(R) PRO/1000 MT Network Connection:
  Matching CNAME record found at DNS server 192.168.0.105:
  a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.105:
  DC2.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.105:
  DC2.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._udp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kpasswd._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.gc._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.105:
  gc._msdcs.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.105:
  gc._msdcs.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.105:
  _gc._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.105:
  _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
  Matching CNAME record found at DNS server 192.168.0.249:
          a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.249:
  DC2.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.249:
  DC2.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
               Matching 
  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._udp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kpasswd._tcp.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
             Matching 
  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.gc._msdcs.mydomain.com
  Matching A record found at DNS server 192.168.0.249:
  gc._msdcs.mydomain.com
  Warning:
  Missing AAAA record at DNS server 192.168.0.249:
  gc._msdcs.mydomain.com
  [Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
  Matching  SRV record found at DNS server 192.168.0.249:
  _gc._tcp.Default-First-Site-Name._sites.mydomain.com
  Matching  SRV record found at DNS server 192.168.0.249:
  _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
  Warning: Record Registrations not found in some network adapters
  TEST: External name resolution (Ext)
  Internet name www.microsoft.com was resolved successfully
  Summary of test results for DNS servers used by the above domain
  controllers:
  DNS server: 192.168.0.7 (<name unavailable>)
  1 test failure on this DNS server
  PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7              
  [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
  DNS server: 192.168.0.105 (DC1.mydomain.com.)
  All tests passed on this DNS server
  Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
  DNS delegation for the domain  _msdcs.mydomain.com. is operational on IP 192.168.0.105
  DNS server: 192.168.0.249 (DC2)
  All tests passed on this DNS server
  Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
  Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
  Domain: mydomain.com
  DC2                      
  PASS WARN FAIL PASS PASS WARN PASS
  ......................... mydomain.com failed test DNS
        Test omitted by user request: LocatorCheck
        Test omitted by user request: Intersite

  Looks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
  Check out this article:
  http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
  See if you can enable DNS access through the firewall to the Internet if it's not already available.  Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers.  Alternativly,
  you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Nslookup: DNS request timed out. time out was 2 seconds. (When the primary DNS is down)

  Hi All,
  I have set up 2 Windows Server 2012 domain controllers (DCA & DCB). DCA points at DCB as the primary DNS, and itself as the alternate DNS. DCB points at DCA as the primary DNS, and itself as the alternate DNS.
  When both DCs are running and if I do an nslookup on DCA: The result is as follows:
  Default Server: dcb.testdomain.com
  Address: 30.30.30.2
  nslookup on DCB:
  Default Server: dca.testdomain.com
  Address: 30.30.30.1
  Client PC (Windows 7 Pro):
  1st DNS : 30.30.30.31
  Alternate DNS: 30.30.30.32
  nslookup on the client PC
  Default Server: dca.testdomain.com
  Address: 30.30.30.1
  Up to here everything is fine. Now if I turn off DCA, and do an nslookup, the result is as follows:
  DCB nslookup:
  DNS request timed out.
         time out was 2 seconds.
  Default Server Unknown
  Address: 30.30.30.31
  Client PC nslookup:
  DNS request timed out.
         time out was 2 seconds.
  Default Server Unknown
  Address: 30.30.30.31
  I waited for more than 15 minutes an tried again, it didn't help.
  I have been reading a few similar posts on this matter, but couldn't find the answer.
  I would  expected it to display the DCB when I do an nslookup.
  Question 1: Shouldn't that display DCB rather than displaying a time out message when I do nslookup?
  Question 2: The fact that it displays a time out message, does it mean that more configuration needs to be done? If so please kindly advice what needs to be done. 
  I did an ipconfig /displaydns command. I realized that the order of DNS have changed on both DCB and the Client PC:
  Now, they both display DCB on the top of the list, whereas they were displaying DCA on the top of the list prior to the shut down.
  Question 3: Does it mean that the Client PC now knows that the 1st DNS is down and so it's using the 2nd DNS?
  If so, why does the nslookup display the time out message?
  Question 4: Is it possible to configure either of DNS Server or the DNS client, so it displays the 2nd DNS when the first DNS is not accessible and when I do nslookup?
  Thank you for. 

  Hi Ton_2013,
  Based on my understanding, the issue we are experiencing is that: when the primary DNS server is down, the result of the tool Nslookup is to diaplay the time out message at first. Right?
  Based on my knowledge, timed out message is means that the server did not respond to a request after a certain amount of time and a certain number of retries. Because the primary DNS server is down, it can't respond to this request and time is out. When
  the primary DNS server can't respond, the secondary DNS server works to ensure effective work. And the order is changed as you said.
  As to the reason why the result is still the same even when the order has changed, we can try to use Network Monitor to capture network traffic and view and analyze it to find the cause. And the cause may be the cache. For your information, please refer
  to the following link to download the tool Network Monitor:
  http://www.microsoft.com/en-hk/download/details.aspx?id=4865
  Regards,
  Lany Zhang