Dynamic DNS not working

Workstations on our domain are not automatically being registered in our
forward zone. We are running Windows 2003 server for a primary domain
controller. I have dynamic updates set to "secure," but I also tried
"nonsecure and secure."

In every other respect, our domain functions fine, but I need A records
created.
Here is a ipconfig /all from one of the workstations:


C:\Documents and Settings\Administrator.CBS2KDOM1>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : reptile
Primary Dns Suffix . . . . . . . : cbs2kdom1
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cbs2kdom1
cbs2kdom1

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : cbs2kdom1
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated
Cont
roller
Physical Address. . . . . . . . . : 00-0B-DB-B5-EE-4B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.3.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.3.1
DHCP Server . . . . . . . . . . . : 128.253.193.198
DNS Servers . . . . . . . . . . . : 128.253.193.198
128.253.193.148
132.236.56.250
Primary WINS Server . . . . . . . : 128.253.193.198
Lease Obtained. . . . . . . . . . : Tuesday, March 23, 2010 7:22:59 AM
Lease Expires . . . . . . . . . . : Friday, March 26, 2010 7:22:59 AM

C:\Documents and Settings\Administrator.CBS2KDOM1>

Hello Mattt,

Your workstation use ip addresses as DG and DNS servers that are located
on the internet, why? In a domain where the DC hopefully has also the private
ip address 172.x.x.x in use and not the external ones, you MUST configure
the workstation to the internal domain DNS servers and not to the ISPs one
or whoever they come from.

So please clarify about 128.253.193.198, 128.253.193.148 and 132.236.56.250
used for DHCP and DNS instead the domain DC/DNS. ALso post an unedited ipconfig
/all from teh DC/DNS used in the LAN.


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Workstations on our domain are not automatically being registered in
> our forward zone. We are running Windows 2003 server for a primary
> domain controller. I have dynamic updates set to "secure," but I also
> tried "nonsecure and secure."
>
> In every other respect, our domain functions fine, but I need A
> records
> created.
> Here is a ipconfig /all from one of the workstations:
> C:\Documents and Settings\Administrator.CBS2KDOM1>ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : reptile
> Primary Dns Suffix . . . . . . . : cbs2kdom1
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : cbs2kdom1
> cbs2kdom1
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . : cbs2kdom1
> Description . . . . . . . . . . . : Broadcom 440x 10/100
> Integrated
> Cont
> roller
> Physical Address. . . . . . . . . : 00-0B-DB-B5-EE-4B
> Dhcp Enabled. . . . . . . . . . . : Yes
> Autoconfiguration Enabled . . . . : Yes
> IP Address. . . . . . . . . . . . : 172.16.3.14
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 172.16.3.1
> DHCP Server . . . . . . . . . . . : 128.253.193.198
> DNS Servers . . . . . . . . . . . : 128.253.193.198
> 128.253.193.148
> 132.236.56.250
> Primary WINS Server . . . . . . . : 128.253.193.198
> Lease Obtained. . . . . . . . . . : Tuesday, March 23, 2010
> 7:22:59 AM
> Lease Expires . . . . . . . . . . : Friday, March 26, 2010
> 7:22:59 AM
> C:\Documents and Settings\Administrator.CBS2KDOM1>
>

Good morning,
Thank you for taking the time to respond...

Our workstations are on a separate VLAN from our PDC. The "users" vlan is
172.16.3.X, while the PDC is on 128.253.193.X

There are no rules preventing connections across the VLAN's.

Below is the IPConfig from the PDC:



Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.



C:\Documents and Settings\Administrator.CBS2KDOM1>ipconfig /all



Windows IP Configuration



Host Name . . . . . . . . . . . . : cbs2k101

Primary Dns Suffix . . . . . . . : cbs2kdom1

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : cbs2kdom1

cbs.cornell.edu

cornell.edu



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : cbs2kdom1

Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
(NDIS

VBD Client)

Physical Address. . . . . . . . . : 00-1E-C9-2C-B5-B6

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 128.253.193.198

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 128.253.193.1

DNS Servers . . . . . . . . . . . : 128.253.193.198

128.253.193.148

Primary WINS Server . . . . . . . : 128.253.193.198



C:\Documents and Settings\Administrator.CBS2KDOM1>

"Mattt" <> wrote in message news:8A24A475-9311-4420-85AD-...
> Good morning,
> Thank you for taking the time to respond...
>
> Our workstations are on a separate VLAN from our PDC. The "users" vlan is
> 172.16.3.X, while the PDC is on 128.253.193.X
>
> There are no rules preventing connections across the VLAN's.
>
> Below is the IPConfig from the PDC:
>
>
>
> Microsoft Windows [Version 5.2.3790]
>
> (C) Copyright 1985-2003 Microsoft Corp.
>
>
>
> C:\Documents and Settings\Administrator.CBS2KDOM1>ipconfig /all
>
>
>
> Windows IP Configuration
>
>
>
> Host Name . . . . . . . . . . . . : cbs2k101
>
> Primary Dns Suffix . . . . . . . : cbs2kdom1
>
> Node Type . . . . . . . . . . . . : Hybrid
>
> IP Routing Enabled. . . . . . . . : No
>
> WINS Proxy Enabled. . . . . . . . : No
>
> DNS Suffix Search List. . . . . . : cbs2kdom1
>
> cbs.cornell.edu
>
> cornell.edu
>
>
>
> Ethernet adapter Local Area Connection:
>
>
>
> Connection-specific DNS Suffix . : cbs2kdom1
>
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
> (NDIS
>
> VBD Client)
>
> Physical Address. . . . . . . . . : 00-1E-C9-2C-B5-B6
>
> DHCP Enabled. . . . . . . . . . . : No
>
> IP Address. . . . . . . . . . . . : 128.253.193.198
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 128.253.193.1
>
> DNS Servers . . . . . . . . . . . : 128.253.193.198
>
> 128.253.193.148
>
> Primary WINS Server . . . . . . . : 128.253.193.198
>
>
>
> C:\Documents and Settings\Administrator.CBS2KDOM1>


What can also cause it is if the zone name in DNS is cbs2kdom1.edu or cbs2kdom1.local, but the Primary DNS suffix is cbs2kdom1, it won't work. The resolver/registration service uses the Primary DNS suffix to register into. If the zone name that matches the Primary DNS Suffix doesn't exist, then tehre's nothing to register into.

What is the AD DNS Domain Name? If you look in ADUC, it will tell you the AD DNS domain name. Is it cbs2kdom1, cbs2kdom1.edu, or cbs2kdom1.local?

Which then makes me ask, why do you have those additional Search Suffixes set?

If the AD DNS domain name and zone name are both cbs2kdom1.local or cbs2kdom1.edu, then you have a Disjointed Namespace. It doesn;t match the Primary DNS Suffix.

If the AD DNS domain name is truly cbs2kdom1, then it's a single label domain name issue.

This can also cause it. Single label names are extremely problematic. Apparently that was erroneously chosen during domain creation. Your Primary DNS Suffix is "cbs2kdom1" which is not a valid DNS zone name format. DNS is hierarchal with at least two levels, such as cbs2kdom1.com, cbs2kdom1.local, etc. After Windows 2000 SP4, Microsoft put a damper on single label names with resolving capabilities as well as with DNS registration. It's even tighter with XP SP3 and newer operating systems.

Why was this done you may ask? Good question. During resolution, DNS will actually look at the root hints before it even looks at it's own zones, which caused excessive internet DNS traffic to the root hints. ISC found it and complained, whereas Microsoft made the necessary changes to accomodate. Read my blog on it for a further explanation. There is a "bandaid" for it, but that's all it is and it must be applied to ALL machines until you get a chance to perform a rename or migrate to a new forest/domain with a properly formatted name.

Active Directory DNS Domain Name Single Label Names
http://msmvps.com/blogs/acefekay/arc...bel-names.aspx

Domain Rename With or Without Exchange
http://msmvps.com/blogs/acefekay/arc...-exchange.aspx

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.

Hello Ace Fekay [MVP-DS, MCT],

You have catched all options, nothing to add. :-)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Mattt" <> wrote in message
> news:8A24A475-9311-4420-85AD-...
>
>> Good morning,
>> Thank you for taking the time to respond...
>> Our workstations are on a separate VLAN from our PDC. The "users"
>> vlan is 172.16.3.X, while the PDC is on 128.253.193.X
>>
>> There are no rules preventing connections across the VLAN's.
>>
>> Below is the IPConfig from the PDC:
>>
>> Microsoft Windows [Version 5.2.3790]
>>
>> (C) Copyright 1985-2003 Microsoft Corp.
>>
>> C:\Documents and Settings\Administrator.CBS2KDOM1>ipconfig /all
>>
>> Windows IP Configuration
>>
>> Host Name . . . . . . . . . . . . : cbs2k101
>>
>> Primary Dns Suffix . . . . . . . : cbs2kdom1
>>
>> Node Type . . . . . . . . . . . . : Hybrid
>>
>> IP Routing Enabled. . . . . . . . : No
>>
>> WINS Proxy Enabled. . . . . . . . : No
>>
>> DNS Suffix Search List. . . . . . : cbs2kdom1
>>
>> cbs.cornell.edu
>>
>> cornell.edu
>>
>> Ethernet adapter Local Area Connection:
>>
>> Connection-specific DNS Suffix . : cbs2kdom1
>>
>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>> GigE (NDIS
>>
>> VBD Client)
>>
>> Physical Address. . . . . . . . . : 00-1E-C9-2C-B5-B6
>>
>> DHCP Enabled. . . . . . . . . . . : No
>>
>> IP Address. . . . . . . . . . . . : 128.253.193.198
>>
>> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>
>> Default Gateway . . . . . . . . . : 128.253.193.1
>>
>> DNS Servers . . . . . . . . . . . : 128.253.193.198
>>
>> 128.253.193.148
>>
>> Primary WINS Server . . . . . . . : 128.253.193.198
>>
>> C:\Documents and Settings\Administrator.CBS2KDOM1>
>>
> What can also cause it is if the zone name in DNS is cbs2kdom1.edu or
> cbs2kdom1.local, but the Primary DNS suffix is cbs2kdom1, it won't
> work. The resolver/registration service uses the Primary DNS suffix to
> register into. If the zone name that matches the Primary DNS Suffix
> doesn't exist, then tehre's nothing to register into.
>
> What is the AD DNS Domain Name? If you look in ADUC, it will tell you
> the AD DNS domain name. Is it cbs2kdom1, cbs2kdom1.edu, or
> cbs2kdom1.local?
>
> Which then makes me ask, why do you have those additional Search
> Suffixes set?
>
> If the AD DNS domain name and zone name are both cbs2kdom1.local or
> cbs2kdom1.edu, then you have a Disjointed Namespace. It doesn;t match
> the Primary DNS Suffix.
>
> If the AD DNS domain name is truly cbs2kdom1, then it's a single label
> domain name issue.
>
> This can also cause it. Single label names are extremely problematic.
> Apparently that was erroneously chosen during domain creation. Your
> Primary DNS Suffix is "cbs2kdom1" which is not a valid DNS zone name
> format. DNS is hierarchal with at least two levels, such as
> cbs2kdom1.com, cbs2kdom1.local, etc. After Windows 2000 SP4, Microsoft
> put a damper on single label names with resolving capabilities as well
> as with DNS registration. It's even tighter with XP SP3 and newer
> operating systems.
>
> Why was this done you may ask? Good question. During resolution, DNS
> will actually look at the root hints before it even looks at it's own
> zones, which caused excessive internet DNS traffic to the root hints.
> ISC found it and complained, whereas Microsoft made the necessary
> changes to accomodate. Read my blog on it for a further explanation.
> There is a "bandaid" for it, but that's all it is and it must be
> applied to ALL machines until you get a chance to perform a rename or
> migrate to a new forest/domain with a properly formatted name.
>
> Active Directory DNS Domain Name Single Label Names
> http://msmvps.com/blogs/acefekay/arc...ve-directory-d
> ns-domain-name-single-label-names.aspx
>
> Domain Rename With or Without Exchange
> http://msmvps.com/blogs/acefekay/arc...in-rename-with
> -or-without-exchange.aspx
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
> & MCSA 2003/2000, MCSA Messaging 2003
>
> Microsoft Certified Trainer
>
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
> please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>

Thanks for the suggestions. I guess we will have to go through the process
of setting up a new domain, etc.

Thanks again,
Matt

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message news:. com...
> Hello Ace Fekay [MVP-DS, MCT],
>
> You have catched all options, nothing to add. :-)
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I wasn't sure if that was a typo at first, but I saw it referenced throughout the post, so it kind of made me think the single label name is the issue!

Thanks, Meinolf.



--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.