Can't get DNS right

Discussion in 'DNS Server' started by Netware2Microsoft, Aug 24, 2004.

  1. I've read several posts about having NSLookup errors and
    after fixing the reverse lookup zone I SEEM to have the
    result I need. NSLookup displays the name of my server
    and the IP address. However, when I go to my PC to
    connect to my W2003Server, I can get a reply from pinging
    my server's address but NOT the name. I assume something
    is still screwed up in my server's DNS. On my PC, my
    preferred DNS IP is the IP of my server and I don't have
    any records of my ISPs IP in the TCP/IP properties. When
    I try to change from workgroup to my domain, it can't
    find the domain. I'm clueless right now. I appreciate
    the help.

    Thanks,
    Dale
     
    Netware2Microsoft, Aug 24, 2004
    #1
    1. Advertisements

  2. In
    Post the ipconfig /all from the Domain Controller and the client.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 24, 2004
    #2
    1. Advertisements

  3. Ok, you need to post here an ipconfig /all (do this from cmd).
    Further, it would help if you told us which forward lookup zones you
    have in the DNS server. Another issue is that you haven't tried
    mixing public/private DNS data have you?

    Andrew.
     
    Andrew Hodgson, Aug 24, 2004
    #3
  4. In
    Dale,

    In addition to the other requests for config info (which will greatly help),
    can you also post your AD DNS domain name as well please? That's your domain
    name that shows up in ADUC. With all this data, we can usually formulate a
    diagnosis in your scenario with 95% accuracy.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
     
    Ace Fekay [MVP], Aug 25, 2004
    #4
  5. Thanks for the help!!!!!

    ipconfig /all results on Domain Controller....
    Host Name: Server2
    Primary DNS Suffix: vicksburg.doi
    Node Type: Unknown
    IP routing enabled: No
    WINS Proxy enabled: No
    DNS Suffix Search list: vicksburg.doi

    Connection specific DNS suffix: vicksburg.doi
    Description: Intel Pro.........
    Physical address: xxxxxxxxxx
    DHCP Enabled: No
    IP address: 192.168.24.26
    Subnet mask: 255.255.255.0
    Default Gateway: 192.168.24.1
    DNS Servers: 192.168.24.26

    ipconfig /all results from client PC.....
    host name: gislabdell2
    Primary DNS Sufix:
    Node type: Unknown
    IP Routing enabled: No
    WINS Proxy enabled: No

    Connection specific DNS suffix: vicksburg.doi
    Description: 3COM..........
    Physical Address: xxxxxxxxxxxxx
    DHCP Enabled: No
    IP Address: 192.168.24.246
    Subnet Mask: 255.255.255.0
    Default Gateway: 192.168.24.1
    DNS Servers: 192.168.24.26
     
    Netware2Microsoft, Aug 25, 2004
    #5
  6. What would be the difference between:

    1.
    cname domain.com 10.0.0.1
    alias www domain.com

    2.
    cname domain.com 10.0.0.1
    cname www.domain.com 10.0.0.1

    Why would I choose one over the other? Is #2 faster? Noticable?
     
    [email protected], Aug 25, 2004
    #6
  7. Are there any event log details in DNS on your server that might shed a
    little light into this? Or for that matter on one of your clients?

    From your client, run NSLOOKUP and it *should* connect to your server
    (192.168.24.26) by default. If not, manually connect to it (server
    192.168.24.26) just do a set type=any and then vicksburg.doi and see what
    results are spat back.

    If you type in the nslookup prompt 'server2.vicksburg.doi' and you get the
    IP address returned... well then, I am stumped too :)
     
    TheSingingCat, Aug 25, 2004
    #7
  8. I did an NSlookup from the client PC and got the
    following:
    DNS request timed out
    Can't find server name for address 192.168.24.26
    Default servers are not available
    Default server: unknown
    Address: 192.168.24.26

    After typing set type=any, I received the following:
    Server: unknown
    Address: 192.168.24.26

    I did type ipconfig /registerdns and I'm waiting to see
    the event log for any errors.

    ?????
    Thanks again,
    Dale
     
    Netware2Microsoft, Aug 25, 2004
    #8
  9. In
    Don't use Cnames, that would be faster, Cnames require a second DNS lookup
    to resolve the record the Cname points to.
    Use "A" (address) records
    (same as parent folder) host 10.0.0.1
    www host 10.0.0.1

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 25, 2004
    #9
  10. In
    Your ipconfig looks good, can you post the domain name from AD Users &
    Computers and list the forward lookup zones in DNS?
    Your primary DNS suffix is vicksburg.doi, is that also the AD domain name
    and the name of the forward lookup zone in DNS?


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 26, 2004
    #10
  11. Hi Ns2Ms,

    Your client should definitely return the name of the server it just
    connected to (.26)
    In your case after the NSlookup, it should be:
    "Default Server: server2.vicksburg.doi"
    "Address: 192.168.24.26"

    Apparently something is incorrect and my guess now is it is with your DNS
    zone setup.

    Using the DNS mmc snap in, expand 'Server2' and then your zone
    'vicksburg.doi'
    Do you have records that say
    (same as parent) Name Server(NS) server2.vicksburg.doi
    server2 Host (A) 192.168.24.26

    Also, highlight your zone vicksburg.doi and go to Properties of it. In the
    'Name Servers Tab' do you have your server2.vicksburg.doi server listed here
    and it's correct IP? (192.168.24.26) ? If not, add it...

    Finally, if you want, copy your zone file and paste the contents to the NG.

    tsc
     
    TheSingingCat, Aug 26, 2004
    #11
  12. In
    In addition, post the name of your reverse lookup zone.

    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ================================================
    --
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ================================================
    http://www.lonestaramerica.com/
    ================================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ================================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ================================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 26, 2004
    #12
  13. In AD Users and Computers my domain is vicksburg.doi
    In AD Domain and Trusts my domain is vicksburg.doi

    In DNS for Server2 it looks like I have 2 forward lookup
    zones. One is _msdcs.vicksburg.doi and the other is
    vicksburg.doi.

    Under _msdcs.vicksburg.doi I have 4 folders and 3 other
    entries which are SOA, NS, and CNAME. The name of both
    the SOA and NS are "same as parent folder" with data
    entries of server2.vicksburg.doi. SOA has a [12] before
    the server. The data for CNAME is server2.vicksburg.doi
    but the name is some funky alphanumeric name "d9a76215-
    C751-41ed-xxxxxxxxxx"

    Under vicksburg.doi I have 5 folders, an _msdcs entry,
    plus SOA, NS, and 2 Host(A) entries. The SOA, NS, and 1
    of the Host(A) entries have the name "same as parent
    folder". The other Host(A) entry lists Server2 as the
    Name and 192.168.24.26 as the IP.

    The Reverse Lookup zone has the entry 192.168.24.xSubnet
    in AD-Integrated which is running.

    THanks for the time. Hope this helps you help me.

    Dale
     
    Netware2Microsoft, Aug 26, 2004
    #13
  14. In
    Is the PC on the same subnet as the DC/DNS server? If across a router, is
    there a firewall? If a firewall, may an EDNS0 issue.

    Also, is there any personal firewalls on the PC? If there were, and you
    uninstalled it, which brand and version?

    If XP, is ICF enabled?

    Any Event log errors on the PC or the DC/DNS server?

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services

    Security Is Like An Onion, It Has Layers
    HAM AND EGGS: A day's work for a chicken;
    A lifetime commitment for a pig.
     
    Ace Fekay [MVP], Aug 27, 2004
    #14
  15. Hi Dale,

    See inline responses....

    My spider sense is tingling on this one. I don't think directly under
    'Server2' you should have _msdcs.vicksburg.doi, but rather just one forward
    lookup zone 'vicksburg.doi'. I checked on mine and only have the one zone
    listed. When I expand my zone, then I have 'a _msdcs' folder

    If you expand your 'vicksburg.doi' zone, in there you should have the
    folders:
    _msdcs
    _sites
    _tcp
    _udp
    domaindnszones
    forestdnszones

    If you expand _msdcs, then you should see more of those 'funky'
    alphanumeric numbers (they are the guids of the server(s)) with an alias
    record (cname) and associated DC
    Again, this zone seems suspicious to me.
    What exactly are these 5 folder names you have listed? As mentioned, under
    my zone I have 6 folders total.
    This sounds right.
    How many entries do you have in your DNS zone in total? Not that this would
    be the cause of your problem, but what I'm eluding to here is that you
    delete all zones and recreate a clean AD integrated zone on the server as
    'vicksburg.doi' I actually had to do this on my main DC (it was AD
    integrated) and was able to setup the new zone in a matter of minutes. I
    only had about 15 or so entries I had to manually add.

    If you don't want to do that initially, I'd try scraping that other forward
    zone you have listed _msdcs.vicksburg.doi.. failing that, I'd recreate from
    scratch.

    tsc
     
    TheSingingCat, Aug 27, 2004
    #15
  16. HALLELUJAH!!!!!!!!!!!!!!!

    You guys have definitely given light to the lost!!!!!
    The more you started telling me my configurations look
    good, the more puzzled I got. I just figured I wasn't
    doing something right. Then ACE hit the nail on the head
    when asking about firewalls. BlackICE has been running
    on Server2 for some time and although I had trusted my
    IPs, BI was still blocking them. Once I turned it off
    and tried to join the domain on my client PC, it asked
    for username and password and connected. Now, I've got
    to figure out Login scripts and everything else that now
    goes along with Microsoft networks.

    Thanks Ace, Kevin, Andrew, & The Singing Cat for your
    time!!!!!

    Should I still try to use BlackICE behind my NAT router?

    Thanks again,
    Dale


     
    Netware2Microsoft, Aug 27, 2004
    #16
  17. HALLELUJAH!!!!!!!!!!!!!!!

    You guys have definitely given light to the lost!!!!!
    The more you started telling me my configurations look
    good, the more puzzled I got. I just figured I wasn't
    doing something right. Then ACE hit the nail on the head
    when asking about firewalls. BlackICE has been running
    on Server2 for some time and although I had trusted my
    IPs, BI was still blocking them. Once I turned it off
    and tried to join the domain on my client PC, it asked
    for username and password and connected. Now, I've got
    to figure out Login scripts and everything else that now
    goes along with Microsoft networks.

    Thanks Ace, Kevin, Andrew, & The Singing Cat for your
    time!!!!!

    Should I still try to use BlackICE behind my NAT router?

    Thanks again,
    Dale
     
    Netware2Microsoft, Aug 27, 2004
    #17
  18. Glad to hear you got it working, though hats off to Ace, I wouldn't have
    though BI would have caused you that grief. None the less, it's always a
    happy day when these issues get resolved via NGs rather than a $250 call to
    PSS :)

    As for running BI, well -- based on what you've just experiened, I'd say
    no - lol Unless you're able to pin-point the problem specifically with it.
    So long as you have a decent hardware router in front of your box , keep up
    w/updates, and run antivirus on your server, I wouldn't bother. As for the
    logon scripts and stuff, well that will seem like a cakewalk after this :)

    Have a good weekend!

    tsc
     
    TheSingingCat, Aug 27, 2004
    #18
  19. I'm afraid now after reading your other post this
    morning, that I may have more 'gobbly goop' in my forward
    zones than I actually need after many failed attempts to
    get this right. I may try to delete some of those zones
    and make mine look more like yours and see what happens.
    This was definitely a learning experience. You'll
    probably see more posts from me in the near future.
    Thanks.
    Dale
     
    Netware2Microsoft, Aug 27, 2004
    #19
  20. In


    My pleasure !
    But must admit, it was teamwork! Seemed everyone else covered just about
    everything else that could cause it... except 3rd party stuff.

    Use a firewall as the SingingCat mentioned. If you have an entry point
    firewall, that should take care of everything for the *most* part.

    :)

    Have a great weekend and a cold beer on me!


    Ace
     
    Ace Fekay [MVP], Aug 28, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.