which dns records should be present

Discussion in 'DNS Server' started by Bonno Bloksma, May 17, 2010.

  1. Hi,

    Trying to track down some wierd AD replication problem that may be dns related.
    I've seen some wierd records that should not be there like 192.168.x.y records where we don't use
    those ranges, but... that might be due to VPN connected computers registering their local ip number.

    Right now I'm looking at all the domain A records for the domains we have.
    Where can I find documentation which records should be present for Domain controlers and dns
    servers?
    Looking at a domain it has several A records, should those only be the current DCs for that domain?
    Or might there be other ip-numbers listed as well?
    Which records should be listed at _msdc.rootdomain
    Stuff like that I need to find the documentation for, but so far I have not found it. My searches
    either show up to much noice or non relevant documents. :-(

    Bonno Bloksma
     
    Bonno Bloksma, May 17, 2010
    #1
    1. Advertisements

  2. Bonno Bloksma

    Chris Dent Guest

    Hi Bonno,
    The records listed in %SystemRoot%\System32\config\netlogon.dns will be
    registered in DNS. Registration of service records can be controlled
    using Group Policy (Computer Configuration \ System \ Net Logon \ DC
    Locator DNS Records).

    You should also have Host (A) records for the server name itself.
    No, you should only have the DCs listed there (used for group policy and
    DFS processing).
    See netlogon.dns above.

    Chris
     
    Chris Dent, May 17, 2010
    #2
    1. Advertisements

  3. In addition to Chris' response, if you are not sure of the correct
    records, which the netlogon.dns file should provide, rename the
    netlogon.dns and netlogon.dnb records by placeing '.old' on the end of
    them, then run the following:

    ipconfig /registerdns
    net stop netlogon
    net start netlogon

    This will recreate the files and register that data into DNS.

    This is provided that of course, the domain is not a single label
    name. I'm prompted to state that since you've stated your _msdcs name
    is "_msdcs.rootdomain." It should be in at least the form of
    'rootdomain.local,' 'rootdomain.com,' etc.

    The netlogon service will read the data that it created in the
    netlogon.dns file, look at the Primary DNS Suffix zone name, then send
    the data in the file to the DNS address configured in NIC properties
    to register that data into the zone name that matches the Primary DNS
    Suffix. This is the basis of AD DNS SRV registration. As I said, if it
    is a single label name, expect problems. If using an ISP or the router
    as a DNS address, expect problems. If the Primary DNS Suffix does not
    match the AD zone name, (called a disjointed namespace), expect
    problems.

    If you are having any issues with AD, please post the eventID# and
    Source names to better help. Also, an ipconfig /all will help.

    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
     
    Ace Fekay [MVP - Directory Services, MCT], May 17, 2010
    #3
  4. Hi,
    Debugged a few old stale records and decided to give the server a restart this morning. Now I'm
    realy baffled. I have errors in my system event logs stating the server could not update it's dns
    records at server 77.222.73.2 but... that server is nowhere in my dns server list. It is in fact not
    even an internal dns server, nor is it mine. I've checked the dns server config on the NIC, I've ran
    an ipconfig/all command and that server is listed nowhere in my config, not even as a WINS server.
    What the heck is going on?

    Where do I start debugging this? How can Windows try to updates it's dns records on a server nowhere
    in my config? Are there any other places dns servers might be listed?

    Bonno Bloksma
     
    Bonno Bloksma, May 18, 2010
    #4
  5. Bonno Bloksma

    Chris Dent Guest

    Hi Bonno,

    When a server considers how to update DNS it first looks up the SOA
    record for the zone (because that tells it where to find a writeable
    version of the zone). This is done for Host (A), Domain Pointer (PTR -
    Reverse Lookup), and the service records.

    I guarantee that the address you've found is the result of a query for
    an SOA record. Either because DNS servers have been incorrectly assigned
    to the interface (systems on an AD domain must only point to DNS servers
    that can answer for the DNS domain name(s)), or because you don't have a
    reverse lookup zone (as that's the most likely to be missing).

    If you want to test this out, for forward lookup:

    nslookup -q=soa somedomain.com

    And for reverse lookup (IP is written in reverse, so this would apply to
    1.2.3.x Subnet):

    nslookup -q=soa 3.2.1.in-addr.arpa

    If you find that you don't have the reverse lookup zone, adding one will
    fix the registration error there.

    Chris
     
    Chris Dent, May 18, 2010
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.