Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0

    DNS configuration help


    I'm pretty new to Actice Directory and am having some problems configuring my domain for a home network environment. Looking to run a .net enabled webserver for personal use, nothing critical.

    As far as internet access goes, I don't care to use the server to run my internet access (for the clients) through.. I'm happy to leave that to my router... basically I don't really care either way.

    Setup:

    Windows 2003 Server
    Server is behind a router which has my server statically binded (via dhcp) to 192.168.0.100

    I went through the steps listed in documentation to configure DNS and when I went to verify the server configuration, both of the queries checked out okay.

    Next it asked me to verify DNS server responsiveness using the nslookup command.

    So i ran nslookup 192.168.0.100 127.0.0.1

    and got:

    Server: localhost
    Address: 127.0.0.1

    *** localhost can't find 192.169.0.100: Non-existent domain

    Not sure how to proceed and what I should do to determine the problem.

    I do have a couple other questions as well... since I've statically assigned the IP for the server via my router, should I set the server to automatically grab IP/subnet/gateway information?

    Also, for primary/alternate DNS, should I have my server automatically grab those from my router? Or is it important for me to assign them here and if so, should I be using localhost (127.0.0.1) as primary and my router (which will forward the dnds requests to my isp I presume)?

    I'm sort of overwhelmed, so any ideas or resources that might be of use here would be appreciated.

    Thanks.

    Comments on this post

    • haid disagrees
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    I should also add, I get the following warning in the event log...

    -----
    (Source: netlogon)

    Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.testdomain.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

    Possible causes of failure include:
    - TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
    - Specified preferred and alternate DNS servers are not running
    - DNS server(s) primary for the records to be registered is not running
    - Preferred or alternate DNS servers are configured with wrong root hints
    - Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

    USER ACTION
    Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt or by restarting Net Logon service. Nltest.exe is available in the Microsoft Windows Server Resource Kit CD.

    -----

    When I statically set the IP/subnet/dns servers in TCP/IP I get this warning:

    (Source: LsaSrv)

    The Security System could not establish a secured connection with the server DNS/00-server.nonetwork.local. No authentication protocol was available.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  4. #3
  5. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    It's important that you make sure that the primary DNS server points to itself - ie 127.0.0.1. A server with AD installed must use its own DNS server - pointing it to the router won't help because the router will only forward requests to the ISP. The server should be completely static - IP address, default gateway and DNS servers.

    If you need to be able to translate Internet domain names using the internal DNS server you can setup forwarders so that the DNS server will automatically forward anything external to your ISPs DNS servers.

    Once you've set the DNS server as itself, I think the original problem may disappear.
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Yes, I had the primary setup like that (at one point anyways, and I set it up again)...

    the secondary is pointing to my router...

    nslookup serverip localhost

    still fails...

    Error message is in the DNS Server section of the event log:

    ----

    DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.

    If this DNS server does not have any DS-integrated peers, then this error
    should be ignored.

    If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.

    To ensure proper replication:
    1) Find this server's Active Directory replication partners that run the DNS server.
    2) Open DnsManager and connect in turn to each of the replication partners.
    3) On each server, check the host (A record) registration for THIS server.
    4) Delete any A records that do NOT correspond to IP addresses of this server.
    5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
    6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  8. #5
  9. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    Can you try pinging the domain name and the computer name from the command prompt? Also what happens why you do an nslookup ipaddress?
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Here's what I can do..

    From the Domain Controller:

    I can ping every other computer on the network via IP.

    I can ping the domain name: mycompany.local

    I can ping the computer name: server (and the fully resolved server.mycompany.local)

    NSlookup:

    - when I run nslookup 192.168.0.100 (DC's IP) I get a non-existent domain response.
    - when I run nslookup (computername OR domain name) it returns what is expected (it lists server/address and name/address)
    - when I run nslookup (computername OR domian name) 127.0.0.1 it returns what is expected (or at least I assume what is expected):

    Server: localhost
    Address: 127.0.0.1

    Name: server.mycompany.local
    Address: 192.168.0.100

    From a client machine:

    I can ping the Domain Controller via IP, via computer name and via domain name.
  12. #7
  13. Retired Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    London, UK
    Posts
    6,669
    Rep Power
    147
    This is really difficult to troubleshoot without actually being at the computer.

    What I suggest you do is to do some research on the Internet about all of this - http://labmice.techtarget.com/ is a good place to start.

    Also, Windows 2003 comes with a nice wizard which should be able to setup a basic network with AD/DNS etc for you. When you've just installed Windows (a clean install) if you open up Manage Your Server you should find somewhere an option to install software for the first server on the network, which I think is exactly what you are trying to do manually.
  14. #8
  15. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    172
    I previously ignored this topic cause it was a MS DNS Server question, but if you can figure out the actual configuration part, I can tell you what's wrong and the theory behind fixing it. But for me to do that, I must know exactly what is going on. I'm going to give you instructions to follow so that I can determine for myself what's going on rather than rely on you knowing what you're talking about (no offense, people make mistakes). For now, please limit your replies to exactly what I ask of you.

    First I want to verify that the DNS server is actually running and the computer configured correctly. From previous posts you say that the LAN IP of your dns server is 192.168.0.100. I want you to get on that computer locally and execute the following commands at the DOS prompt.

    C:\>netstat -an | find ":53" > C:\netstat.txt
    C:\>ipconfig /all > C:\ipconfig.txt

    The above 2 commands created 2 files. Please attach these files to your next post. Also tell me in your reply what domains you have hosted on the DNS server.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Originally Posted by edwinbrains
    Also, Windows 2003 comes with a nice wizard which should be able to setup a basic network with AD/DNS etc for you. When you've just installed Windows (a clean install) if you open up Manage Your Server you should find somewhere an option to install software for the first server on the network, which I think is exactly what you are trying to do manually.
    That's what I've been using... the wizard, unfortunately for me, isn't idiot proof .
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Originally Posted by SilentRage
    First I want to verify that the DNS server is actually running and the computer configured correctly. From previous posts you say that the LAN IP of your dns server is 192.168.0.100. I want you to get on that computer locally and execute the following commands at the DOS prompt.

    C:\>netstat -an | find ":53" > C:\netstat.txt
    C:\>ipconfig /all > C:\ipconfig.txt

    The above 2 commands created 2 files. Please attach these files to your next post. Also tell me in your reply what domains you have hosted on the DNS server.
    Here you go. I did a reinstall between my last post and this one and used a new dns and computer name, but everything else is the same (and still having the same problem with nslookup).

    And thank you to all who have responded so far, I appreciate the time.
    Attached Files
  20. #11
  21. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    172
    You did not tell me what domain is hosted on the server. But I guess that does not matter since it is a reverse zone for 192.169.0.100 that you are trying to get working. That is good enough. Execute this at the DOS prompt on the 192.168.0.100 machine:

    C:\>nslookup 192.168.0.100 > C:\nslookup.txt

    attach that file in your next post.

    Comments on this post

    • haid agrees : Dude, you seriously need some rep.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Originally Posted by SilentRage
    You did not tell me what domain is hosted on the server. But I guess that does not matter since it is a reverse zone for 192.169.0.100 that you are trying to get working. That is good enough. Execute this at the DOS prompt on the 192.168.0.100 machine:

    C:\>nslookup 192.168.0.100 > C:\nslookup.txt

    attach that file in your next post.
    Sorry, I might not always understand what you're asking for.

    Here is the attached file, but I will paste something else in the message here since it seemed important. This is the command prompt text that went along with the nslookup.

    ------
    C:\>nslookup 192.168.0.100 > c:\nslookup.txt
    *** localhost can't find 192.168.0.100: Non-existent domain

    C:\>
    ------
    Attached Files
  24. #13
  25. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    172
    Well that's curious. nslookup must've printed that out STDERR instead of STDOUT. Thanks for showing me. We've gathered enough information to know that you have not setup a reverse zone on the dns server. In the Microsoft DNS Manager you can create forward and reverse zones. You need to create a reverse zone for "192.168.0". Then in the zone file you need to create a PTR (Domain Pointer) record for "100". This is the part where I just gave you the theory to fixing the problem, and you will have to figure out how to actually do it.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
  26. #14
  27. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2004
    Posts
    8
    Rep Power
    0
    Thanks, I was able to create a pointer for the DC and successfully went thorugh the rest of the "verification" process that the AD/DNS configuration wizard had.

    I understand what the reverse lookup zone is doing, but what kind of resources will make use of them? Is it likely that client machines in the domain will need to be setup this way as well (I was kind of hoping to use dhcp to dynamically assign client IPs as I'm sometimes adding and removing a system to the domain).

    Thanks for your help!
  28. #15
  29. DNS/BIND Guru
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2003
    Location
    OH, USA
    Posts
    4,266
    Rep Power
    172
    "what kind of resources will make use of [reverse pointers]?"

    The most common "resource" is mail servers verifying the professionalism of a mail client. If the reverse pointer is not properly setup then it might refuse to deliver the mail thinking that it was a spammer who was sending it. Other than that, there are various things that test whether something is valid by having a proper PTR record - like that AD/DNS process you told me about.

    It's a generally good idea to setup a PTR record for every IP you own.
    Send me a private message if you would like me to setup your DNS for you for a price of your choosing. This is the preferred method if your DNS needs to be fixed/setup fast and you don't have the time to bounce messages back and forth on a forum. Also, check out these links:

    Whois Direct | DNS Crawler | NS Trace | Compare Free DNS Hosts
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo