2000 ad and dns structure

[Guest]

I just started working at a school in california as a nettech and have been
getting misc. dns errors about not finding the domain controller name. This
gets registered on all the xp machines I have seen. So I did an nslookup and
it says "cant find server name for address 10.x.x.x non-existant domain. Then
it finds the district offices ns server and sees it as its default....
I talked to the district tech that sets everything up and the way he did it
is. He created his first domain controller that runs dns. then another one at
district that is set as a secondary dns and additional dc. Then at all the
other campuses which are connected with 2 t1 each to the district. They have
at least 2 ad server at each site and one running dns as secondary. As far as
I know all the site techs have the same problem where their dns servers dont
reply under nslookup but the main district ns server does.Each site servers
dns point to the district and the clients dns point to the site servers.
My question is is this the correct way to do it.

 

[Ace Fekay [MVP]]

In

I just started working at a school in california as a nettech and
have been getting misc. dns errors about not finding the domain
controller name. This gets registered on all the xp machines I have
seen. So I did an nslookup and it says "cant find server name for
address 10.x.x.x non-existant domain. Then it finds the district
offices ns server and sees it as its default....
I talked to the district tech that sets everything up and the way he
did it is. He created his first domain controller that runs dns. then
another one at district that is set as a secondary dns and additional
dc. Then at all the other campuses which are connected with 2 t1 each
to the district. They have at least 2 ad server at each site and one
running dns as secondary. As far as I know all the site techs have
the same problem where their dns servers dont reply under nslookup
but the main district ns server does.Each site servers dns point to
the district and the clients dns point to the site servers.
My question is is this the correct way to do it.

Correct way to do it? You didn't provide config info about all of your DCs
or your clients to accurately answer that question. Basically it's
recommended to use AD integrated zones. DCs in each location should point to
the local DNS servers in that location in their IP properties. Do not use
any ISP's DNS addresses in ANY machine (DCs, clients and member servers) to
insure proper AD functionality.

But if the only thing you are concerned with the nslookup "message" (note:
it's just a message, not an error), that;s just saying at nslookup's
intialization time, it could not give you the name of your DNS server that
is set in it;s IP properties. Why? Because either there is no reverse zone
created, or there is no PTR entry for the DNS server(s) in your reverse
zone. So obviously make sure you have a reverse zone created and a PTR entry
for your DNS servers if you do not want to see that "message".

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

I just started working at a school in california as a nettech and
have been getting misc. dns errors about not finding the domain
controller name. This gets registered on all the xp machines I have
seen. So I did an nslookup and it says "cant find server name for
address 10.x.x.x non-existant domain.

In addition to what Ace said, this is just an nslookup thing, nslookup wants
to perform a reverse lookup for the DNS server it uses.
It is not the same as not being able to find the Domain Controller's name.
It gets the domain controllers name from the SRV records in the AD domain
zone. As long as the client is using a DNS server that finds the AD domain
in DNS, it is not a problem. If you are having long start up and logon
issues that is a problem, because it is not getting the domain controller's
name from DNS.
So is this just the nslookup thing, or are you having logon issues because
it can't find the AD domain name in DNS?

 

[Guest]

In addition to what Ace said, this is just an nslookup thing, nslookup wants
to perform a reverse lookup for the DNS server it uses.
It is not the same as not being able to find the Domain Controller's name.
It gets the domain controllers name from the SRV records in the AD domain
zone. As long as the client is using a DNS server that finds the AD domain
in DNS, it is not a problem. If you are having long start up and logon
issues that is a problem, because it is not getting the domain controller's
name from DNS.
So is this just the nslookup thing, or are you having logon issues because
it can't find the AD domain name in DNS?

thanks guys sorry i didnt give enought info. It is active directory
integrated dns. There are no reverse lookups at the site dns servers. My XP
machines do experience sporatic long logins, only some user accounts though,
some users even though the profile is stored locally take about 9-15 seconds
to login while a couple others just go right in. There is no difference in
these accounts that points to why one would go in fast and not the others.

 

[Kevin D. Goodknecht Sr. [MVP]]

thanks guys sorry i didnt give enought info. It is active directory
integrated dns. There are no reverse lookups at the site dns servers.
My XP machines do experience sporatic long logins, only some user
accounts though, some users even though the profile is stored locally
take about 9-15 seconds to login while a couple others just go right
in. There is no difference in these accounts that points to why one
would go in fast and not the others.

Make sure all member machines use only the internal IP of your AD DNS
server, period!


If you will create a reverse lookup zone and PTR the nslookup thing will
stop.