DNS Lookup Problem

Camilo · Feb 24, 2005

I have two Domain controllers Windows 20003 Server with Active directory,
and when they try to replicate the global catalog, show a problem with DNS
Lookup and could not replicate.

When I run nslookup over the server show te domain don´t exist.

I removed the DNS Service and reconfigure the server, but the problem
persist.

Thanks,

Camilo

Tony Eversole · Feb 24, 2005

You need to make sure that all the appropriate DNS records exist for the domain controllers. DNS should be running on both DCs and the domain controllers should be pointed to themself for DNS under TCP/IP. You may need to reboot the DCs to have them reregister the IPs in DNS or do an ipconfig/flushdns ipconfig/registerdns and net stop netlogon net start netlogon. I would also recommend your DNS zones be AD integrated.

--
Tony Eversole MCSE, MCSA, Net+, A+
I have two Domain controllers Windows 20003 Server with Active directory,
and when they try to replicate the global catalog, show a problem with DNS
Lookup and could not replicate.

When I run nslookup over the server show te domain don´t exist.

I removed the DNS Service and reconfigure the server, but the problem
persist.

Thanks,

Camilo

Herb Martin · Feb 24, 2005

Camilo said:
I have two Domain controllers Windows 20003 Server with Active directory,
and when they try to replicate the global catalog, show a problem with DNS
Lookup and could not replicate.

When I run nslookup over the server show te domain don´t exist.

I removed the DNS Service and reconfigure the server, but the problem
persist.

Start with the following, checking settings and running
the tools suggested will straighten out most DNS
problems with DNS and that will fix most failure to
authenticate or replicate problems as well:

--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server

C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

Ace Fekay [MVP] · Feb 25, 2005

In

Camilo said:
I have two Domain controllers Windows 20003 Server with Active
directory, and when they try to replicate the global catalog, show a
problem with DNS Lookup and could not replicate.

When I run nslookup over the server show te domain don´t exist.

I removed the DNS Service and reconfigure the server, but the problem
persist.

Thanks,

Camilo

This is a very very common problem where you may have your machines
configured to use an ISP's DNS server in IP properties. If this is so,
remove the ISP's entries in your IP properties (from ALL machine, DCs,
member servers and clients), and only point to your internal servers ONLY.
Then configure a forwarder to your ISP's DNS. If the forwarding option is
grayed out, delete the Root zone, refresh the console, and then it will be
available. If you have any questions on how to delete the Root zone or
configure a forwarder, this article shows you how:
http://support.microsoft.com/?id=300202

If this does not fix the issue, then there is another configuration issue.
If so, please post an ipconfig /all of your domain controller(s) to get a
more accurate picture of your configuration to better assist and give you a
more specific diagnosis and prognosis.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

Camilo · Mar 4, 2005

Many Thanks for your help, with the command DCDIAG /FIX and NETDIAG /fix I
resolve my problem.

Herb Martin said:
Camilo said:

I have two Domain controllers Windows 20003 Server with Active directory,
and when they try to replicate the global catalog, show a problem with
DNS
Lookup and could not replicate.

When I run nslookup over the server show te domain don´t exist.

I removed the DNS Service and reconfigure the server, but the problem
persist.

Click to expand...

Start with the following, checking settings and running
the tools suggested will straighten out most DNS
problems with DNS and that will fix most failure to
authenticate or replicate problems as well:

--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

...or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]

DNS Lookup Problem

Camilo

Tony Eversole

Herb Martin

Ace Fekay [MVP]

Camilo