DNS

Michael S. Androsov · Nov 18, 2003

I have DNS server on Windows Server 2000 (SP4) &
forwarding settings on other server. I received next
message in Event Log:
Source: DNS
ID: 7063
The DNS-server is adjusted on transfer to not recursive
DNS-server on "...".
DNS-servers in the list of transfer to be OBLIGED are
adjusted on processing of recursive inquiries.

But my server from list is recursive!

What's is a problem?

Michael S. Androsov
EXPOCENTR

Kevin D. Goodknecht [MVP] · Nov 18, 2003

In

Michael S. Androsov said:
I have DNS server on Windows Server 2000 (SP4) &
forwarding settings on other server. I received next
message in Event Log:
Source: DNS
ID: 7063
The DNS-server is adjusted on transfer to not recursive
DNS-server on "...".
DNS-servers in the list of transfer to be OBLIGED are
adjusted on processing of recursive inquiries.

But my server from list is recursive!

What's is a problem?

Michael S. Androsov
EXPOCENTR

Have you verified that the ISP's DNS server you are using can do recursive
lookups?
Run nslookup with the set d2 option against the DNS address in the event to
see if it answers
want recursion, recursion avail

Michael S. Androsov · Nov 19, 2003

-----Original Message-----
In Michael S. Androsov <[email protected]> posted a question
Then Kevin replied below:

Have you verified that the ISP's DNS server you are using can do recursive
lookups?
Run nslookup with the set d2 option against the DNS address in the event to
see if it answers
want recursion, recursion avail

.

I'm using next model dns servers:
Internal External
primary 10.1.0.2 --- forward ---> 10.1.0.8
secindary ISP provider

What's I must be verified in this situation?

Michael S. Androsov
EXPOCENTR

Kevin D. Goodknecht [MVP] · Nov 19, 2003

In

I'm using next model dns servers:
Internal External
primary 10.1.0.2 --- forward ---> 10.1.0.8
secindary ISP provider

What's I must be verified in this situation?

Michael S. Androsov
EXPOCENTR

Verify that all forwarders can do recursive lookups.
do this: nslookup -d2
Run a query against all DNS servers in the forwarding path and watch the
answer section it will have want recursion, recursion avail if the server is
capable of recursive lookups.
By the way, in an AD enviornment you must not use your ISP's DNS in your NIC
in any position, this will cause errors and or poor network performance.

Michael S. Androsov · Nov 20, 2003

-----Original Message-----
In Michael S. Androsov <[email protected]> posted a question
Then Kevin replied below:

Verify that all forwarders can do recursive lookups.
do this: nslookup -d2
Run a query against all DNS servers in the forwarding path and watch the
answer section it will have want recursion, recursion avail if the server is
capable of recursive lookups.
By the way, in an AD enviornment you must not use your ISP's DNS in your NIC
in any position, this will cause errors and or poor network performance.

.

I doing that all. My server 10.1.0.8 (from list) has
recursive.

nslookup -d2
In comand prompt I typed:
10.1.0.8 (this is my forward server)
Next full screen log:

----------
ndRequest(), len 39
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
2.0.1.10.in-addr.arpa, type = PTR, class = IN

----------
----------
t answer (86 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 2, authority records =
0, additional = 0

QUESTIONS:
2.0.1.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 2.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 21
name = expo05.expocentr.ru
ttl = 3600 (1 hour)
-> 2.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 2
name = expocentr.ru
ttl = 3600 (1 hour)

----------
fault Server: expo05.expocentr.ru
dress: 10.1.0.2

10.1.0.8
rver: expo05.expocentr.ru
dress: 10.1.0.2

----------
ndRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
8.0.1.10.in-addr.arpa, type = PTR, class = IN

----------
----------
t answer (90 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 2, authority records =
0, additional = 0

QUESTIONS:
8.0.1.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 8.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 18
name = www.expocentr.ru
ttl = 3600 (1 hour)
-> 8.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 9
name = expo03.expocentr.ru
ttl = 3600 (1 hour)

----------
me: www.expocentr.ru
dress: 10.1.0.8

Michael S. Androsov
EXPOCENTR

Kevin D. Goodknecht [MVP] · Nov 20, 2003

In

Michael S. Androsov said:
I doing that all. My server 10.1.0.8 (from list) has
recursive.

nslookup -d2
In comand prompt I typed:
10.1.0.8 (this is my forward server)
Next full screen log:

----------
ndRequest(), len 39
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
2.0.1.10.in-addr.arpa, type = PTR, class = IN

----------
----------
t answer (86 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 2, authority records =
0, additional = 0

QUESTIONS:
2.0.1.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 2.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 21
name = expo05.expocentr.ru
ttl = 3600 (1 hour)
-> 2.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 2
name = expocentr.ru
ttl = 3600 (1 hour)

----------
fault Server: expo05.expocentr.ru
dress: 10.1.0.2

10.1.0.8
rver: expo05.expocentr.ru
dress: 10.1.0.2

----------
ndRequest(), len 39
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records =
0, additional = 0

QUESTIONS:
8.0.1.10.in-addr.arpa, type = PTR, class = IN

----------
----------
t answer (90 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: response, auth. answer, want
recursion, recursion avail.
questions = 1, answers = 2, authority records =
0, additional = 0

QUESTIONS:
8.0.1.10.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 8.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 18
name = www.expocentr.ru
ttl = 3600 (1 hour)
-> 8.0.1.10.in-addr.arpa
type = PTR, class = IN, dlen = 9
name = expo03.expocentr.ru
ttl = 3600 (1 hour)

----------
me: www.expocentr.ru
dress: 10.1.0.8

Michael S. Androsov
EXPOCENTR

Both of your DNS servers are recursive, the one you want to look at is the
one listed in the error. Is the one in the error listed as a forwarder in
your DNS servers?
From your original post you have this:

The DNS-server is adjusted on transfer to not recursive
DNS-server on "...".

The IP for "...". is the non-recursive DNS, is that one of your forwarders?

Michael S. Androsov · Nov 21, 2003

-----Original Message-----
In Michael S. Androsov <[email protected]> posted a question
Then Kevin replied below:

Both of your DNS servers are recursive, the one you want to look at is the
one listed in the error. Is the one in the error listed as a forwarder in
your DNS servers?
From your original post you have this:
The IP for "...". is the non-recursive DNS, is that one of your forwarders?

.

Yes. My forwaring list have single record: 10.1.0.8.

Michael S. Androsov
EXPOCENTR

DNS

Michael S. Androsov

Kevin D. Goodknecht [MVP]

Michael S. Androsov

Kevin D. Goodknecht [MVP]

Michael S. Androsov

Kevin D. Goodknecht [MVP]

Michael S. Androsov