Dynamic DNS fails - everything else works

  • Thread starter Thread starter Gerry Hickman
  • Start date Start date
G

Gerry Hickman

Hi,

Win2k servers, internal DNS with forwarders, AD native mode,
Servers are NOT running in AD mode, they're in primary mode (text files)
Zone is set to allow D-DNS
Win2k clients, static IPs, no DHCP, set to autoregister

About 4 weeks ago, our D-DNS suddenly stopped working. The DNS itself is
fine and very fast, it just won't automatically create A records in the
"forward lookup zone" for new (or renamed) Win2k clients. It does, however,
automatically create PTR records?!

(I'm not aware of any config changes 4 weeks back, but we have been doing a
lot of patching).

After rebooting a newly built (or renamed) client, we get a "dnsapi" warning
in the system log of the client saying the update failed. The D-DNS server
log indicates the client never even tried to contact it. Part of the
client's event error says "Update sent to server: None".

Tests with NSLOOKUP indicate the SOA is fine, and obviously the clients have
the correct DNS IP addresses.

I cannot think of a way to get detailed logging on the client?

After reading some of the docs on D-DNS, it seems the client uses the "DHCP
client" to initiate dynamic update?? I've no idea how to test the
interaction between this DHCP client and the D-DNS server? We're not running
a DHCP server.

Any ideas?

Here's the header from the Event log warning we get on the clients:

The system failed to register network adapter with settings:

Adapter Name : {41154863-3477-4233-BFD1-6D22BBB63DF0}
Host Name : WS60
Adapter-specific Domain Suffix : centerad
DNS server list :
10.82.37.145, 10.82.37.146
Sent update to server : None
IP Address(es) :
10.82.33.53
 
In
Gerry Hickman said:
Hi,

Win2k servers, internal DNS with forwarders, AD native mode,
Servers are NOT running in AD mode, they're in primary mode (text
files) Zone is set to allow D-DNS
Win2k clients, static IPs, no DHCP, set to autoregister

About 4 weeks ago, our D-DNS suddenly stopped working. The DNS itself
is fine and very fast, it just won't automatically create A records
in the "forward lookup zone" for new (or renamed) Win2k clients. It
does, however, automatically create PTR records?!

(I'm not aware of any config changes 4 weeks back, but we have been
doing a lot of patching).

After rebooting a newly built (or renamed) client, we get a "dnsapi"
warning in the system log of the client saying the update failed. The
D-DNS server log indicates the client never even tried to contact it.
Part of the client's event error says "Update sent to server: None".

Tests with NSLOOKUP indicate the SOA is fine, and obviously the
clients have the correct DNS IP addresses.

I cannot think of a way to get detailed logging on the client?

After reading some of the docs on D-DNS, it seems the client uses the
"DHCP client" to initiate dynamic update?? I've no idea how to test
the interaction between this DHCP client and the D-DNS server? We're
not running a DHCP server.

Any ideas?

Here's the header from the Event log warning we get on the clients:

The system failed to register network adapter with settings:

Adapter Name : {41154863-3477-4233-BFD1-6D22BBB63DF0}
Host Name : WS60
Adapter-specific Domain Suffix : centerad
DNS server list :
10.82.37.145, 10.82.37.146
Sent update to server : None
IP Address(es) :
10.82.33.53
Click to expand...

You probably applied SP4, Acoording to what I can see here you domain is a
single label name (domain vs. domain.com) (this is the best I can tel sisnce
you did not post an unedited ipconfig /all) Win2k starting with SP4 cannot
register in single label names (TLD) make the registry entry from the KB
below to *ALL* machines you have applied SP4 to.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&FR=1

If your domain is not as I described please post back with an ipconfig /all
for the DC and client.

Incedentally, AD integrated zones are recommended because they are more
secure than standard primary zones.
 
In
Gerry Hickman said:
Hi,

Win2k servers, internal DNS with forwarders, AD native mode,
Servers are NOT running in AD mode, they're in primary mode (text
files) Zone is set to allow D-DNS
Win2k clients, static IPs, no DHCP, set to autoregister

About 4 weeks ago, our D-DNS suddenly stopped working. The DNS itself
is fine and very fast, it just won't automatically create A records
in the "forward lookup zone" for new (or renamed) Win2k clients. It
does, however, automatically create PTR records?!

(I'm not aware of any config changes 4 weeks back, but we have been
doing a lot of patching).

After rebooting a newly built (or renamed) client, we get a "dnsapi"
warning in the system log of the client saying the update failed. The
D-DNS server log indicates the client never even tried to contact it.
Part of the client's event error says "Update sent to server: None".

Tests with NSLOOKUP indicate the SOA is fine, and obviously the
clients have the correct DNS IP addresses.

I cannot think of a way to get detailed logging on the client?

After reading some of the docs on D-DNS, it seems the client uses the
"DHCP client" to initiate dynamic update?? I've no idea how to test
the interaction between this DHCP client and the D-DNS server? We're
not running a DHCP server.

Any ideas?

Here's the header from the Event log warning we get on the clients:

The system failed to register network adapter with settings:

Adapter Name : {41154863-3477-4233-BFD1-6D22BBB63DF0}
Host Name : WS60
Adapter-specific Domain Suffix : centerad
DNS server list :
10.82.37.145, 10.82.37.146
Sent update to server : None
IP Address(es) :
10.82.33.53
Click to expand...

Oh yea, just to add, whether you use DHCP or not, the DHCP client service is
responsible for DDNS registration and cannot be disabled.
 
I'm a bit confused as to how they define "Single Label", next two lines are
an extract from the article above:

"DNS names that do not include a period ("dot", ".") are said to be
single-label (for example, com, net, org, bank, companyname) and cannot be
registered on the Internet with most Internet authorities."

I find the examples odd? "companyname" makes sense, but what do they mean by
"com", "net", "org"??

Are they saying mycompany.local is also a "Single label" domain?
 
In
Gerry Hickman said:
I'm a bit confused as to how they define "Single Label", next two
lines are an extract from the article above:

"DNS names that do not include a period ("dot", ".") are said to be
single-label (for example, com, net, org, bank, companyname) and
cannot be registered on the Internet with most Internet authorities."

I find the examples odd? "companyname" makes sense, but what do they
mean by "com", "net", "org"??

Are they saying mycompany.local is also a "Single label" domain?
Click to expand...

No, mycompany.local would be a legal DNS name, not on the internet, it would
be OK for a local network. ".com", ".org", and ".net" are examples of legal
internet Top Level Domains (TLDs) .local does not have a NS in the not
therefore would not be a usable internet TLD.
 
Back
Top