Is this right?

  • Thread starter Thread starter James W. Long
  • Start date Start date
J

James W. Long

Hi all:

I installed DHCP and a second DNS server
onto our 2nd DC (in AD)
with our already integrated active directory dns server
on our 1st DC.

q: I specified two dns servers, (the ip's of our 2 dns
servers) in dhcp for the clients scope.
is this correct or should I put it back to one
dns server specified in DHCP?

(I bet just one, but I am making sure)

if just one dns server is specified in dhcp,
then how would the clients make use of the second
if the first is down? do a client reboot? hmm,....
seems silly. are we sure I want only 1 dns server,
and not my two which are in the same domain
and both use the same forwarders?


q: Should I see the cache in our new second
DNS server also? because I dont, I only
see my forward zone, my reverse zone and
the .net root servers.


q: I had to set up dns properties in the 2nd dns server
to match my first. looks ok to me, what do I know though.
is this normal? it doesnt get that setup from AD?

it didnt ask me any tree/forest questions. it just found my zones
and that was that, except for the cache zone not being populated
but mabe that will come in time. I only installed it an hour ago.
I did not create any zones.


anything more I can provide?


ipconfig on a client:

C:\Documents and Settings\jameslong>ipconfig/all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : rharris
Primary DNS Suffix . . . . . . . : dunhamshq.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : dunhamshq.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : dunhamshq.com
Description . . . . . . . . . . . : NETGEAR FA312 Fast Ethernet PCI
Ada
ter
Physical Address. . . . . . . . . : 00-A0-CC-A2-56-1C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.0.0.241
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.9
DNS Servers . . . . . . . . . . . : 10.0.0.2
10.0.0.9
Primary WINS Server . . . . . . . : 10.0.0.2
Secondary WINS Server . . . . . . : 10.0.0.9
Lease Obtained. . . . . . . . . . : Tuesday, January 25, 2005
10:38:24
M
Lease Expires . . . . . . . . . . : Tuesday, February 01, 2005
10:38:24
AM

C:\Documents and Settings\jameslong>




Thank you in advance!

James W. Long
 
James W. Long said:
Hi all:

I installed DHCP and a second DNS server
onto our 2nd DC (in AD)
with our already integrated active directory dns server
on our 1st DC.

q: I specified two dns servers, (the ip's of our 2 dns
servers) in dhcp for the clients scope.
is this correct or should I put it back to one
dns server specified in DHCP?
Click to expand...

It is correct (2) if you have BOTH DNS servers working.
(I bet just one, but I am making sure)
Click to expand...

Two is fine if they are both setup as DNS servers, and
you don't mix any external DNS servers in there.
if just one dns server is specified in dhcp,
then how would the clients make use of the second
if the first is down? do a client reboot? hmm,....
Click to expand...

They would not. You need both in there if they supply
DNS resolution.
seems silly. are we sure I want only 1 dns server,
and not my two which are in the same domain
and both use the same forwarders?
Click to expand...

That is generally correct two but you need both listed
on the clients.
q: Should I see the cache in our new second
DNS server also? because I dont, I only
see my forward zone, my reverse zone and
the .net root servers.
Click to expand...

The cache is only visible if the MMC is put into
advanced mode.

The cache is only populated is SOME clients are
looking up addresses (and thus populating the cache.)
q: I had to set up dns properties in the 2nd dns server
to match my first. looks ok to me, what do I know though.
is this normal? it doesnt get that setup from AD?
Click to expand...

No (or not always). The records get copied as part of
AD, but the zone is not always created automatically so
you must wait for the replication and then create the zone
if it doesn't appear automatically.
it didnt ask me any tree/forest questions. it just found my zones
and that was that, except for the cache zone not being populated
but mabe that will come in time. I only installed it an hour ago.
I did not create any zones.
Click to expand...

DNS doesn't have any tree or forest questions. DNS doesn't
even know about forests really and only knows trees through
the explicit delegation you do in parent zones to reach child
zones.
anything more I can provide?
Click to expand...
DNS Servers . . . . . . . . . . . : 10.0.0.2
10.0.0.9
Click to expand...

Your two DNS servers are listed above?

The following two commands should return some A
records:

nslookup dunhamshq.com 10.0.0.2
nslookup dunhamshq.com 10.0.0.9

(Ignore any initial error about not finding the server name,
which appears right after the nslookup command. IF the
real answer appears down below before the command
prompt returns you are fine.)

You can also run DCDiag on each DC to check them.
(Save the output to a file and search for FAIL, WARN,
ERROR.)
 
Herb Martin said:
It is correct (2) if you have BOTH DNS servers working.


Two is fine if they are both setup as DNS servers, and
you don't mix any external DNS servers in there.
Click to expand...


no external dns at all, only forwarders from these AD dns servers.


They would not. You need both in there if they supply
DNS resolution.


That is generally correct two but you need both listed
on the clients.
Click to expand...


Ok. its ok to have 2 listed. and I do. so I'm ok.


I just want to clarify:
The clients have them both listed.
will the clients will pick up dns resolution
from 10.0.0.9 if 10.0.0.2 was down
or visa versa?
The cache is only visible if the MMC is put into
advanced mode.
Click to expand...

I set it to advance to see it

The cache is only populated is SOME clients are
looking up addresses (and thus populating the cache.)
Click to expand...

more sites come into the cache as more time goes by, so it
is working.

I finally got our the win98 clients to register in DNS too.


No (or not always). The records get copied as part of
AD, but the zone is not always created automatically so
you must wait for the replication and then create the zone
if it doesn't appear automatically.
Click to expand...

They (the zones) appeared automatically.
DNS doesn't have any tree or forest questions. DNS doesn't
even know about forests really and only knows trees through
the explicit delegation you do in parent zones to reach child
zones.



Your two DNS servers are listed above?
Click to expand...

yes those are them.
The following two commands should return some A
records:

nslookup dunhamshq.com 10.0.0.2
nslookup dunhamshq.com 10.0.0.9
Click to expand...

yes:

C:\Documents and Settings\jameslong>nslookup dunhamshq.com 10.0.0.2
Server: dunhams01.dunhamshq.com
Address: 10.0.0.2

Name: dunhamshq.com
Addresses: 10.0.0.79, 10.0.0.2, 10.0.0.9


C:\Documents and Settings\jameslong>nslookup dunhamshq.com 10.0.0.9
Server: xcellenet.dunhamshq.com
Address: 10.0.0.9

Name: dunhamshq.com
Addresses: 10.0.0.79, 10.0.0.2, 10.0.0.9


C:\Documents and Settings\jameslong>

(10.0.0.79 is our 3rd DC in AD, it has no dns on it)
 
That is generally correct (two) but you need both listed
Ok. its ok to have 2 listed. and I do. so I'm ok.
Click to expand...

As long as they both would return the same (and correct)
info. So they need to be fully replicated and able to resolve
all internal (and any external names) you need to work --
probably forwarding for any external names.
I just want to clarify:
The clients have them both listed.
will the clients will pick up dns resolution
from 10.0.0.9 if 10.0.0.2 was down
or visa versa?
Click to expand...

Yes. The client will favor the first one listed by
may unpredictably use either -- thus the reason they
must both be correct.
I set it to advance to see it
Click to expand...

And it is generally irrelevant -- I almost never look
at the cache, now that I know it is there. Very seldom
I might just clear it if a problem is corrected that it
might still contain or hide.
more sites come into the cache as more time goes by, so it
is working.

I finally got our the win98 clients to register in DNS too.
Click to expand...

How?

Usually people use DHCP to do that.
They (the zones) appeared automatically.
Click to expand...

Then you can just use them.
yes those are them.


yes:
Click to expand...

Then it works (at least partically.)
C:\Documents and Settings\jameslong>nslookup dunhamshq.com 10.0.0.2
Server: dunhams01.dunhamshq.com
Address: 10.0.0.2

Name: dunhamshq.com
Addresses: 10.0.0.79, 10.0.0.2, 10.0.0.9


C:\Documents and Settings\jameslong>nslookup dunhamshq.com 10.0.0.9
Server: xcellenet.dunhamshq.com
Address: 10.0.0.9

Name: dunhamshq.com
Addresses: 10.0.0.79, 10.0.0.2, 10.0.0.9


C:\Documents and Settings\jameslong>

(10.0.0.79 is our 3rd DC in AD, it has no dns on it)
Click to expand...


But all DCs will be listed with the name of the Domain/Zone,
if they are registering themselves properly so that is a good
sign.

Do you have any problems now?

Can you pass DCDiag on each DC?
 
Herb Martin said:
As long as they both would return the same (and correct)
info. So they need to be fully replicated and able to resolve
all internal (and any external names) you need to work --
probably forwarding for any external names.


Yes. The client will favor the first one listed by
may unpredictably use either -- thus the reason they
must both be correct.


And it is generally irrelevant -- I almost never look
at the cache, now that I know it is there. Very seldom
I might just clear it if a problem is corrected that it
might still contain or hide.


How?

Usually people use DHCP to do that.
Click to expand...

yes, with dhcp, on the dns tab- register clents in dns.
I dont know if running WINS helps
but we are running WINS on 10.0.0.2 and 10.0.0.9
and they are wins replication partners.

now all my 98 boxes are visible in DNS, Finally.

Then you can just use them.


Then it works (at least partically.)



But all DCs will be listed with the name of the Domain/Zone,
if they are registering themselves properly so that is a good
sign.

Do you have any problems now?
Click to expand...
no DNS or DHCP related problems that I am able to detect
or that people have come to me with.
The event logs look good.
Information message in evant log for WINS that it could not
find any tombstoned records. information message for DHCP
says it it cleaning up multicasts zero were found,
and information message for DNS says it added the
other DNS server. been up with no actual error 1.5 days.
Can you pass DCDiag on each DC?
Click to expand...

yes flawlessly on 10.0.0.2 and 10.0.0.9
using just the basic command "dcdiag"


I could not run dcdiag on 10.0.0.79 because
dc diag is not installed there. its running terminal services
in application mode so I tried to install support tools from the
CD from control panel add-remove programs.

I got the folllowing error:
"the windows Installer service could not be accessed.
this can occur if you are running in safe mode
or if the windows installer is not corretly installed."

We arent in safe mode, it fully booted member dc running normally.

I looked in in services and sure enough the windows install service is not
running.
so I atttempted to start it and got the following error:

"Could not start the Windows Installer service on local computer
The service did not returen an error. this could be an internal windowns
error
or an internal service error."

so I cant install support tools to run dcdiag on that DC
dont know if you can help with that or not.
(dns/dhpc/wins dont run on that box).

Thank you for helping me to confim DNS/DHCP/WINS
are all working corrently.!!

James W. Long.
 
Dear Herb:

I did notice one thing which is odd in DNS.

both my forward and reverse zones have
multiple IP's assigned for the same host,
and this occurs for a few different hosts.

for instance it will say jdoe is 10.0.0.15
and so is jdandy in the foward zone.
like wise in the reverse zone.

my dhcp leases are 1 week,
and dns is scavenging every 7 days.

should I scavenge sooner or do something
different?

Thank you in advance!

James W. Long
 
I finally got our the win98 clients to register in DNS too.
yes, with dhcp, on the dns tab- register clents in dns.
I dont know if running WINS helps
but we are running WINS on 10.0.0.2 and 10.0.0.9
and they are wins replication partners.

now all my 98 boxes are visible in DNS, Finally.
Click to expand...

Actually WINS can help (not commonly known or
remembered) since even older clients can register
with WINS; DNS can use WINS integration to assist
it's resolution; and DNS even has a checkbox to
replicate such resolutions.
yes flawlessly on 10.0.0.2 and 10.0.0.9
using just the basic command "dcdiag"
Click to expand...

Then you are likely good.
I could not run dcdiag on 10.0.0.79 because
dc diag is not installed there. its running terminal services
in application mode so I tried to install support tools from the
CD from control panel add-remove programs.
Click to expand...

DCDiag can be run across the net if the DC can be found
(and authenticated) but I usually run it on each since I
need it most when there are problems with some such.
I got the folllowing error:
"the windows Installer service could not be accessed.
this can occur if you are running in safe mode
or if the windows installer is not corretly installed."
Click to expand...

There is a permission issue with Terminal Services, something
to do with the Special Groups or some such.
We arent in safe mode, it fully booted member dc running normally.
Click to expand...

It's may be interaction with Terminal Services; I have seen such
documented but don't fully remember.
I looked in in services and sure enough the windows install service is not
running.
so I atttempted to start it and got the following error:

"Could not start the Windows Installer service on local computer
The service did not returen an error. this could be an internal windowns
error
or an internal service error."

so I cant install support tools to run dcdiag on that DC
dont know if you can help with that or not.
(dns/dhpc/wins dont run on that box).
Click to expand...

You may have to go to the box to initially fix this.

You can try DCDiag from another box.
Thank you for helping me to confim DNS/DHCP/WINS
are all working corrently.!!
Click to expand...

Certainly. You are welcome.
 
James W. Long said:
Dear Herb:

I did notice one thing which is odd in DNS.

both my forward and reverse zones have
multiple IP's assigned for the same host,
and this occurs for a few different hosts.
Click to expand...

For forward zones this is not too bad. For reverse
zones it is worse.

Think of it this way, it doesn't matter if I look
up a name since I will get the correct IP or
it won't be the correct machine.

Only issue is if you try a MISSING machine but
end up working on a currently online machine
without realizing it.

Others have complained about this but I don't
know the sequence that causes it.

The second registration of the same name SHOULD
overwrite the first (or fail.)
for instance it will say jdoe is 10.0.0.15
and so is jdandy in the foward zone.
like wise in the reverse zone.
Click to expand...
my dhcp leases are 1 week,
and dns is scavenging every 7 days.

should I scavenge sooner or do something
different?
Click to expand...

I am in general against rapid scavenging. At
best it will hide the real problem. At worst it
causes problems for (WAN especially) DCs.
 
Back
Top