New AD DNS Configuration Question

[Cody Lewis]

My question is simple, is DNS installed correctly and integrated into AD?

I added a DC to the domain, I then installed DNS. The current DNS servers
are AD integrated. After the install (add remove windows componets) I see in
dnsmgmt, in the left hand side DNS, SERVERNAME, FORWARD LU ZONES, REVERSE LU
ZONES, EVENT VIEWER. however in the right hand side I see a message:

THE Domain Name System (DNS) is a hierarchical naming system.....blah blah
blah

The DNS server has not been configured. Configuration includes creating a
forward and reverse lookup zones and specifying root hints and forwarders.

It has been a while since I have configured a DNS server. I am assuming
this server is not finished integrating it into the AD. Are there some steps
to follow to accomplish this?

Thanks
Cody

 

[Meinolf Weber [MVP-DS]]

Hello Cody,

If you use AD integrated zones, you just have to wait until AD replication
is ready, so give it time and have a big coffee. Only the "DNS server properties"
compare with the existing DNS server, Forwarders tab for example, zone information
is replicated.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Meinolf Weber [MVP-DS]]

Hello Cody,

Forget to mention, until replication is done complete use only the existing
DC/DNS server as preferred on the NIC. If replication is done complete change
it to preferred DNS itself and secondary DNS to the other DNS server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Cody Lewis]

Thanks for the response. It has been 4 days. Do I need to do any
configuration on the new server? All I have done is installed the DNS
server. thanks Again

Cody

 

[Cody Lewis]

NEW SERVER
C:\Documents and Settings\Administrator.BF>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Brut
Primary Dns Suffix . . . . . . . : BF
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BF

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : BF
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
Connection w
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.0.34
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.10.0.1
DNS Servers . . . . . . . . . . . : 10.10.0.21
10.10.0.42
Primary WINS Server . . . . . . . : 10.10.0.6


OLD DNS SERVER

C:\Documents and Settings\Administrator.BF>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : William
Primary Dns Suffix . . . . . . . : BF
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : BF

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : BF
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network
Connection w
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.10.0.21
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.10.0.1
DNS Servers . . . . . . . . . . . : 10.10.0.21
10.10.0.42
Primary WINS Server . . . . . . . : 10.10.0.6

C:\Documents and Settings\Administrator.BF>

So it could be as simple as I need to change the DNS settings on the new
server?

Thansk
Cody

 

[Meinolf Weber [MVP-DS]]

Hello Cody,

What is 10.10.0.42for DNS server?

If i see correct you use a single label domain name "BF", is that correct?
This can result in lots of problems and is not recommended.

See here about:
http://support.microsoft.com/kb/300684

Additional think about to rethink your subnet configuration or do you have
the need for 65534 hosts? You should not use that big subnet with 10.10.0.0
255.255.0.0. If you have the option to change it and you don't need more
then 254 clients then use 10.10.10.0 255.255.255.0. instead. And even if
you need more clients you can better add an additional subnet.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Cody Lewis]

42 is an additional DNS server that I will be removing as well, same process
I am doing now with Brut and William. Yes I am using a single label domain,
left over from long ago NT4 days. I didnt realize using the class B was a
problem.

 

[Cody Lewis]

OK, I understand. These issues are not affecting my original DNS question
though right? Do you think I have the server configured correctly?

 

[Cody Lewis]

I used one of the old DNS servers (2000) connected to new server. Rt click,
configure, set AD integrated. I didnt have that option on the new 2003
server. Anyone know why? It seems to be working fine but I am confused
(more than normal)

Thanks
Cody

 

[Meinolf Weber [MVP-DS]]

Hello Cody,

The 2000 DNS have AD integrated zones and the 2003 has also DNS zones? Did
you configure something in DNS after installing the DNS server role? With
existing AD integrated zones you have to skip all configuration after adding
new DC's with DNS role. Just wait. Please describe more detailed the DNS
installation from the new 2003 DNS

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

 

[Cody Lewis]

Yes the 2000 has the DNS server, a reminent of the 2000 domain upgrade. The
domain is at 2003 now (mixed mode). I am attempting to get rid of the 2000
DCs.

So the installation process on the 2003 was add remove programs, windows
componets, add DNS from the 2003 CD. I was able to see the DNS entries.
However in the right hand side of the DNS explorer window it said the server
was not configured. This concerned me so I started this thread. Since then
I have removed DNS, and readded it through the server manager and adding a
role. Same results. I then went to a 2000 DNS server and connected to the
new 2003 DNS server. The new server was not listed, so I connected to it
from that DNS server, rt click configure server (I think going off memory)
selected AD integrated, ok. Server showed up in the list. I then went back
to the 2003 server and the right hand side of the DNS explorer window showed
the forward and reverse lookup zones. It seemed to have configured that
server. I have one more 2003 DNS server to configure, I havent started yet.
How do you think I should proceed?

Thanks

Cody

 

[Meinolf Weber [MVP-DS]]

Hello Cody,

See inline, i break your text a bit, easier to follow.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Yes the 2000 has the DNS server, a reminent of the 2000 domain
upgrade. The domain is at 2003 now (mixed mode). I am attempting to
get rid of the 2000 DCs.

So the installation process on the 2003 was add remove programs,
windows componets, add DNS from the 2003 CD. I was able to see the
DNS entries. However in the right hand side of the DNS explorer
window it said the server was not configured.

This can be ignored. As long as the zones are displayed correct when you
expand the DNS server. We have that also on our DNS servers.

This concerned me so I
started this thread. Since then I have removed DNS, and readded it
through the server manager and adding a role. Same results. I then
went to a 2000 DNS server and connected to the new 2003 DNS server.
The new server was not listed, so I connected to it from that DNS
server, rt click configure server (I think going off memory) selected
AD integrated, ok.

You have always add a new server to the DNS console, not done automatic.
Rightclick on the new server and choosing configure server is NOT needed.

Server showed up in the list. I then went back to
the 2003 server and the right hand side of the DNS explorer window
showed the forward and reverse lookup zones. It seemed to have
configured that server.

Because AD integrated zones are replicated with AD replication this takes
time especially if you add a new server. Minimum 15 minutes you just have
to wait. Again with AD integrated zones, there is nothing to configure after
adding the DNS server role from add/remove windows components. Give it time.

I have one more 2003 DNS server to configure,
I havent started yet. How do you think I should proceed?

Before starting with another server run the diagnostic tools dcdiag /v, netdiag
/v and repadmin /showrepl on all DC's to check them for errors.

If all is error free, point the preferred DNS on the NIC to one healthy DC/DNS
server. Now install the DNS role on the, i assume also a DC, next 2003 server.
Give it time and do not use configure the server wizard or do it manual.

 

[Ace Fekay [Microsoft Certified Trainer]]

In

Yes the 2000 has the DNS server, a reminent of the 2000 domain
upgrade. The domain is at 2003 now (mixed mode). I am attempting to
get rid of the 2000 DCs.

So the installation process on the 2003 was add remove programs,
windows componets, add DNS from the 2003 CD. I was able to see the
DNS entries. However in the right hand side of the DNS explorer
window it said the server was not configured. This concerned me so I
started this thread. Since then I have removed DNS, and readded it
through the server manager and adding a role. Same results. I then
went to a 2000 DNS server and connected to the new 2003 DNS server.
The new server was not listed, so I connected to it from that DNS
server, rt click configure server (I think going off memory) selected
AD integrated, ok. Server showed up in the list. I then went back
to the 2003 server and the right hand side of the DNS explorer window
showed the forward and reverse lookup zones. It seemed to have
configured that server. I have one more 2003 DNS server to
configure, I havent started yet. How do you think I should proceed?

Thanks

Cody

Hello Cody,

In addition to the DNS configuration you and Meinolf are discussing (please
follow his recommendations for this), the main problem causing replication
and other problems, is the single label name domain. This has been a major
issue with AD DNS domain names since Win2000 SP4. After Win2000 SP4 and
later, Microsoft stopped the ability for a machine to register into a single
label name zone. Try applying the following patch on ALL machines (DCs and
clients) to get through this until you get a chance to change the name or
migrate to a new domain in a new forest with a proper DNS name (such as
bf.net, etc). A single label domain is considered a TLD (such as com, edu,
net, etc), and DNS has difficulty with it, because it considers it a TLD and
will query the roots first before even looking at itself even though it
hosts the zone.

If you need assistance with renaming (need minimum of Windows 2003) or
migration, please post back.

Use this patch/bandaid for ALL machines:
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684

FYI, here is more info on why it was stopped by Microsoft.

======================================================================================================
======================================================================================================
Single label name from Alan Woods, MS:

"We really would preffer to use FQDN over Single label name. There are
alot of other issues that you can run into when using a Single labeled
domain name with other AD integrated products. Exchange would be a great
example. Also note that the DNR (DNS RESOLVER) was and is designed to
Devolve DNS requests to the LAST 2 names.

Example: Single Labeled domain .domainA
then, you add additional domains on the forest.
child1.domainA
Child2.child1.domainA

If a client in the domain Child2 wants to resolve a name in domainA
Example. Host.DomainA and uses the following to connect to a share
\\host then it is not going to resolve. WHY, because the resolver is
first going to query for first for Host.Child2.child1.domainA, then it
next try HOST.Child1.domainA at that point the Devolution process is
DONE. We only go to the LAST 2 Domain Names.

Also note that if you have a single labeled domain name it causes excess
DNS traffic on the ROOT HINTS servers and being all Good Internet Community
users we definitely do not want to do that. NOTE that in Windows 2003,
you get a big Pop UP Error Message when trying to create a single labeled
name telling you DON'T DO IT. It will still allow you to do it, but you
will still be required to make the registry changes, which is really not
fun.

Microsoft is seriously asking you to NOT do this. We will support you but
it the end results could be limiting as an end results depending on the
services you are using.

Thank you,

Alan Wood[MSFT]"
======================================================================================================
======================================================================================================

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
(e-mail address removed)

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.