Proper DNS configuration help

  • Thread starter Thread starter Mike G
  • Start date Start date
M

Mike G

I have been looking at the dns setup of a network I inherited and it looks
wrong to me. Before I change anything I want to verify I am on the right
track.

All of my clients are configured for
primary dns=192.168.1.17=victory1
secondary dns=192.168.1.16=victory2

Because of this setup I always considered that victory1 was the first DC
configured and victory2 came next but now I am not sure. If the AD roles are
important let me know and I will verify them.

The primary server is hardly ever down but I have noticed when it is dns
name resolution slows down because web pages take longer to load. This got
me investigating the configs and this is what I found.

victory1
forwarders=opendns servers=208.67.222.222/208.67.220.220
forward lookup zone=victory.org(AD integrated, primary, zone transfers not
allowed)

victory2
forwarders=192.168.1.17
forward lookup zone=victory.org(AD integrated, primary, zone transfers
allowed to any server)

This would explain when victory1 is down dns takes longer because victory2
has to go to root hints for dns. I propose to change to this config.

victory1
forwarders=opendns servers=208.67.222.222/208.67.220.220
forward lookup zone=victory.org(AD integrated, primary, zone transfers
allowed to any server)

victory2
forwarders=opendns servers=208.67.222.222/208.67.220.220
forward lookup zone=victory.org(AD integrated, primary, zone transfers
allowed to any server)

If I am missing something or you need more info to sort this out just let me
know. Any help is appreciated.
 
Hello Mike,

I would do exactly the same, remove the 192.x.x.x from the forwarders and
add the other ones.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
Thanks for the reply. Is the zone transfers setting even relevant in an AD
integrated zone? I think not.
 
Hello Mike,

No, all zones will be replicated with AD replication. But if you have other
DNS servers you can still use it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
I just noticed this error in the system log on victory2 which occurs with
every system boot. There is no error of this type on victory1. What action
should be taken?

Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5773
Date: 08/04/2008
Time: 7:50:26 AM
User: N/A
Computer: VICTORY2
Description:
The DNS server for this DC does not support dynamic DNS. Add the DNS records
from the file '%SystemRoot%\System32\Config\netlogon.dns' to the DNS server
serving the domain referenced in that file.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2c 23 00 00 ,#..
 
Both of my dns servers are running on Windows 2000 server SP4. The files
referenced in this KB on both servers are SP4 versions later than this
hotfix. Any other suggestions? The forward lookup zone on both servers is
set for nonsecure and secure dynamic updates.
 
Hello Mike,

Please post an unedited ipconfig /all from both servers here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : victory1
Primary DNS Suffix . . . . . . . : victory.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : victory.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82558-based Integrated
Etherne
t with Wake on LAN*
Physical Address. . . . . . . . . : 00-A0-C9-EC-F6-22
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.17
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.17
192.168.1.16

C:\Documents and Settings\Administrator.VICTORY>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : victory2
Primary DNS Suffix . . . . . . . : victory.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : victory.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 82558-based Integrated
Etherne
t with Wake on LAN*
Physical Address. . . . . . . . . : 00-A0-C9-FC-8D-CD
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.16
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.17
192.168.1.16
Primary WINS Server . . . . . . . : 192.168.1.17
 
Two things that probably need to be changed on victory2:
1) dns server list should point to itself first (192.168.1.16,192.168.1.17)
2) ip routing can be disabled - no longer being used

Will this solve the Event ID: 5773 issue?
 
I changed 1) and rebooted but error remains.

Mike G said:
Two things that probably need to be changed on victory2:
1) dns server list should point to itself first
(192.168.1.16,192.168.1.17)
2) ip routing can be disabled - no longer being used

Will this solve the Event ID: 5773 issue?
Click to expand...
 
Back
Top