Records not created for Forward zone

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi Everyone

My problem is: I have DHCP configured to update the DNS records for all client PC regardless of they the client requestes it or not. The DNS server is configured for secure updates and is AD integrated. However when new clients are added to the network only the reverse lookup zone records are created for the new client and not the forward. What could be causing this and what should I do?
 
The clients may not have the right Primary Domain Suffix (see ipconfig /all)
This needs to match the domain name of the zone you want clients to register
in.

--
William Stacey, MS MVP


Samantha said:
Hi Everyone,

My problem is: I have DHCP configured to update the DNS records for all
Click to expand...
client PC regardless of they the client requestes it or not. The DNS
server is configured for secure updates and is AD integrated. However when
new clients are added to the network only the reverse lookup zone records
are created for the new client and not the forward. What could be causing
this and what should I do?
 
Lets see ipconfig /all on client and ipconfig /all on server and dnscmd
/enumzones on dns server.
 
I think the dns suffix on clients may not be relaventant
here, as the dhcp server is doing the a registration on
behalf the clients. what the server used is the domain
name configured for the scope.

Samantha, so only the new ones are not working? hmm, are
you sure the whole thing still working? for old ones,
are they being updated every day? you may want to use a
new machine with ipconfig /registerdns to verify the DDNS
on the DNS server, and change an old machine name to
verify the DHCP server's this function as well ...
 
In
Samantha said:
Hi William,

The ipconfig /all on the client is list the IP address of the
authorative and secondary DNS servers and the IPconfig on the server
lists itself.
Click to expand...

The ipconfig /all would be very helpful, it looks like you want to keep us
guessing instead of having solid information to make a diagnosis.

What to you mean by "authoritative and secondary and the IPconfig on the
server"?
This information is very important and for DDNS to work it must be correct.
I hope you are not referring to Public DNS servers, in an AD environment you
should only use the DNS server that hosts the AD domain zone. Never an
external or ISP's DNS.

What does DHCP option 015 have defined?
 
Hi Kevin

I am sorry if I am confussing you, and I do not want to keep you guessing. I have 2 DNS servers a main server and a secondary server the secondary server receives zone transfers from the main one. In the IPCONFIG /ALL on the clients for the DNS servers they list the ip address of both servers eg 192.168.x.y and 192.168.x.z. I would love to send you all the information from the ipconfig but I am not at the office and I am trying to figure out what to do before I return tomarrow

Also in the event lsystem log on the clients and the DNS server there is a NETLOGON 5781 error. The DNS server is configured with its ip address in the TCP/IP setting. Clients are also configured with the address. Thanks
 
Hi confused

I did that and it does not create new records or updates the old ones. I tried the ipconfig /registerdns on the clients and it does nothing. Thanks.
 
In
Samantha said:
Hi Kevin,

I am sorry if I am confussing you, and I do not want to keep you
guessing. I have 2 DNS servers a main server and a secondary server
the secondary server receives zone transfers from the main one. In
the IPCONFIG /ALL on the clients for the DNS servers they list the ip
address of both servers eg 192.168.x.y and 192.168.x.z. I would love
to send you all the information from the ipconfig but I am not at the
office and I am trying to figure out what to do before I return
tomarrow.

Also in the event lsystem log on the clients and the DNS server there
is a NETLOGON 5781 error. The DNS server is configured with its ip
address in the TCP/IP setting. Clients are also configured with the
address. Thanks
Click to expand...

That is why we need to see the ipconfig /all
If you are getting 5781 events then I suspect a single label domain name,
since that is the event you get after SP4 in Win2k.
If you will please post ipfconfig /all we can glean a lot of information
that will help diagnose this.
 
Hi kevin

Thank you for your help. But I will not be able to get the IPCONFIG /ALL information to you tonight because I am at home and away from the office. However I will post it tommarow. Incidently I did install SP4 recently I think you may be on to something. But why would it still dynamically update the reverse zone and not the forward? I will send what is being shown on the client as well as the server, First thing when I get to the office tommarow. Is there any other information I can provide you with now

p
The forward lookup zone A record is still being created, but only if I provide the client with a static IP address. It is neither created or updated with DHCP. Hope this sheds some light.
 
In
Samantha said:
Hi kevin,

Thank you for your help. But I will not be able to get the IPCONFIG
/ALL information to you tonight because I am at home and away from
the office. However I will post it tommarow. Incidently I did
install SP4 recently I think you may be on to something. But why
would it still dynamically update the reverse zone and not the
forward? I will send what is being shown on the client as well as
the server, First thing when I get to the office tommarow. Is there
any other information I can provide you with now?

ps
The forward lookup zone A record is still being created, but only if
I provide the client with a static IP address. It is neither created
or updated with DHCP. Hope this sheds some light.
Click to expand...

Hi Samantha,
For DHCP to update the Forward lookup zone, you must have option 015 enabled
with the domain name defined.

As for the 5781s on Win2kSP4, it has to with if the domain is a single label
name (domain vs. domain.com) if this is the case then to even get it to work
you have to make registry entries on all domain members and servers,
including the DC, using Win2kSP4 WinXP and Win2k3. It still won't work right
but it will get you by, many cases have shown that Group policies won't get
applied in a single label domain.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684
 
Hi Kevin

Where can I find option 015, and my domain is a single label name. With regards to what you have said about group policies I have realize that the GPOs that are set at the root level are applied, but the ones that are set for the OUs are not and no one has been able to explain to me why, so I appreciate this. Will you check back tomarrow for the IPCONFIG /ALL information? Thanks
 
It has been awhile for me on this, but I think by default the dhcp does the
ptr registration, and the client does the forward A registration. If the
dhcp server is set to do both, it still uses the Primary DNS suffix from the
client (not the connection specific suffix).
 
In
William Stacey said:
It has been awhile for me on this, but I think by default the dhcp
does the ptr registration, and the client does the forward A
registration. If the dhcp server is set to do both, it still uses
the Primary DNS suffix from the client (not the connection specific
suffix).
Click to expand...

That's pretty much it, unless you state Option 081 in DHCP/DNS tab to force
reg for all clients.

My take on this whole thread is there's either a possible single label name,
which we can verify with the ipconfig /all and knowing what the AD name is
supposed to be), or the Prmary DNS Suffix is incorrect on the DC, but since
Samantha says none are registering in the FLZ, then I'm leaning towards the
a single label name issue, especially since she stated she just installed
SP4 recently.

Also, just to add, 5781's can be caused by a number of reasons, a few being
multihomed DCs, SP mismatches between DC/DNS servers with delegated zones,
ISP addresses for DNS, local loopback address for DNS, netlogon startup
timing issues, and lastly, but more significantly in this case, single label
domain names.

Cheers!

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Samantha said:
Hi Kevin,

Where can I find option 015, and my domain is a single label name.
With regards to what you have said about group policies I have
realize that the GPOs that are set at the root level are applied, but
the ones that are set for the OUs are not and no one has been able to
explain to me why, so I appreciate this. Will you check back
tomarrow for the IPCONFIG /ALL information? Thanks.
Click to expand...

DHCP Option 015 is either a scope option or a server option.

It has become a known issue in this group that Group policies are not
applied in a single label domain name, because single label domains do not
follow the DNS hierarchy and the domain cannot be resolved at the domain
level. Group policies are applied from the Domain DFS share at
\\domain\SYSVOL\domain\policies several of us here have tried workarounds to
get the DFS share to work but I know of no known fix, other than rebuilding
the domain with a DNS name using the DNS hierarchy of domain.com (any name
can be used as long as it has the dot in the name). You have the option of
building the new domain on a different box then migrating the user and
computer accounts to the new domain using ADMT. We have spent considerable
time with several posters but have been unable to resolve the GPO issue. I
came across this KB article a few days ago you can give it a try, it sounds
like it might work, it can't hurt because DNS won't resolve the single label
name.
251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option: http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

You can get the registration to work by applying the registry entries from
the KB article I posted.
 
Hi All

Here is my IPCONFIG /ALL information

Windows 2000 IP Configuratio
Host Name . . . . . . . . . . . . : DNSERVE
Primary DNS Suffix . . . . . . . : WIND-GAT
Node Type . . . . . . . . . . . . : Hybri
IP Routing Enabled. . . . . . . . : N
WINS Proxy Enabled. . . . . . . . : N
DNS Suffix Search List. . . . . . : WIND-GAT
Ethernet adapter Local Area Connection
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : IBM 10/100 EtherJet PCI Management Adapte
Physical Address. . . . . . . . . : 00-02-55-31-3D-5
DHCP Enabled. . . . . . . . . . . : N
IP Address. . . . . . . . . . . . : 192.168.2.
Subnet Mask . . . . . . . . . . . : 255.255.255.
Default Gateway . . . . . . . . . : 192.168.2.2
DNS Servers . . . . . . . . . . . : 192.168.2.

Windows 2000 IP Configuratio
Host Name . . . . . . . . . . . . : sales-dep
Primary DNS Suffix . . . . . . . : Wind-gat
Node Type . . . . . . . . . . . . : Broadcas
IP Routing Enabled. . . . . . . . : N
WINS Proxy Enabled. . . . . . . . : N
DNS Suffix Search List. . . . . . : wind-gat
Ethernet adapter Local Area Connection
Connection-specific DNS Suffix . : wind-gat
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (10/100
Physical Address. . . . . . . . . : 00-05-29-EE-59-5
DHCP Enabled. . . . . . . . . . . : Ye
Autoconfiguration Enabled . . . . : Ye
IP Address. . . . . . . . . . . . : 192.168.2.7
Subnet Mask . . . . . . . . . . . : 255.255.255.
Default Gateway . . . . . . . . . : 192.168.2.2
DHCP Server . . . . . . . . . . . : 192.168.2.
DNS Servers . . . . . . . . . . . : 192.168.2.
192.168.2.
Lease Obtained. . . . . . . . . . : Thursday, March 25, 2004 9:25:20 A
Lease Expires . . . . . . . . . . : Friday, April 02, 2004 9:25:20 A
 
In
Samantha said:
Hi Kevin,

As promise here is the IPCONFIG /ALL for the server as well as the
client.

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : DNSERVER
Primary DNS Suffix . . . . . . . : WIND-GATE
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WIND-GATE
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : IBM 10/100 EtherJet PCI
Management Adapter
Physical Address. . . . . . . . . : 00-02-55-31-3D-5D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.20
DNS Servers . . . . . . . . . . . : 192.168.2.2

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : sales-dept
Primary DNS Suffix . . . . . . . : Wind-gate
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wind-gate
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : wind-gate
Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (10/100)
Physical Address. . . . . . . . . : 00-05-29-EE-59-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.72
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.20
DHCP Server . . . . . . . . . . . : 192.168.2.2
DNS Servers . . . . . . . . . . . : 192.168.2.2
192.168.2.6
Lease Obtained. . . . . . . . . . : Thursday, March 25, 2004 9:25:20
AM
Lease Expires . . . . . . . . . . : Friday, April 02, 2004 9:25:20 AM
Click to expand...

I have bad news and and not so good news, and some very bad news.
Yes, if wind-gate is the domain name that is a single label domain name,
that is bad, very bad if you want GPOs to work.
You will have to visit each member machine and DC in this domain and apply
the registry entries from 300684 so DNS registrations can work.
That won't help GPOs, you might try 251384 to see if this helps the GPO
issue. If it works and allows GPOs to be applied I would like to here some
feed back( it has to do with allowing single label names to be recursed.)

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684

251384 - Delays in Name Resolution Using Microsoft DNS Server Forwarder
Option: http://support.microsoft.com/default.aspx?scid=kb;en-us;251384

You'd be in good shape had you named the domain wind.gate.
 
In
Samantha said:
Hi Kevin,

Thanks for all your help. I will try to do this today or tomarrow
after working hours, as I first have to back up all the servers
involved, we have 2 DCs and 4 member servers. I will definitely let
you know how it all turns out especially with the GPOs. Thanks again
for everything.
Click to expand...

You will also have to apply this to the member clients using Win2kSP4 and
XP.
 
In
Samantha said:
Hi Kevin,

Okay Thanks.
Click to expand...


Hi Samantha,

What mode is your domain in? Probably make some recommendations for a
rebuild/rename, but the ease of such a procedure would depend on what mode
your domain is in.

Thanks

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top