DNS Server going to IANA for resolution

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hello,

I have a subnet of my LAN (all W2K SP4 boxes); which is
psueudo-isolated for the developers. This area supports a local
domain and is not registered in any way. At any rate, in that LAN
there are 2 DCs and they are both DNS servers with an Active Directory
integrated zone. The remaining 5 boxes in this area all point to these
2 DCSs for DNS. If a request outside of this area (e.g., for a
website) is made, then a forwarder has been specified on the DNS
servers.

My problem arose when I was looking at the network logs the other day.
One of the DNS servers is consistently banging IANA for DNS resolution.
I'm really lost here; I don't know why this one box is trying to hit
IANA all the time. All the external requests should be going to my
registered DNS server. Any suggestions are appreciated.

Thanks!

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

I do have a corresponding reverse lookup zone

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1108046527.270332.255900@c13g2000cwb.googlegroups.com,
Adam Sandler <corn29@excite.com> commented
Then Kevin replied below:
> Hello,
>
> I have a subnet of my LAN (all W2K SP4 boxes); which is
> psueudo-isolated for the developers. This area supports
> a local domain and is not registered in any way. At any
> rate, in that LAN there are 2 DCs and they are both DNS
> servers with an Active Directory integrated zone. The
> remaining 5 boxes in this area all point to these 2 DCSs
> for DNS. If a request outside of this area (e.g., for a
> website) is made, then a forwarder has been specified on
> the DNS servers.
>
> My problem arose when I was looking at the network logs
> the other day. One of the DNS servers is consistently
> banging IANA for DNS resolution. I'm really lost here; I
> don't know why this one box is trying to hit IANA all the
> time. All the external requests should be going to my
> registered DNS server. Any suggestions are appreciated.

Do you have a reverse lookup zone for your local subnet?
While not required for AD functionality, all clients set for DDNS will try
to register A and PTR records in the Authoritative DNS servers. All PTR
records for private IPs are sent to several different Black hole DNS servers
at iana.org, prisoner.iana.org is the SOA master.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Adam Sandler" <corn29@excite.com> wrote in message
news:1108046527.270332.255900@c13g2000cwb.googlegroups.com...
> Hello,
>
> I have a subnet of my LAN (all W2K SP4 boxes); which is
> psueudo-isolated for the developers. This area supports a local
> domain and is not registered in any way. At any rate, in that LAN
> there are 2 DCs and they are both DNS servers with an Active Directory
> integrated zone. The remaining 5 boxes in this area all point to these
> 2 DCSs for DNS. If a request outside of this area (e.g., for a
> website) is made, then a forwarder has been specified on the DNS
> servers.

Also specify "Do not use recursion" on the forwarders tab.

This will require the DNS server to use STRICTLY the forwarder(s).

> My problem arose when I was looking at the network logs the other day.
> One of the DNS servers is consistently banging IANA for DNS resolution.
> I'm really lost here; I don't know why this one box is trying to hit
> IANA all the time. All the external requests should be going to my
> registered DNS server. Any suggestions are appreciated.
>
> Thanks!
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1108056136.170328.4350@z14g2000cwz.googlegroups.com,
Adam Sandler <corn29@excite.com> commented
Then Kevin replied below:
> I do have a corresponding reverse lookup zone

Do you have an SMTP server using this DNS server?
SMTP server will query for a PTR record, if so configured.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[obiwan]

Archived from groups: microsoft.public.win2000.dns (More info?)

>> I do have a corresponding reverse lookup zone

> Do you have an SMTP server using this DNS server?
> SMTP server will query for a PTR record, if so configured.

Yes, and a quick and (rather) easy way to minimize
traffic to root servers is to change the DNS config
setting up both the "." and the "in-addr.arpa" zones
as secondary ones, this way the DNS will have its
local copy of the two root zones (direct/reverse)
and won't need to ask root-servers for DNS glue

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:Ov5n7SEEFHA.1600@TK2MSFTNGP10.phx.gbl,
ObiWan <obiwan@mvps.org> commented
Then Kevin replied below:
>>> I do have a corresponding reverse lookup zone
>
>> Do you have an SMTP server using this DNS server?
>> SMTP server will query for a PTR record, if so
>> configured.
>
> Yes, and a quick and (rather) easy way to minimize
> traffic to root servers is to change the DNS config
> setting up both the "." and the "in-addr.arpa" zones
> as secondary ones, this way the DNS will have its
> local copy of the two root zones (direct/reverse)
> and won't need to ask root-servers for DNS glue

Obi, you are exactly right. as I have done exactly that on all of my DNS
servers.
Delegated Root and in-addr.arpa secondary zones are a good addition to any
DNS server. It can save a lot of trips out to the root.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================