DNS registration for PDC only correct on some DNS servers?

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi there...

Running netdiag I get this warning :


DNS test . . . . . . . . . . . . . : Passed
[WARNING]: The DNS registration for 'server.domain' is correct only on some
DNS servers.
Please wait 15 min for replication and run the test again.
PASS - All the DNS entries for DC are registered on DNS server '10.0.0.200'.

It confuses me slightly since there is only one DNS server in the domain,
and it's running on the PDC (server.domain). Could this warning be related
to external NS servers I've configured? With external I mean NS servers that
look up on internet.

I've configured those to NS servers under "forward lookup zones"->domain as
NS.

Presumeably that's not a correct setup? If so, then how do I correct setup
external NS servers, whos sole purpose is to lookup domains on the internet
(default route)?

PS. server.domain is not the real name.
--
I doubt, therefore I might be.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

If you want to query external name servers for public names, you normally name their IP addresses as forwarders in the DNS server's
properties dialog.

I'm not quite sure what you're saying about putting NS entries under forward lookup zones. In Server 2003 you can name "conditional
forwarders" for specific domains that are different than the global forwarders. You are certainly free to add public zones to your
own DNS - I don't think it will do what you might expect, but as long as these zone names don't conflict with your internal AD
domain it shouldn't cause any problem there.

Are you sure you're not naming other, outside-the-domain DNS servers in the server's own DNS IP configuration? That would be the
most obvious reason for the error you're seeing, and can open the door to significant network problems.

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.


"Kim Noer" <kn@nospam.dk> wrote in message news:O8TjpwyeFHA.1448@TK2MSFTNGP14.phx.gbl...
> Hi there...
>
> Running netdiag I get this warning :
>
>
> DNS test . . . . . . . . . . . . . : Passed
> [WARNING]: The DNS registration for 'server.domain' is correct only on some DNS servers.
> Please wait 15 min for replication and run the test again.
> PASS - All the DNS entries for DC are registered on DNS server '10.0.0.200'.
>
> It confuses me slightly since there is only one DNS server in the domain, and it's running on the PDC (server.domain). Could this
> warning be related to external NS servers I've configured? With external I mean NS servers that look up on internet.
>
> I've configured those to NS servers under "forward lookup zones"->domain as NS.
>
> Presumeably that's not a correct setup? If so, then how do I correct setup external NS servers, whos sole purpose is to lookup
> domains on the internet (default route)?
>
> PS. server.domain is not the real name.
> --
> I doubt, therefore I might be.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Steve Duff [MVP]" <ergodic@ergodic-systems.com> wrote in message
news:O8U0h90eFHA.1612@tk2msftngp13.phx.gbl

> If you want to query external name servers for public names, you
> normally name their IP addresses as forwarders in the DNS server's
> properties dialog.

I've already configured that, but I also (let's say accidently) configured
the external NS in the forward lookup zone. Presumeably that's why my DNS
tries to update the external NS (combined with that I don't currently
restrict the zone transfer in any way)?

Can I see what forwarders are in use with nslookup?

> I'm not quite sure what you're saying about putting NS entries under
> forward lookup zones. In Server 2003 you can name "conditional

With NS entries under the forward lookup zones I meant the same as "ls -t NS
domain.domain" in nslookup.

> Are you sure you're not naming other, outside-the-domain DNS servers
> in the server's own DNS IP configuration? That would be the most
> obvious reason for the error you're seeing, and can open the door to
> significant network problems.

Yes, fortunately I was clever enough to avoid that .

--
I doubt, therefore I might be.

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

You are right that you should not normally be naming outside name servers in your inside domain zone's NS set -- unless these
servers answer directly for the zone. These servers are (I will assume) not authoritative for the zone, so you have to take those NS
RRs out of the zone to achieve a correct DNS configuration.

Now if the purpose of that was to permit secondary zone transfers to those servers, you can configure those specific server IPs in
the primary zone's properties dialog - you don't have to implicitly name allowed transfer servers via NS records. OTOH if these
really ARE functioning secondaries for the zone then naming them with NS records should be fine. But in that case an nslookup should
show you all of the AD registrations on the secondary replica and you wouldn't be getting the netstat error you are seeing. I
suppose this all means I need to know a little more about the situation.

nslookup has its own independent lookup logic (that is what makes it useful for debugging dns problems). So it does not show your
configured forwarders. But that is easy enough to check in the properties dialog for the DNS root in the mmc console. In most cases
you can just disable forwarders completely and use the supplied root hints to resolve public names.

Best wishes

Steve Duff, MCSE, MVP
Ergodic Systems, Inc.

"Kim Noer" <kn@nospam.dk> wrote in message news:%23797Fz%23eFHA.3836@tk2msftngp13.phx.gbl...
> "Steve Duff [MVP]" <ergodic@ergodic-systems.com> wrote in message
> news:O8U0h90eFHA.1612@tk2msftngp13.phx.gbl
>
>> If you want to query external name servers for public names, you
>> normally name their IP addresses as forwarders in the DNS server's
>> properties dialog.
>
> I've already configured that, but I also (let's say accidently) configured the external NS in the forward lookup zone. Presumeably
> that's why my DNS tries to update the external NS (combined with that I don't currently restrict the zone transfer in any way)?
>
> Can I see what forwarders are in use with nslookup?
>
>> I'm not quite sure what you're saying about putting NS entries under
>> forward lookup zones. In Server 2003 you can name "conditional
>
> With NS entries under the forward lookup zones I meant the same as "ls -t NS domain.domain" in nslookup.
>
>> Are you sure you're not naming other, outside-the-domain DNS servers
>> in the server's own DNS IP configuration? That would be the most
>> obvious reason for the error you're seeing, and can open the door to
>> significant network problems.
>
> Yes, fortunately I was clever enough to avoid that .
>
> --
> I doubt, therefore I might be.
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

"Steve Duff [MVP]" <ergodic@ergodic-systems.com> wrote in message
news:O$cRfAEfFHA.2644@TK2MSFTNGP09.phx.gbl
> You are right that you should not normally be naming outside name
> servers in your inside domain zone's NS set -- unless these servers
> answer directly for the zone. These servers are (I will assume) not
> authoritative for the zone, so you have to take those NS RRs out of
> the zone to achieve a correct DNS configuration.

Which did the trick - the server passes the DNS test as well, which is nice
indeed.

> nslookup has its own independent lookup logic (that is what makes it
> useful for debugging dns problems). So it does not show your
> configured forwarders. But that is easy enough to check in the
> properties dialog for the DNS root in the mmc console. In most cases
> you can just disable forwarders completely and use the supplied root
> hints to resolve public names.

Which I tried out, and it worked as you predicted, so now I have a
nicer-than-before DNS setup. Thanks a bundle for your help.

--
I doubt, therefore I might be.