DNS - How to
Best practice of DNS configuration in win 2008 AD
DNS Aging
and Scavenging Features
How can I verify a computer DNS entries are correctly registered in DNS
How to add DNS and
WINS into your Cisco VPN server
How does the internal DNS resolve names Internet without the ISP's DNS server
How to Add a TXT record
How to check TXT record using nslookup
How
to clear bad information in Active Directory-integrated DNS
How to configure the primary DNS suffix
How to
Configure External DNS Record in Windows 2008 DNS Server
How to configure Aging
time on the DNS server
How to configure
Aging time in the DNS zone Properties
How to Create
a Host (A) Record on Server 2008 DNS
How to
determine/check the DNS suffix of a computer
How to ensure that DNS is registering the Active Directory DNS records
How to repair the DNS record registration
How to
configure DNS Forwarders
How to fix DC's FQDN Does Not
Match Domain Name
How to register the DNS RR
How to reinstall the dynamic DNS in a Windows 2000 Active Directory
How
to setup DNS Server in Windows Server 2003
How to set the New Refresh interval and
disable “Scavenge stale resource records” on the DNS Zone
How to
troubleshoot DNS problems
How to verify that SRV
DNS records have been created for a DC
Should we disable IPv6 DNS if we don't use it
The
rule of Setup DNS Forwarding
Understand DNS Dynamic Updates in Windows Server 2003
Which name resolution
should be used for home or workgroup network
How to
register the DNS RR
1. Go to DNS Manager to add it manually.
2. Use netlogon, ipconfig and nbtstat command. Refer to case 0304TTa
How to
troubleshoot DNS problems
To correct DNS settings and troubleshoot DNS problems, you can 1) run
nslookup from a command line is the default dns server the one you expect.
2) use ipconfig /all on client to make sure the client point to correct DNS
server and the the DC server points to only itself for DNS by its actual
tcp/ip address, and make sure no any ISP DNS listed in tcp/ip properties of
any W2K/XP.
3) When the machine loads it should register itself with the DNS. If not, use
ipconfig /regiesterdns command.
4) Check Event Viewer to see whether the event logs contain any error
information. On both the client and the server, check the System log for
failures during the logon process. Also, check the Directory Service logs on
the server and the DNS logs on the DNS server.
5) Use the nltest /dsgetdc:domainname
command to verify that a domain controller can be located for a specific
domain. The NLTest tool is installed with the Windows XP support tools.
6) If you suspect that a particular domain controller has problems, turn on
the Netlogon debug logging. Use the NLTest utility by typing
nltest
/dbflag:0x2000ffff at a command prompt. The information is logged in the
Debug folder in the Netlogon.log file.
7) Use DC Diagnosis tool, dcdiag /v to diagnose any errors. If you still have
not isolated the problem, use Network Monitor to monitor network traffic
between the client and the domain controller.
8) Also, make sure there are no problems with
your high speed Internet connection.
How can I verify a computer DNS entries are correctly registered in DNS?
A: You can use the NSLookup tool to verify
that DNS entries are correctly registered in DNS. For example, to verify
record registration, use the following commands: nslookup
computername.domain.com.
How to add DNS and WINS
into your Cisco VPN server
If your VPN client cannot find servers or
cannot ping computernmae, you may need to add DNS and WINS into your VPN
server. For example, to add DNS and WINS on a Cisco Firewall PIX, add vpdn
group 1 client configuation dns dnsservername and vpdn group 1 client
configuration wins winsservername..
How
to clear bad information in Active Directory-integrated DNS
You may need to clear bad information in Active Directory-integrated if DNS
is damaged or if the DNS contains incorrect registration information. To do
that, 1) Change the DNS settings to Standard Primary Zone.
2) Delete the DNS zones.
3) Use ipconfig /flushdns command.
4) Recreate the DNS zones.
5) Restart Net Logon service
6)Use ipconfig /registerdns
How to ensure that DNS is registering the Active Directory DNS records
To ensure that DNS is registering the Active Directory DNS records,
to go DNS Management console>Server name>Forward Lookup Zones>Properties,
make sure Allow Dynamic Updates is set to Yes and _msdcs,
_sites, _tcp and _udp are correctly registering the Active Directory DNS
records. If these folders do not exist, DNS is not registering the Active
Directory DNS records. These records are critical to Active Directory
functionality and must appear within the DNS zone. You should repair the
Active Directory DNS record registration.
Q:
How does the internal DNS resolve names Internet without the ISP's DNS server
A: As long as the "." zone does not exist under forward
lookup zones in DNS, the DNS service uses the root hint servers. The root hint
servers are well-known servers on the Internet that help all DNS servers
resolve name queries.
How to reinstall the dynamic DNS in a Windows 2000 Active Directory
Under the following situations you may want to reinstall the DDNS in a
Windows 2000 Active Directory:
- Some weird DNS errors have occurred and clearing DNS information has been
unsuccessful.
- Services that depend upon DNS, such as, the File Replication service
(FRS) and/or Active Directory are failing.
- The secondary DNS server doesn't support dynamic updates.
To reinstall the dynamic DNS in a Windows 2000 Active Directory,
1. Clear the DNS information.
2. Clear the Caching Resolver.
3. Point all DNS servers to the first DNS server under TCP/IP properties.
4. Re-add the zones and configure them to be Active Directory integrated.
5. Register your A resource record for DNS as well as your start of authority
(SOA).
How to repair the DNS
record registration
To repair the Active Directory DNS record registration:
- Check for the existence of a Root Zone entry. View the Forward Lookup
zones in the DNS Management console. There should be an entry for the domain.
Other zone entries may exist. There should not be a dot (".") zone. If the
dot (".") zone exists, delete the dot (".") zone. The dot (".") zone
identifies the DNS server as a root server. Typically, an Active Directory
domain that needs external (Internet) access should not be configured as a
root DNS server.
The server probably needs to reregister its IP configuration (by using
Ipconfig) after you delete the dot ("."). The Netlogon service may also need
to be restarted. Further details about this step are listed later in this
article.
- Manually repopulate the Active Directory DNS entries. You can use the
Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries.
Netdiag is included with the Windows 2000 Support tools. At a command prompt,
type netdiag /fix.
To install the Windows 2000 Support tools:
- Insert the Windows 2000 CD-ROM.
- Browse to Support\Tools.
- Run Setup.exe in this folder.
- Select a typical installation. The default installation path is
Systemdrive:\Program Files\Support Tools.
After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed.
NOTE: The server may need to reregister its IP configuration
(by using Ipconfig) after you run Netdiag. The Netlogon service may also need
to be restarted.
If the Active Directory DNS records do not appear, you may need to manually
re-create the DNS zone.
- After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed. Manually
re-create the DNS zone:
Still need help,
contact consultant Your
feedback and contributions to this web site
To ensure
network functionality outside of the Active Directory domain
(such as browser requests for Internet addresses), configure the DNS server to
forward DNS requests to the appropriate Internet service provider (ISP) or
corporate DNS servers. To configure forwarders on the DNS server:
- Start the DNS Management console.
- Right-click the name of the server, and then click Properties.
- Click the Forwarders tab.
- Click to select the Enable Forwarders check box.
NOTE: If the Enable Forwarders check box is
unavailable, the DNS server is attempting to host a root zone (usually
identified by a zone named only with a period, or dot ("."). You must delete
this zone to enable the DNS server to forward DNS requests. In a
configuration in which the DNS server does not rely on an ISP DNS server or a
corporate DNS server, you can use a root zone entry.
- Type the appropriate IP addresses for the DNS servers that will accept
forwarded requests from this DNS server. The list reads from the top down in
order; if there is a preferred DNS server, place it at the top of the list.
- Click OK to accept the changes.
For more troubleshooting information about DNS configuration for Active
Directory, see the following Microsoft Knowledge Base articles:
|