Announcement

Collapse
No announcement yet.

DNS issues across multiple trees in a single forest

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DNS issues across multiple trees in a single forest

    I have 2 domains in a forest: DomainA.local and DomainB.local. DomainA.local is the forest root. From DomainA.local i can resolve DNS names of machines in DomainB. However I cannot resolve any names for DomainA from DomainB. I have setup up forwarders on the DNS servers (which are the DCs) for DomainA from DomainB. I also cannot log into a machine on DomainB.local with credentials from DomainA.local.

    These are the errors i see on the DCs in DomainB.local:

    Event Type: Warning
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5781
    Date: 28/07/2008
    Time: 10:44:49
    User: N/A
    Computer: DC1DomainB
    Description:
    Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.DomainA.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

    A dcdiag /test:dns gives me:


    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests

    Testing server: DomainB/DC1DomainB
    Starting test: Connectivity
    ......................... DC1DomainB passed test Connectivity
    Doing primary tests

    Testing server: DomainB/DC1DomainB
    DNS Tests are running and not hung. Please wait a few minutes...

    Running partition tests on : DomainDnsZones

    Running partition tests on : DomainB

    Running partition tests on : ForestDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running enterprise tests on : DomainA.local
    Starting test: DNS
    Test results for domain controllers:

    DC: DC1DomainB.DomainB.local
    Domain: DomainB.local

    TEST: Basic (Basc)
    Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.x.x (<name unavailable>)
    Error: all DNS servers are invalid

    TEST: Forwarders/Root hints (Forw)
    Error: Forwarders list has invalid forwarder: 195.184.228.6 (<name unavailable>)
    Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
    Error: Root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
    Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
    Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
    Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
    Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
    Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
    Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
    Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
    Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
    Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
    Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)

    TEST: Records registration (RReg)
    Error: Record registrations cannot be found for all the network adapters

    Summary of test results for DNS servers used by the above domain controllers:
    DNS server: 128.63.2.53 (h.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 128.63.2.53

    DNS server: 128.8.10.90 (d.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 128.8.10.90

    DNS server: 192.112.36.4 (g.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.112.36.4

    DNS server: 192.168.11.231 (<name unavailable>)
    1 test failure on this DNS server
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.168.11.231

    DNS server: 192.203.230.10 (e.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.203.230.10

    DNS server: 192.228.79.201 (b.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.228.79.201

    DNS server: 192.33.4.12 (c.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.33.4.12

    DNS server: 192.36.148.17 (i.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.36.148.17

    DNS server: 192.5.5.241 (f.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
    Name resolution is not functional. _ldap._tcp.boden.local. failed on the DNS server 192.5.5.241


    etc.
    Summary of DNS test results:

    Auth Basc Forw Del Dyn RReg Ext
    __________________________________________________ ______________
    Domain: webboden.local
    dcweb01 PASS FAIL FAIL PASS PASS FAIL n/a

    ......................... DomainA.local failed test DNS

    A netdiag gives me:

    Netcard queries test . . . . . . . : Passed

    Per interface results:
    Adapter : Team 1
    Netcard queries test . . . : Passed
    Host Name. . . . . . . . . : DC1DomainB
    IP Address . . . . . . . . : 192.168.x.x
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.x.y
    Dns Servers. . . . . . . . : 192.168.x.x

    AutoConfiguration results. . . . . . : Passed
    Default gateway test . . . : Passed
    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.

    Global results:

    Domain membership test . . . . . . : Passed

    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{9DE3571C-E272-49ED-A606-72F8056E8B66}
    1 NetBt transport currently configured.

    Autonet address test . . . . . . . : Passed

    IP loopback ping test. . . . . . . : Passed

    Default gateway test . . . . . . . : Passed

    NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.

    Winsock test . . . . . . . . . . . : Passed

    DNS test . . . . . . . . . . . . . : Failed
    [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.x.x, ERROR_TIMEOUT.
    [FATAL] No DNS servers have the DNS records for this DC registered.

    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{9DE3571C-E272-49ED-A606-72F8056E8B66}
    The redir is bound to 1 NetBt transport.
    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{9DE3571C-E272-49ED-A606-72F8056E8B66}
    The browser is bound to 1 NetBt transport.

    DC discovery test. . . . . . . . . : Passed

    DC list test . . . . . . . . . . . : Passed

    Trust relationship test. . . . . . : Passed
    Secure channel for domain 'DomainB' is to '\\DC1DomainB.DomainB.local'.

    Kerberos test. . . . . . . . . . . : Passed

    LDAP test. . . . . . . . . . . . . : Passed

    Bindings test. . . . . . . . . . . : Passed

    WAN configuration test . . . . . . : Skipped
    No active remote access connections.

    Modem diagnostics test . . . . . . : Passed
    IP Security test . . . . . . . . . : Skipped
    Note: run "netsh ipsec dynamic show /?" for more detailed information

    The command completed successfully


    Has anyone seen this before and any onfo on how to fix this?

    Many Thanks

  • #2
    Re: DNS issues across multiple trees in a single forest

    TEST: Basic (Basc)
    Warning: adapter [00000001] Broadcom NetXtreme Gigabit Ethernet has invalid DNS server: 192.168.x.x (<name unavailable>)
    Error: all DNS servers are invalid
    DCs in DomainB.local need to register forest-wide records in the forest root DNS zone.
    As a starting point point the DC in DomainB.local to a DNS server in forest root domain and let it re-register the records.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"

    Comment


    • #3
      Re: DNS issues across multiple trees in a single forest

      Thanks for that, I am giving it a go now. But still cannot resolve the DomainA names.

      In DomainA.local should i see a zone for DomainB.local? If so this is not present.

      Also under ForestDNSZones. I can see IPs for all dns servers in the forest except for one that is in DomainB.local. (I have 2 DCs in DomainB that are both DNS Servers).

      Comment

      Working...
      X