Announcement

Collapse
No announcement yet.

Lamer's DNS question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lamer's DNS question

    I'm trying to cleanup our DNS but would like clarification on a few items. I've looked through prior posts and KBs but am not seeing the obvious--or I'm not understanding the obvious.

    Our environment has no child domains but we have a trust with an NT domain we are retiring. All DCs are 2003 and DNS is AD-integrated zone with Server 1 and 2 as the "primary" and "secondary". Some of the issues we are seeing: broken delegation (via net diag) and slow logins (primarily at Site C).

    We have the following config:
    Site A: DC/DNS Server1 and Server 2
    Site B: DC/DNS Server3 and Server 4
    Site C: DC Server 5 (no DNS)

    Server 1 ip settings (suffix mydomain.com)
    server 1
    server 2
    server 3
    server 4

    Server 2 ip settings (suffix mydomain.com)
    server 2
    server 1
    server 3
    server 4

    Server 3 ip settings (suffix mydomain.com)
    server 3
    server 4
    server 1
    server 2

    Server 4 ip settings (suffix mydomain.com)
    server 4
    server 3
    server 1
    server 2

    Server 5 ip settings (suffix mydomain.com and nt_domain.com) No DNS on this DC
    server 1
    server 2
    server 3
    server 4

    Possible solutions:
    --run netdiag /fix
    --dnslint? If so--any suggestions on this tool? I have never used it.
    --find a less stressful job

    Any help would be very appreciated.

  • #2
    Re: Lamer's DNS question

    Site C is defined in Sites & Services?

    Comment


    • #3
      Re: Lamer's DNS question

      I don't understand your list... can you try to explain another way what your DNS setup is?

      Site C - what is the link speed? I'm guessing that as it has no local DNS then yes, you WILL get slow logins.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Lamer's DNS question

        Everything is defined in Sites & services with applicable subnets.

        Site links are SiteA-SiteB, SiteA-SiteC, and SiteB-SiteC. Connections are all T3. Site A is the datacenter and site B is the DR datacenter with development.

        We also discovered that someone had installed DNS on a couple of member servers and we have removed those (they are not domain controllers and, well, someone was confused).

        DNS configured on 4 of our 5 domain controllers and is AD integrated with secure updates only. Each DNS server points to itself with the other DNS servers listed. Example, Site A, server 1 DNS settings are:
        10.10.10.10 (primary)
        10.10.10.11 (secondary)
        10.10.20.10
        10.10.20.11

        Site B, server 3 settings
        10.10.20.10 (primary)
        10.10.20.11 (secondary)
        10.10.10.10
        10.10.10.11

        Site C, server 5 settings (10.10.30.10)
        10.10.10.10 (primary)
        10.10.10.11 (secondary)
        10.10.20.10
        10.10.20.11
        172.26.9.225 (NT Domain DNS settings) <--I think this should be removed. jmho.

        Should DNS be on the Site C's domain controller? Would that help with the slow logins? I think we have more than one DNS issue as our net diag revealed broken delegation.

        Error: DNS server: server1.dc.int. IP:10.10.10.10 [Broken delegation]
        Error: DNS server: server2.dc.int. IP:10.10.10.11 [Broken delegation]
        Error: DNS server: server3.dc.int. IP:10.10.20.10 [Broken delegation]
        Error: DNS server: server4.dc.int. IP:10.10.20.11 [Broken delegation]

        and....

        DNS server: 10.10.10.10 (server1.dc.int.)
        6 test failures on this DNS server
        This is a valid DNS server.
        Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
        Delegation is broken for the domain dc.int.dc.int. on the DNS server 10.10.10.10
        [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.) - Delegation is broken for the domain dc.int.dc.int. on the DNS server 10.209.69.18]

        Comment


        • #5
          Re: Lamer's DNS question

          For starters install DNS on server5 and remove 172.26.9.225 from its list of DNS servers. Then add a Conditional Forwarder for nt_domain.com to 172.26.9.225.

          As for delegation "dc.int.dc.int" !? Can you take a screenshot of your DNS console with all the subdomains expanded?

          Comment


          • #6
            Re: Lamer's DNS question

            No subdomains...just one domain. Could the Reverse lookups be a problem?
            Attached Files

            Comment


            • #7
              Re: Lamer's DNS question

              Thought I'd update that I figured out this issue. And it was a lame issue. If only I had drilled down a bit further I would have seen the obvious.

              In the end, somone had misconfigured an alias in DNS. They had created the alias as server.dc.int (giving it a FQDN of server.dc.int.dc.int) which created the delegated folders. Once I deleted that delegation, everything was fine. They had also misconfigured a few others aliases so I was able to correct those, too.

              Thank you to all who tried to help!

              Comment


              • #8
                Re: Lamer's DNS question

                thanks for the Update

                Comment

                Working...
                X