Announcement

Collapse
No announcement yet.

Unable to NSLOOKUP for external host in new DNS Server (Windows Server 2003 DC+GC)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to NSLOOKUP for external host in new DNS Server (Windows Server 2003 DC+GC)

    Hi All,

    I've just promote this NewDC01 serve which act as Domain Controller + Global Catalog and DNS,
    from the DNS console, i can resolve simple and recursive query.

    from this server cmd prompt i can perform nslookup successfully to the world and internal host.

    However when i use this NewDC01 IP address as 1st DNS in my computer, it failed for the external ?

    the following is the DCdiag /DNS result:

    Code:
    Domain Controller Diagnosis 
    Performing initial setup:
       Done gathering initial info. 
    Doing initial required tests 
       Testing server: Default-First-Site-Name\NewDC01
          Starting test: Connectivity
             ......................... NewDC01 passed test Connectivity 
    Doing primary tests 
       Testing server: Default-First-Site-Name\NewDC01 
    DNS Tests are running and not hung. Please wait a few minutes... 
       Running partition tests on : DomainDnsZones 
       Running partition tests on : ForestDnsZones 
       Running partition tests on : Schema 
       Running partition tests on : Configuration 
       Running partition tests on : Domain 
       Running enterprise tests on : Domain.com
          Starting test: DNS
             Test results for domain controllers: 
                DC: NewDC01.Domain.com
                Domain: Domain.com 
    
                   TEST: Forwarders/Root hints (Forw)
                      Error: Forwarders list has invalid forwarder: 139.130.4.4 (<name unavailable>)
                      Error: Forwarders list has invalid forwarder: 203.50.2.71 (<name unavailable>) 
                   TEST: Delegations (Del)
                      Error: DNS server: DCDNSExchange01.Domain.com. IP:10.2.2.4 [Broken delegated domain Domain.com.Domain.com.]
                      Error: DNS server: DCDNS01.Domain.com. IP:10.2.2.3 [Broken delegated domain Domain.com.Domain.com.]
                      Error: DNS server: NewDC01.Domain.com. IP:10.2.2.34 [Broken delegated domain Domain.com.Domain.com.]
                      Error: DNS server: RemoteDC01.Domain.com. IP:10.1.2.13 [Broken delegated domain Domain.com.Domain.com.] 
    
             Summary of test results for DNS servers used by the above domain controllers: 
                DNS server: 10.1.2.13 (RemoteDC01.Domain.com.)
                   1 test failure on this DNS server
                   Delegation is broken for the domain Domain.com.Domain.com. on the DNS server 10.1.2.13 
                DNS server: 10.2.2.3 (DCDNS01.Domain.com.)
                   1 test failure on this DNS server
                   Delegation is broken for the domain Domain.com.Domain.com. on the DNS server 10.2.2.3 
                DNS server: 10.2.2.34 (NewDC01.Domain.com.)
                   1 test failure on this DNS server
                   Delegation is broken for the domain Domain.com.Domain.com. on the DNS server 10.2.2.34 
                DNS server: 10.2.2.4 (DCDNSExchange01.Domain.com.)
                   1 test failure on this DNS server
                   Delegation is broken for the domain Domain.com.Domain.com. on the DNS server 10.2.2.4 
                DNS server: 139.130.4.4 (<name unavailable>)
                   1 test failure on this DNS server
                   This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 139.130.4.4 
                DNS server: 203.50.2.71 (<name unavailable>)
                   1 test failure on this DNS server
                   This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 203.50.2.71 
             Summary of DNS test results: 
                                                Auth Basc Forw Del  Dyn  RReg Ext
                   ________________________________________________________________
                Domain: Domain.com
                   NewDC01                       PASS PASS FAIL FAIL PASS PASS n/a 
             ......................... Domain.com failed test DNS
    =========
    DNS test . . . . . . . . . . . . . : Failed
              [WARNING] Cannot find a primary authoritative DNS server for the name
                'NewDC01.Domain.com.'. [ERROR_TIMEOUT]
                The name 'NewDC01.Domain.com.' may not be registered in DNS.
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
        [FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
        [FATAL] No DNS servers have the DNS records for this DC registered. 
    
    Redir and Browser test . . . . . . : Failed
        List of NetBt transports currently bound to the Redir
            NetBT_Tcpip_{4EF94F59-3AC4-49D2-B273-AD028AAB3211}
            NetBT_Tcpip_{E3EBCC79-1D85-4CDF-AE17-9B57770C1CFF}
        The redir is bound to 2 NetBt transports. 
        List of NetBt transports currently bound to the browser
            NetBT_Tcpip_{4EF94F59-3AC4-49D2-B273-AD028AAB3211}
            NetBT_Tcpip_{E3EBCC79-1D85-4CDF-AE17-9B57770C1CFF}
        The browser is bound to 2 NetBt transports.
        [FATAL] Cannot send mailslot message to 'DOMAIN*' via browser. [ERROR_INVALID_FUNCTION]
    and the cmd prompt history list:

    Code:
    C:\Documents and Settings\Administrator>ping vcenter
    
    Pinging BackupServer.Domain.com [10.2.2.5] with 32 bytes of data:
    
    Reply from 10.2.2.5: bytes=32 time<1ms TTL=128
    Reply from 10.2.2.5: bytes=32 time<1ms TTL=128
    Reply from 10.2.2.5: bytes=32 time<1ms TTL=128
    Reply from 10.2.2.5: bytes=32 time<1ms TTL=128
    
    Ping statistics for 10.2.2.5:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    
    C:\Documents and Settings\Administrator>nslookup
    DNS request timed out.
        timeout was 2 seconds.
    *** Can't find server name for address 10.2.2.34: Timed out
    Default Server:  UnKnown
    Address:  10.2.2.34
    
    > vcenter
    Server:  UnKnown
    Address:  10.2.2.34
    
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out
    > NewDC01
    Server:  UnKnown
    Address:  10.2.2.34
    
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to UnKnown timed-out
    >
    Any kind of help would be greatly appreciated.

    Thanks.

  • #2
    Re: Unable to NSLOOKUP for external host in new DNS Server (Windows Server 2003 DC+GC

    There are a couple of things I see:

    1. Your DNS delegation is broken. Is your internal domain name really "domain.com.domain.com"?

    2. You're using invalid forwarders.

    3. You don't have a PTR record for the new DC or you don't have a reverse lookup zone. This in and of itself won't cause any problems but it's why you get errors when launching nslookup.

    Comment


    • #3
      Re: Unable to NSLOOKUP for external host in new DNS Server (Windows Server 2003 DC+GC

      To All,

      Sorry for the late reply due to the weekend activity :-0

      I've just found out that the Subnet mask for the NewDC01 was 255.255.255.0 it is supposed to be 255.255.254.0 >_<

      after I changed it then i can use the NSlookup query on test host

      one problem still remains though it's the Broken delegation, what is that actually means ?

      Comment

      Working...
      X