 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Windows 2000 / DNS / June 2007PTR Record disappearing from AD Integrated zone
Hello, We have this weird occurance we have been trying to figure out recently. Every few days, we will have a record from DNS reverse zone (which is AD Integrated) disappear.The record that disappears is a Domain Controller. The forward record stays. Only the Reverse will disappear. There is no fix cycle. This happens randomly but every few days apart. Not a fix number of days. Just any day after few days. It has happened once or twice in succession like very next day or so. We have tried disabling auto registration on NIC. We have manually created DNS records (forward and reverse) using DNS. Nothing seems to help.It's really becoming more of a concern now as we have certain application relying on that which screams everytime that PTR disappears. Any and everything that can help is welcome. Our system W2k3-R2 with Exchange2003 Ent > Hello, > We have this weird occurance we have been trying to figure out [quoted text clipped - 12 lines] > > Our system W2k3-R2 with Exchange2003 Ent Is the DC multihomed? What DNS addresses are in the DC's IP properties? Is the zone AD integrated or a primary or secondary zone?  SignatureRegards, Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP Microsoft MVP - Directory Services Microsoft Certified Trainer Infinite Diversities in Infinite Combinations Having difficulty reading or finding responses to your post? Instead of the website you're using, try using OEx (Outlook Express or any other newsreader), and configure a news account, pointing to news.microsoft.com. Anonymous access. It's free - no username or password required nor do you need a Newsgroup Usenet account with your ISP. It connects directly to the Microsoft Public Newsgroups. OEx allows you o easily find, track threads, cross-post, sort by date, poster's name, watched threads or subject. It's easy: How to Configure OEx for Internet News http://support.microsoft.com/?id=171164 "Quitting smoking is easy. I've done it a thousand times." - Mark Twain Ace Fekay [MVP] yazmış: >> Hello, >> We have this weird occurance we have been trying to figure out [quoted text clipped - 16 lines] > What DNS addresses are in the DC's IP properties? > Is the zone AD integrated or a primary or secondary zone? Sorry for late answers; DC isnt multihomed.It s just making web server.It is Ad integrated and primary zone registered.,Here my DNS and IP configuration: (all ip is fake for the security reason ,sorry for that).. NETWORK IP CONFIG IP ADD: 85.85.85.85 NETMASK:X.X.X.X GATEWAY:X.X.X.X PRIMARY DNS :85.85.85.85 SECONDRY DNS :212.212.212.212 DNSMNGT CONFIG: Forward Lookup Zone for mydomain.com ====> (same as parent folder) Name Server (NS) ns1.mydomain.com. (same as parent folder) HOST (A) 85.85.85.85 ftp HOST (A) 85.85.85.85 mail HOST (A) 85.85.85.85 ns1 HOST (A) 85.85.85.85 www Alias (CNAME) ns1.mydomain.com. (same as parent folder) Mail Exchanger (MX) [10] mail.mydomain.com (same as parent folder) Start Of Authority (SOA) [200] ns1.mydomain.com. Reverse Lookup Zone 85.85.85.X Subnet ====> (same as parent folder) Name Server (NS) ns1.mydomain.com. (same as parent folder)Start Of Authority (SOA) [120] ns1.mydomain.com. 85.85.85.85 Pointer (PTR) ns1.mydomain.com. > Sorry for late answers; > [quoted text clipped - 34 lines] > ns1.mydomain.com. 85.85.85.85 Pointer (PTR) > ns1.mydomain.com. If your DNS server is 85.85.85.85,then what is 212.212.212.212? That's your secondary DNS. Why is that there? Is that an ISP's DNS? Does it host mydomain.com zone or your reverse zone? If it does not host the mydomain.com zone, or the reverse zone, then REMOVE it. THis is important for AD as well as your PTR issue. ONLY use hte internal DNS. Ace Ace Fekay [MVP] yazmış: >> Sorry for late answers; >> [quoted text clipped - 42 lines] > > Ace Yes It was (212.212.212.212)my secondary dns but not anymore because i deleted after you tell me.And I created PTR records for my A records and start to waiting up.?.!!!!!!!Why i cant use to secondary dns for my external DNS server...!!? Oktay Gür yazmış: > Ace Fekay [MVP] yazmış: >>> Sorry for late answers; [quoted text clipped - 47 lines] > and start to waiting up.?.!!!!!!!Why i cant use to secondary dns for my > external DNS server...!!? nope ..doesnt matter.Still same..PTR records disappeared after 8 hours.what else i can make it plaese help....?? > Oktay Gür yazmýþ: > > nope ..doesnt matter.Still same..PTR records disappeared after 8 > hours.what else i can make it plaese help....?? Did you try to create the records manually or automatically? Ace Ace Fekay [MVP] yazmış: >> Oktay Gür yazmış: >> [quoted text clipped - 4 lines] > > Ace Yes.I tried that but didnt work.Should i install SP2.?. > Ace Fekay [MVP] yazmýþ: >>> Oktay Gür yazmýþ: [quoted text clipped - 7 lines] >> > Yes.I tried that but didnt work.Should i install SP2.?. There is not much of a secret as to how DNS registration works. SImply, create a zone, allow updates on the zone (allow secure and non-secure to simplify it), make absolutely sure that this DNS server is the ONLY DNS server in IP properties, and it just works. If there are multiple DCs with the zone, depending on how you created the other DC/DNS can cause issues. If you installed another DC into the same domain or at least intot he same replication scope and install DNS on the server, you simply just WAIT until the zone automatically appears. If you tried to manually create the zone, which already exists in AD (since it is AD integrated), then you've just created a duplicate zone. Hence what could be happening. You may also have dupe zones in the DomainNC and in DomainDnsZones and/or ForestDnsZones app partitions. To verify this is true or not, you will need ADSI Edit. Here's some help... __________________________ If you have a duplicate, that's telling me that there is a zone that exists in the DomainNC and in the DomainDnsZones Application partition. This means at one time, or currently, you have a mixed Win2000/2003 environment and you have DNS installed on both operating systems. On Win2000, if the zone is AD Integrated, it is in the DomainNC, and should be set the same in Win2003's DC/DNS server to keep compatible. Someone must have attempted to change it in Win2003 DNS to put it in the DomainDnsZones partition no realizing the implications, hence the duplicate. In a scenario such as this where you want to use the Win2003 app partitions, you then must insure the zone on the Win2003 is set to the DomainNC, then uninstall DNS off the Win2000 machine, then once that's done, you can then go to the Win2003 DNS and change the partition's replication scope to one of the app partitions. In ADSI Edit, you can view all five partitions. You were viewing the app partitions, but not the main partitions. You need to add the DomainNC partition in order to delete that zone. But you must uninstall DNS off the Win2000 server first, unless you want to keep the zone in the DomainNC. But that wouldn't make much sense if you want to take advantage of the _msdcs zone being available forest wide in the ForestDnsZones partition, which you should absolutley NOT delete. I would just use the Win2003 DNS servers only. In ADSI Edit, rt-click ADSI Edit, connect to, in the Connection Point click on "Well known Naming Context", then in the drop-down box, select "Domain". Drill down to CN=System. Under that you will see CN=MicrosoftDNS. You will see the zone in there. But make sure to decide FIRST which way to go before you delete anything. Some reading for you... Directory Partitions: http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-u s/distrib/dsbg_dat_favt.asp kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions issues: http://www.kbalertz.com/kb_867464.aspx __________________________ Ace > Yes It was (212.212.212.212)my secondary dns but not anymore because i > deleted after you tell me.And I created PTR records for my A records > and start to waiting up.?.!!!!!!!Why i cant use to secondary dns for > my external DNS server...!!? Why??? Here's a copy of most of the information on AD & DNS. I hope it helps you with other AD and DNS issues. If you have any questions, please post back. __________________________ __________________________ AD & DNS: Just an FYI about AD, DNS, authentication, finding the domain, GPOs, RPC issues, etc: I usually see these sort of errors (GPOs not working, can't find the domain, RPC issues, etc), when the ISP's DNS servers are listed on a client, DCs and/or member servers. If you have your ISP's DNS addresses in your IP configuration (all DCs, member servers and clients), they need to be REMOVED and ONLY use the internal DNS server(s). This is what is causing the whole problem.Just a little background: AD uses DNS. DNS stores AD's resource and service locations in the form of SRV records, hence how everything that is part of the domain will find resources in the domain. If the ISP's DNS is configured in the any of the internal AD member machines' IP properties, (including all client machines and DCs), the machines will be asking the ISP's DNS 'where is the domain controller for my domain?", whenever it needs to perform a function, (such as a logon request, replication request, querying and applying GPOs, etc). Unfortunately, the ISP's DNS does not have that info and they reply with an "I dunno know", and things just fail. Unfortunately, the ISP's DNS doesn't have information or records about your internal private AD domain, and they shouldn't have that sort of information. Also, don't use use the router as a DNS or DHCP server either. If you are using your NT4 as a DNS server in your AD domain, change it over to Win2003 DNS. Same with DHCP. NT4 DNS cannot support AD's SRV requirements and dynamic updates. If there are multiple DNS entries in the IP properties of a machine (whether a DC, member server or client), it will ask the first DNS entry in the list first. If it doesn't have the answer, it will go to the second entry, but it REMOVES the first entry from the "eligible resolvers" list, and won't go back to it. This can cause issues within AD when accessing a resource such as a printer, folder, getting GPOs to function, etc. Another good reason to ONLY use the internal DNS server(s). For Internet resolution, the Root Hints will be used by default, unless a root zone exists (looks like a period or dot "." zone). Therefore, the recommended "best practice" to insure full AD and client functionality is to point all machines ONLY to the internal server(s), and configure a forwarder to your ISP's DNS. This way all machines query your DNS and if it doesn't have the answer, it asks outside. If the forwarding option is grayed out, delete the Root zone (that dot zone). If not sure how to perform these two tasks, please follow one of the two articles listed below, depending on your operating system. They show a step by step on how to perform these tasks. 291382 - Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS http://support.microsoft.com/?id=291382 323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 (forwarding) : http://support.microsoft.com/?id=323380 300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 (forwarding) : http://support.microsoft.com/?id=300202 825036 - Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003 http://support.microsoft.com/?id=825036 Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003 Domain (whether it was upgraded or not, this is full of useful information relating to AD and DNS, among other info): http://support.microsoft.com/?id=555040 Domain Controller's Domain Name System Suffix Does Not Match Domain Name: http://support.microsoft.com/?id=257623 Clients cannot dynamically register DNS records in a single-label forward lookup zone: http://support.microsoft.com/?id=826743 300684 - Information About Configuring Windows 2000 for Domains with Single-Label DNS Names http://support.microsoft.com/?id=300684 828263 - DNS query responses do not travel through a firewall in Windows Server 2003: http://support.microsoft.com/?id=828263 Posted 5/22/07 Do not configure the DNS client settings on the domain controllers to point to your Internet Service Provider's (ISP's) DNS servers: http://smtp25.blogspot.com/2007/05/do-not-configure-dns-client-settings-on_818.html __________________________ __________________________ Ace |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.