Re: DNS registration for PDC only correct on some DNS servers?
- From: "Steve Duff [MVP]" <ergodic@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Jun 2005 17:18:47 -0700
You are right that you should not normally be naming outside name servers in your inside domain zone's NS set -- unless these
servers answer directly for the zone. These servers are (I will assume) not authoritative for the zone, so you have to take those NS
RRs out of the zone to achieve a correct DNS configuration.
Now if the purpose of that was to permit secondary zone transfers to those servers, you can configure those specific server IPs in
the primary zone's properties dialog - you don't have to implicitly name allowed transfer servers via NS records. OTOH if these
really ARE functioning secondaries for the zone then naming them with NS records should be fine. But in that case an nslookup should
show you all of the AD registrations on the secondary replica and you wouldn't be getting the netstat error you are seeing. I
suppose this all means I need to know a little more about the situation.
nslookup has its own independent lookup logic (that is what makes it useful for debugging dns problems). So it does not show your
configured forwarders. But that is easy enough to check in the properties dialog for the DNS root in the mmc console. In most cases
you can just disable forwarders completely and use the supplied root hints to resolve public names.
Best wishes
Steve Duff, MCSE, MVP
Ergodic Systems, Inc.
"Kim Noer" <kn@xxxxxxxxx> wrote in message news:%23797Fz%23eFHA.3836@xxxxxxxxxxxxxxxxxxxxxxx
> "Steve Duff [MVP]" <ergodic@xxxxxxxxxxxxxxxxxxx> wrote in message
> news:O8U0h90eFHA.1612@xxxxxxxxxxxxxxxxxxxx
>
>> If you want to query external name servers for public names, you
>> normally name their IP addresses as forwarders in the DNS server's
>> properties dialog.
>
> I've already configured that, but I also (let's say accidently) configured the external NS in the forward lookup zone. Presumeably
> that's why my DNS tries to update the external NS (combined with that I don't currently restrict the zone transfer in any way)?
>
> Can I see what forwarders are in use with nslookup?
>
>> I'm not quite sure what you're saying about putting NS entries under
>> forward lookup zones. In Server 2003 you can name "conditional
>
> With NS entries under the forward lookup zones I meant the same as "ls -t NS domain.domain" in nslookup.
>
>> Are you sure you're not naming other, outside-the-domain DNS servers
>> in the server's own DNS IP configuration? That would be the most
>> obvious reason for the error you're seeing, and can open the door to
>> significant network problems.
>
> Yes, fortunately I was clever enough to avoid that :).
>
> --
> I doubt, therefore I might be.
>
.
- Follow-Ups:
- References:
- DNS registration for PDC only correct on some DNS servers?
- From: Kim Noer
- Re: DNS registration for PDC only correct on some DNS servers?
- From: Steve Duff [MVP]
- Re: DNS registration for PDC only correct on some DNS servers?
- From: Kim Noer
- DNS registration for PDC only correct on some DNS servers?
- Prev by Date: One for Ace
- Next by Date: DNS issue...... tracert returns the wrong IP of our server?
- Previous by thread: Re: DNS registration for PDC only correct on some DNS servers?
- Next by thread: Re: DNS registration for PDC only correct on some DNS servers?
- Index(es):
Relevant Pages
|
