Re: GPO issue on 1 pc

Tech-Archive recommends: Fix windows errors by optimizing your registry


"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:25F57BE3-E6BA-4A9F-A106-328EA32D78E7@xxxxxxxxxxxxxxxx
Well, I'm a little confused on something.

Are all of our DNS servers supposed to have the Forwarder IP addresses and
have Disable recursion?

NO. Do not check "DISABLE recursion" (Advanced Tab) on any resolving
DNS server that is supposed to forward (or recurse) as it disables
forwarding
too.

Check the "Do not USE recursion" on the forwarding tab. Yes, I know these
are confusingly similar but they have radically different effects.

I'm finding that some do have the Forwarders and some don't - but none of
them have Disable recursion and yet only 2 DC's have this problem.

Do not use recursion. Or if they have a "." (Dot) zone this must be
deleted.

"Herb Martin" wrote:


"Mike" <Mike@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A519295F-A6AB-495F-AC57-60C00C6A353D@xxxxxxxxxxxxxxxx
Finally! I found 2 DC's with a DNS problem - well, i think they do. :)

Both DC report the exact same error listed below when running DCDiag /c

Well then you certainly haven't been testing your DCs with DCDiag without
failures or warnings -- so maybe you WERE "fibbing" to me before as YOU
suggested. <grin>

Those errors about the root servers are probably due to your using a
forwarder
and your internal DNS server not be allowed (reasonably) to penetrate the
firewall to reach the root -- in that case (using a forwarder) you should
likely
check "Do not user recursion" on the FORWARDER tab of the DNS Server(s).

If you don't have clean DCDiags you cannot expect replication,
athentication,
or GPOs to work reliably.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)





.

Relevant Pages

  • Re: How to configure a client for iterative query for name resolut
    ... "Do not use recursion for this domain". ... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
    (microsoft.public.windows.server.general)
  • Re: Disabling recursion
    ... recursion' on the forwarders tab. ... I should CLEAR the check box for 'disable recursion' on the advanced tab. ... I should enter a forwarder such as the ip of my ISP's dns server or my ...
    (microsoft.public.windows.server.dns)
  • Re: How to configure a client for iterative query for name resolut
    ... If the DNS server is configured to use recursion and the forwarder is unable ... that you can set your client up to perform only iterative ...
    (microsoft.public.windows.server.general)
  • Re: DNS, Internet IP Address Lookup with 2 DCs.
    ... domain" in my orginal posted when I was talking about Disabling recursion. ... this domain", and keep my forwarder, with the primary down, the clients can ... If this DNS server has clients using it ...
    (microsoft.public.windows.server.dns)
  • Re: GPO issue on 1 pc
    ... Zones, are they supposed to be doing Zone Transfers? ... Are all of our DNS servers supposed to have the Forwarder IP addresses and ... NO. Do not check "DISABLE recursion" on any resolving ...
    (microsoft.public.windows.server.active_directory)