Re: DNS not doing recursive lookups
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Mon, 15 Aug 2005 22:13:36 -0400
In news:0DC2CA5D-68A5-4111-BC10-C193A459F601@xxxxxxxxxxxxx,
Rob Boylan <RobBoylan@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I
then commented about below:
> I originally posted my question to
> microsoft.public.windows.server.migration. Someone suggested that
> this group would be more appropriate.
>
> To recap:
>
> I took an NT PDC that was hosting a primary DNS for the top-level
> country code domain FM and migrated it to a Windows 2003 DC with the
> single-level AD domain "FM". DCPROMO installed the DNS and migrated
> over all the forward and reverse zones from the NT installation. I
> manually added the SRV records from NetLogon.dns to support AD.
>
> The DNS will correctly resolve names for all records hosted in the
> server's zone files. However, when asked to resolve a name outside
> its scope (such as www.yahoo.com), it fails.
>
> Prior to the migration, DNS on the server was working correctly. In
> the network, I have a NT BDC that is the secondary DNS for all the
> zones hosted on the primary server. It continues to function normally.
>
> I copied the root hints from the operational secondary DNS server, so
> I'm reasonably sure they are valid.
>
> I do not have a root (.) zone defined.
>
> I am not running Windows Firewall, but my Cisco router is doing some
> filtering for traffic coming into this server. It is allowing TCP and
> UDP traffic on port 53. The same criteria is being applied to my
> secondary server as well.
>
> NSLookup tests to remote DNS servers fail when performed on either
> Windows 2003 primary DNS machine or the NT secondary DNS machine. If
> I run the same tests from a machine that does not have any filtering
> defined at the router, then the ns lookup tests will succeed.
>
> Anyone have any ideas?
I actually see three issues here.
One is your AD domain name is possibly a single label domain name? It should
be in the form of the TLD plus the first level name, such as example.com. I
hope you were just trying to mask the names and you do not have a single
label name.
Second, there is NO need for manually creating any records in the
netlogon.dns file for AD. This is an automatic process. The netlogon
services updates the netlogon.dns file from what it reads in AD, then it
sends that data to the zone name configured in the Primary DNS Suffix using
the DNS address listed in it's IP properties. If this is not working
automatically, then there is a major configuration problem. A single label
domain name will cause this not to function.
Third, the inability for Win2003 to resolve external names without a
forwarder is possibly due to your Cisco router. Windows 2003 is now using a
new industry standard feature called EDNS0 that allows UDP DNS queries to go
beyond the previously capped limit of 512 bytes to the max 1500 MTU. To fix
it, either update the Cisco firmware (which is the recommendation), or
disable it in Win2003.
828731 - An External DNS Query May Cause an Error Message in Windows Server
2003:
http://support.microsoft.com/?id=828731
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
.
- Follow-Ups:
- Re: DNS not doing recursive lookups
- From: Rob Boylan
- Re: DNS not doing recursive lookups
- References:
- DNS not doing recursive lookups
- From: Rob Boylan
- DNS not doing recursive lookups
- Prev by Date: How to set up DNS for internal AD and outsourcing Web site
- Next by Date: How to clean up DNS records wihtout using scavenging ?
- Previous by thread: DNS not doing recursive lookups
- Next by thread: Re: DNS not doing recursive lookups
- Index(es):
Relevant Pages
|
