NSLOOKUP Failing

[Gongalong]

If the results are similar to the second one, then you need to look at the DNS settings on the client to see where it thinks it should be trying to register it. You can also force it by ipconfig/registerdns (on the client)

It appears to be local (as below). I ran ipconfig /registerdns and still got the same message, although it did warn it might take 15 minutes to function.

Server: vr-dc2.domain.local
Address: 10.121.244.14

------------
Got answer:
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
6.245.121.10.in-addr.arpa, type = PTR, class = IN
AUTHORITY RECORDS:
-> 245.121.10.in-addr.arpa
ttl = 3600 (1 hour)
primary name server = vr-dc2.domain.local
responsible mail addr = hostmaster.domain.local
serial = 22
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)

------------
*** vr-dc2.domain.local can't find 10.121.245.6: Non-existent domain

[Gongalong]

Just to add, is anyone aware of a tool that will show the time taken to run an NSLOOKUP?

We have a problem with the Internet which also appears to be related to our DNS server, albeit it might be the forward lookups provided by the county council.

NSLOOKUP from Windows command prompt doesn't give any indication of time taken to complete, but I noticed on our web client (whilst the support guy was bug testing) that the tool there showed the time taken. Unfortunately I can't access this as he was using a support login.

[ArchersIT]

Yup - that looks local to me.

Can you go to the Reverse DNS zone and double check what PTR records are there? What I mean by this is are they all missing? Is it just a subset of machines? Or is it all machines from DHCP? This may all help narrow it down.

I would then check to see what DNS server is setup in the DHCP settings (from the console) and what is being received by the client (from ipconfig/all). Do these match? Is it correct? Is it the same as the DNS server you are running nslookup against?

I have had a problem in the past where replication had been blocked and the DNS was being registered in one DNS and I was querying against a second. I have also had a problem where I typed in the wrong IP addres for the DNS server. Because it would still broadcast to the subnet it could name resolve most things, and the proxy server handled most of the rest so that one took a while to spot!

Jonathan

[Gongalong]

Can you go to the Reverse DNS zone and double check what PTR records are there? What I mean by this is are they all missing? Is it just a subset of machines? Or is it all machines from DHCP? This may all help narrow it down.

It would appear to be a subset. I've added to the zones that where there to cover all subnets, so there's 10.121.244.*, 10.121.245.*, and 10.121.246.*. The two machines I'm testing are in 10.121.245.*, but neither appear in the reverse lookup zone. There appear to be about 60 records in 244, 20 in 245, and 4 in 246.

Only machines in 244 have static addresses, so there must be machines here with DHCP addresses. I don't know if this relates to the 4 day registration? The 245 and 246 reverse lookup zones have only just been created in the last couple of days. Also DHCP has only been set to dynamic updating as of yesterday.

I would then check to see what DNS server is setup in the DHCP settings (from the console) and what is being received by the client (from ipconfig/all). Do these match? Is it correct? Is it the same as the DNS server you are running nslookup against?

Both the console and client match in terms of DNS server (10.121.244.14).

As above I'm wondering if this is related to how new some of this setup is, and it's taking time to bed in. Although it doesn't explain why I can't register the DNS.

[Gongalong]

I've just done a scan through the DNS Manager and noticed some odd entries relating to our old DNS servers (this DNS was migrated by a consultant over Christmas). As these servers aren't even turned on any more I've removed/updated the entries.

[Gongalong]

Having checked again this morning, with the exception of at least one machine essentially none of our student PCs (on a different domain) are registering with DNS. Although I have no idea why

The one PC that has registered is just a random machine in an IT suite. Nothing special about it that I can see. Again, not sure if I have to wait several days for the DHCP lease. I notice this has been configured to 8 days, so might drop it to 1 day and see if it makes a difference.

[Gongalong]

A further brainwave. The one PC that's registering is XP. The rest are Win 7.

Is there something related to Win 7 that could be stopping reverse lookup from working?

[siuko]

Due to starting to use Spiceworks I've just noticed that our network wasnt doing reverse DNS either.

I sorted it out using GPO.

Enable this for your computer OU's

Computer Configuration
Administrative Templates
Network
DNS client
Dynamic Update > Enable
Register PTR Enable and the drop down box to Register
Registration Refresh Interval > Enable - leave at the default 1800 seconds.

You also need to go to your DNS settings and enable Dynamic Updates for your Reverse DNS zones.

Mine are now updating the PTR's

[Gongalong]

Thanks. Have enabled all that, so will see what happens Monday morning!

Curious that Win XP is fine, whereas 7 isn't

[Gongalong]

You also need to go to your DNS settings and enable Dynamic Updates for your Reverse DNS zones.

These are enabled, but Secure only.

From reading around the topic it seems that any Win 2000+ PC should be able to cope though with Secure updates.

[Gongalong]

Nothing in DNS this morning from the student PCs, so I will try disabling the firewalls next.

[ArchersIT]

Any helpful messages in erorr logs? On the client or the server? Forcing it with ipconfig/registerdns should give you some entries if there is a failure.

I would not have expected you to need to disable the firewalls.

Jonathan

[Gongalong]

I'm about to leave now, but it doesn't appear that turning off the firewalls has helped. Tomorrow I'll uninstall Ranger from the test client we have and see if I can diagnose a bit more e.g. at least be able to see event viewer.

[Gongalong]

Problem at least partly resolved it seems. The DHCP server didn't have any credentials to populate DNS (under the IPv4 properties go to the Advanced page, and select Credentials). Since changing this a handful of addresses appeared within a couple of minutes. I'll check again tomorrow (the DHCP lease is set to 1 day).