Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

At least one CNAME record for an AD forest GUID was missing from a DNS

Status
Not open for further replies.
Ceez

Ceez

MIS
Oct 30, 2008
101
US
Hello everyone.

We have a 2003 AD integrated domain with 3 child domains,
DNS & DHCP.

Replication works fine between all sites, I have no errors or warnings in the eventvwr of any of our DNS/DHCP.

I've ran DCDIAG, DSNDCDIAG, netdiag and DNSList. There are no fails or warns anywhere. The only error that comes up is in DNSLINT "At least one CNAME record for an AD forest GUID was missing from a DNS server".

Here's the report:


DNSLint Report

System Date: Thu Mar 12 18:02:50 2009

Command run:

\\bamnas02\it\DCDIAG\dnslist\dnslint.exe /ad /s 10.201.16.5 /r N:\DCDIAG\BARDC001\BARDC001_dnscheck

Root of Active Directory Forest:

DOMAIN.COM

Active Directory Forest Replication GUIDs Found:

DC: BAMDC001
GUID: 20f7f02c-645f-478e-8885-3dabd06b822d

DC: BAMDC002
GUID: 10131a71-a10c-4482-84f8-0e923720d089

DC: BANSRV01
GUID: 960b54b5-29ab-490e-a490-c6473b0d3f40

DC: BAFSRV01
GUID: 26e6ff29-8a7d-46a1-b053-fda3d973a57b

DC: BARDC001
GUID: ac1f78b7-6887-4b6d-b0ef-624a134e707e

DC: BAFSRV02
GUID: 12340e84-cb78-4a35-a777-2d4d32203ff2

DC: BAMSQL01
GUID: e48d1cdb-43f8-4b58-8f71-6c1c29b4f844


Total GUIDs found: 7

--------------------------------------------------------------------------------

The following 7 DNS servers were checked for records related to AD forest replication:

DNS server: bardc001.DOMAIN.COM
IP Address: 10.201.16.5
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265672
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
bafsrv01.CHILD2.DOMAIN.COM 10.201.4.114
bafsrv02.CHILD2.DOMAIN.COM 10.201.4.115
bansrv01.CHILD3.DOMAIN.COM 10.201.12.10
bamdc002.DOMAIN.COM 10.201.1.214
bamsql01.CHILD1.DOMAIN.COM 10.201.16.14
bardc001.DOMAIN.COM 10.201.16.5
bamdc001.DOMAIN.COM 10.201.1.200




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 20f7f02c-645f-478e-8885-3dabd06b822d._msdcs.DOMAIN.COM
Alias: bamdc001.DOMAIN.COM
Glue: 10.201.1.200

CNAME: 10131a71-a10c-4482-84f8-0e923720d089._msdcs.DOMAIN.COM
Alias: bamdc002.DOMAIN.COM
Glue: 10.201.1.214

CNAME: 960b54b5-29ab-490e-a490-c6473b0d3f40._msdcs.DOMAIN.COM
Alias: bansrv01.CHILD3.DOMAIN.COM
Glue: 10.201.12.10

CNAME: 26e6ff29-8a7d-46a1-b053-fda3d973a57b._msdcs.DOMAIN.COM
Alias: bafsrv01.CHILD2.DOMAIN.COM
Glue: 10.201.4.114

CNAME: ac1f78b7-6887-4b6d-b0ef-624a134e707e._msdcs.DOMAIN.COM
Alias: bardc001.DOMAIN.COM
Glue: 10.201.16.5

CNAME: 12340e84-cb78-4a35-a777-2d4d32203ff2._msdcs.DOMAIN.COM
Alias: bafsrv02.CHILD2.DOMAIN.COM
Glue: 10.201.4.115

CNAME: e48d1cdb-43f8-4b58-8f71-6c1c29b4f844._msdcs.DOMAIN.COM
Alias: bamsql01.CHILD1.DOMAIN.COM
Glue: 10.201.16.14


Total number of CNAME records found on this server: 7

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: bafsrv01.CHILD2.DOMAIN.COM
IP Address: 10.201.4.114
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265670
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds




Alias (CNAME) and glue (A) records for forest GUIDs from server:



--------------------------------------------------------------------------------

DNS server: bafsrv02.CHILD2.DOMAIN.COM
IP Address: 10.201.4.115
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265670
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds




Alias (CNAME) and glue (A) records for forest GUIDs from server:



--------------------------------------------------------------------------------

DNS server: bansrv01.CHILD3.DOMAIN.COM
IP Address: 10.201.12.10
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265666
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds




Alias (CNAME) and glue (A) records for forest GUIDs from server:



--------------------------------------------------------------------------------

DNS server: bamdc002.DOMAIN.COM
IP Address: 10.201.1.214
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bamdc002.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265670
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
bamsql01.CHILD1.DOMAIN.COM 10.201.16.14
bardc001.DOMAIN.COM 10.201.16.5
bamdc001.DOMAIN.COM 10.201.1.200
bafsrv01.CHILD2.DOMAIN.COM 10.201.4.114
bafsrv02.CHILD2.DOMAIN.COM 10.201.4.115
bansrv01.CHILD3.DOMAIN.COM 10.201.12.10
bamdc002.DOMAIN.COM 10.201.1.214




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 20f7f02c-645f-478e-8885-3dabd06b822d._msdcs.DOMAIN.COM
Alias: bamdc001.DOMAIN.COM
Glue: 10.201.1.200

CNAME: 10131a71-a10c-4482-84f8-0e923720d089._msdcs.DOMAIN.COM
Alias: bamdc002.DOMAIN.COM
Glue: 10.201.1.214

CNAME: 960b54b5-29ab-490e-a490-c6473b0d3f40._msdcs.DOMAIN.COM
Alias: bansrv01.CHILD3.DOMAIN.COM
Glue: 10.201.12.10

CNAME: 26e6ff29-8a7d-46a1-b053-fda3d973a57b._msdcs.DOMAIN.COM
Alias: bafsrv01.CHILD2.DOMAIN.COM
Glue: 10.201.4.114

CNAME: ac1f78b7-6887-4b6d-b0ef-624a134e707e._msdcs.DOMAIN.COM
Alias: bardc001.DOMAIN.COM
Glue: 10.201.16.5

CNAME: 12340e84-cb78-4a35-a777-2d4d32203ff2._msdcs.DOMAIN.COM
Alias: bafsrv02.CHILD2.DOMAIN.COM
Glue: 10.201.4.115

CNAME: e48d1cdb-43f8-4b58-8f71-6c1c29b4f844._msdcs.DOMAIN.COM
Alias: bamsql01.CHILD1.DOMAIN.COM
Glue: 10.201.16.14


Total number of CNAME records found on this server: 7

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: bamsql01.CHILD1.DOMAIN.COM
IP Address: 10.201.16.14
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265664
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds




Alias (CNAME) and glue (A) records for forest GUIDs from server:



--------------------------------------------------------------------------------

DNS server: bamdc001.DOMAIN.COM
IP Address: 10.201.1.200
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bamdc001.DOMAIN.COM
Hostmaster: hostmaster.DOMAIN.COM
Zone serial number: 265671
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
bamsql01.CHILD1.DOMAIN.COM 10.201.16.14
bardc001.DOMAIN.COM 10.201.16.5
bamdc001.DOMAIN.COM 10.201.1.200
bafsrv01.CHILD2.DOMAIN.COM 10.201.4.114
bafsrv02.CHILD2.DOMAIN.COM 10.201.4.115
bansrv01.CHILD3.DOMAIN.COM 10.201.12.10
bamdc002.DOMAIN.COM 10.201.1.214




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 20f7f02c-645f-478e-8885-3dabd06b822d._msdcs.DOMAIN.COM
Alias: bamdc001.DOMAIN.COM
Glue: 10.201.1.200

CNAME: 10131a71-a10c-4482-84f8-0e923720d089._msdcs.DOMAIN.COM
Alias: bamdc002.DOMAIN.COM
Glue: 10.201.1.214

CNAME: 960b54b5-29ab-490e-a490-c6473b0d3f40._msdcs.DOMAIN.COM
Alias: bansrv01.CHILD3.DOMAIN.COM
Glue: 10.201.12.10

CNAME: 26e6ff29-8a7d-46a1-b053-fda3d973a57b._msdcs.DOMAIN.COM
Alias: bafsrv01.CHILD2.DOMAIN.COM
Glue: 10.201.4.114

CNAME: ac1f78b7-6887-4b6d-b0ef-624a134e707e._msdcs.DOMAIN.COM
Alias: bardc001.DOMAIN.COM
Glue: 10.201.16.5

CNAME: 12340e84-cb78-4a35-a777-2d4d32203ff2._msdcs.DOMAIN.COM
Alias: bafsrv02.CHILD2.DOMAIN.COM
Glue: 10.201.4.115

CNAME: e48d1cdb-43f8-4b58-8f71-6c1c29b4f844._msdcs.DOMAIN.COM
Alias: bamsql01.CHILD1.DOMAIN.COM
Glue: 10.201.16.14


Total number of CNAME records found on this server: 7

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

Notes:
Zone serial numbers were not identical on every DNS server

At least one CNAME record for an AD forest GUID was missing from a DNS server



--------------------------------------------------------------------------------

Legend: warning, error

DNSLint developed by Tim Rains


==================================================

I've been doing some google-ing and by looking at my DNS setup I think I believe what the problem is. Let me try to explain...

In my DOMAIN when I Forward LookUp Zones - DOMAIN.COM - _msdcs I see the following

4 folders:
dc
domains
gc
pdc

along with 9 Alias (CNAME) files. I see that these are all our DNS servers on the network. (side note, there are 2 servers which are repeated, can I delete those? they dont show up in the DNSlinst report).

When I do the same thing in ANY of our 3 child domains I only see 2 folders:
dc
pdc

and do not have any CNAME entries. I am assuming this is what DNSLint is reporting as an error.

Here's a screenshot of what I am talking about:

You can also see the 2 dup servers which are highlighted in grey. These 2 are not listed on the dnslint report and was wondering if I can delete.

Can I manually create the CNAME entries on my child domains? Should I even worry since there are no replication problems?

Thanks
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
10K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
12K
tbright
tbright
Blind Faith
  • Locked
  • Question
Bind9 master insisting on checking NS at root
Replies
5
Views
11K
YoBo7
YoBo7
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter

Part and Inventory Search

Sponsor

Back
Top