Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS Error 7063 and 5504

Status
Not open for further replies.
Hartline

Hartline

MIS
Sep 4, 2007
10
US
Below i listed the 2 on going errors i am continuing to see in my event logs on my 3 DNS servers. I have the Parent/child domain set up here. My first parent DC forwards to our ISP's dns and then last resort forwards to our other Parent which directly forwards to the child DC and the child DC also forwards to our ISP's dns and then last resort forwards back to the first parent DC. All my DNS servers are configured to allow recursive. Can i get some input on this??



The DNS server is configured to forward to a non-recursive DNS server at *.*.*.*.

DNS servers in forwarders list MUST be configured to process recursive queries.
Either
1) fix the forwarder (*.*.*.*) to allow recursion
- connect to it with DNS Manager
- bring up server properties
- open "Advanced" tab
- uncheck "Disable Recursion"
- click OK
OR
2) remove this forwarder from this servers forwarders list
- DNS Manager
- bring up server properties
- open "Forwarders" tab
- remove (*.*.*.*) from list of forwarders
- click OK

and

The DNS server encountered an invalid domain name in a packet from *.*.*.*. The packet is rejected.
 
Sort by date Sort by votes
Why forward DNS requests to your ISP at all? If you have 3 DNS server internal to your network, just do away with forwarders all together and just use root-hints to get DNS resolution.
 
Upvote 0 Downvote
Unfortunately I know very little about root hints and where to point them. Should each Server use the same set of root hints? Where should my root hints point to? Can you give me some guidance on this?
 
Upvote 0 Downvote
I am running Windows 2000.. I came into this mess and from previous experience your not suppose to forward to a lan ip. (these servers forward to each other last resort) I have always had a primary and secondary server that forward to the ISP only. Hope you can help me out here. Let me know if you need any other information.
 
Upvote 0 Downvote
By default your dns install sets up root hints (a-m) disable forwarders and use the root hints, you shouldnt need to configure anything other then to not use forwarders set, assuming your server uses itself for its own primary dns you should then be able to resolve pages on the internet. I remember reading about a possible root hint with the name of "." that may cause problems but this is something thats in the back of my head for forgotten reasons.
 
Upvote 0 Downvote
Also with your setup do you mean, parent domain.local and child subdomain.domain.local ?
 
Upvote 0 Downvote
Yes for example domain.net and then domain.domain.net is how the domains are set up. the "." file i have viewed but do not know what i am looking at. the root hints a-m are already configured. The configured themselves. Currently my servers are assigned static addresses like they should; but they do not point to themselves primarily for dns only secondarily. Do i need to point the dns primary to that dns server? I was thinking about getting rid of all Lan forwards and getting rid of the 2nd parent DNs server and Use the parent 1 and child as primary and secondary DNs servers that strictly forward to the ISP. From my experience that’s how it is suppose to be. What do you think? Sorry to throw so much information out at once.. Just trying to staty away from the root hints since i know very little about them. But i am not oppossed of going that route.
 
Upvote 0 Downvote
If you are using conditional forwarders for specific zones thats one thing, if just a flat rule for all dns requests you can do away with this, set your primary dns server as the same ip as the dns server, remove the forwader for all dns requests (again make sure this isnt for just conditional forwarding like server.domain.local), if you set it up this way you will then be able to resolve all internet queries like you would hope since you root hints are indeed there and it will be pointing to itself for dns queries. You can setup your secondary dns server as your other dc's, which may or may not be configured the same way. If you have zones in different dns servers that require you to use conditional forwarders for resolution then more work will be needed, this is typically where you would disable recursion because it would be redundant to send out recursive queries to resolve a zone that is only hosted on that particular machine, determine this and get back to me.
 
Upvote 0 Downvote
There's really not much to know about using root-hints. There's nothing you need to do to use root-hints except to NOT have anything set-up for the "forwarders" tab in your DNS set-up. Your DNS server will ask the list of root-hint servers for DNS information that it doesn't already have in it's cache, but if you use forwarders, it will forward DNS requests to the servers in question whenever YOUR DNS server doesn't know the answer.

Good luck,
 
Upvote 0 Downvote
Thank you for the replies, i am currently debating what route to go. Which do you reccommend?
 
Upvote 0 Downvote
No forwards for the all dns requests option, conditional forwarders in the event that you have a dns server that hosts an internal zone that you dont have replicated to this dns server, using itself (and setting all clients) for primary dns and setting up your 2nd dc (or if its just a dns server) as secondary. If you want to be ultra sure of reliability for just your dns server you can go ahead and backup dns zones (outside of the system state backups) with xcalcs or if these contain AD integrated zones as well you would use dnscmd.exe. Follow this procedure with your downlevel domains as well, only use each domain level dns server so if you are computername.subdomain.domain.local use the computername of that dc. Let me know if you have any more questions.
 
Upvote 0 Downvote
In the semi unlikely event that you do use conditional forwarders, make sure you disable recursion if indeed there is only one dns server that can resolve this zone.

Good luck.
 
Upvote 0 Downvote
I agree. Don't use DNS forwarders if you can avoid it.
 
Upvote 0 Downvote
Thanks for all the input guys. I still have some questions that may not concern DNS or it might. Hoping for some guidence. My child domain is not resolving by name. When you try to resolve by name (host names) it kicks you straight out to the isp. After performing a trace route you dead end after about 20 hops in internet space. Again this is tracing by a internal host name that i get kicked out to my isp and into internet space. Anyone know if this would be a DNS problem, AD problem etc??
 
Upvote 0 Downvote
If this zone does not exist on that server, and you ended up using root hints then when you resolve it by name the dns request gets forwarded to the root hint servers, and since they cannot give you a viable answer they use recursion and it eventually dies out, this is why you cannot hit it.

In this event you can use conditional forwarders to resolve all requests for child.domain.local and setup that servers ip address, then if this is the child domain is the only machine with that zone on it (if you dont have any replication at this level) you can disable recursion since it would do you no good.

I have yet to configure an exact setup like this in production but I assume there are requirements with your domains and trusts that must be set up as well (but assumedly this is already in place if this is your only problem)

Cory
 
Upvote 0 Downvote
god my english is bad when I type and think at the same time.... sorry for the garble.

Cory
 
Upvote 0 Downvote
Thanks for the help so far.. now, separate problem i hope you can help out with. I have a server that when i try to remote into one of my servers i continue to get this error that says The RPC Server is unavailable. This happens when i try logging on as a net work admin. When i log in remotely as a local admin i get right in. Also if i take down our DC that handles our AD i can remote right in as a network Admin. This server that is giving me this error is my spam filter which controls incoming mail and forwards it to our exchange server. Not sure if these problems are related, but our emails come in chunks with delays as well.
 
Upvote 0 Downvote
The mail flow and the Remote Desktop problems are independent, there is probably a policy setting defined somewhere that has this machine now allowing these types of connections and when you bring the DC down the policy is not enforced, and since you have a cached local login of the network admin you are able to connect to the machine (this is kind of a guess). I am not awesome when it comes to understanding policies since I havent used them extensively but this would be my best shot.

Maybe this will shed some light otherwise we may have to wait for the others to chime in.

Cory
 
Upvote 0 Downvote
Well its only on this machine.. I have wiped it 3 times.. Its the same admin acct i use for all my other servers..
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
9K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
10K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
11K
tbright
tbright
pa2nc
  • Locked
  • Question
I'm getting Fatal error: vifaddrs.h
Replies
0
Views
10K
pa2nc
pa2nc
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
10K
Nick Ellson
Nick Ellson

Part and Inventory Search

Sponsor

Back
Top