Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS naming issue

Status
Not open for further replies.

02091963

Technical User
Jul 25, 2003
22
SG
I'm new to this branch company and part of my job is to take care of the network (to cut cost) and I inherited this small system, 1 server with DNS domain name something like xxx.yyy.local. There's no other DNS server and also no dns zone for yyy.local. Only the integrated xxx.yyy.local. I don't know why they design that way, maybe it's a nice name:) Although it seems working in the sense that they can print, surf the net, share files etc. There's alot of error messages in event viewer relating to DNS. NSLOOK up is not working although there's a reverse zone. Netdiag/fix reported so many errors and in the DNS snap in there's no SRV records _msdcs, _sites, _tcp, _udp. You can not ping client1.xxx.yyy.local but ping client1 is ok.


I have created the same name scenario at home, it's same problem. But if I change the domain to yyy.local only, DNS AD integrated, all seems well. There's no problem. Client are registering dynamically and nslookup is working. ping clinet1.yyy.local and ping client1 are all ok.

Right now it's obvious what can I do to solve my problem but I can't change that domain name already without causing a major downtime and I know I can meet resistance if I will propose the change.

I there another way to fix this?
 
the SRV records are maybe not visible...
change to 'advanced' view in the DNS Console...

if the server (or another on your network) is a domain controller, they should be there...

what are the error messages in the dns log?
 
Event 5781

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.


Event ID 414

The DNS server machine currently has no DNS domain name. Its DNS name is a single label hostname with no domain (example: "host" rather than "host.microsoft.com").

You might have forgotten to configure a primary DNS domain for the server computer. For more information, see either "DNS server log reference" or "To configure the primary DNS suffix for a client computer" in the online Help.

While the DNS server has only a single label name, all zones created will have default records (SOA and NS) created using only this single label name for the server's hostname. This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.

To correct this problem:
1) open ControlPanel
2) open System applet
3) select NetworkIdentification tab
4) click the "Properties" button and enter a domain name or workgroup name; this name will be used as your DNS domain name
5) reboot to initialize with new domain name

After reboot, the DNS server will attempt to fix up default records, substituting new DNS name of this server, for old single label name. However, you should review to make sure zone's SOA and NS records now properly use correct domain name of this server.




Portion of netdiag/fix results

Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the name
'servername.xxx.yyy.local.'. [RCODE_SERVER_FAILURE]
The name 'servername.xxx.yyy.local.' may not be registered in DN
S.
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.xxx.yyy.local.
re-registeration on DNS server '192.168.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._
sites.dc._msdcs.xxx.yyy.local. re-registeration on DNS server '192.168.0.1'
failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.xxx.yyy.local. re-reg
isteration on DNS server '192.168.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites.
xxx.yyy.local. re-registeration on DNS server '192.168.0.1' failed.
DNS Error code: DNS_ERROR_RCODE_SERVER_FAILURE
[FATAL] Failed to fix: DC DNS entry xxx.yyy.local. re-registeration on
DNS server '192.168.0.1' failed.



The recommendation Event ID 414 was done but no avail and we are not using WINS (No WINS server configured). As I told you above, they can login and do everything the stuff they are doing.
 
You can't change the domain name on a Windows 2000 domain. You can't just change the DNS zone to a new domain, since you will break name resolution, as you are seeing.

My guess is that if you change the DNS zone to yyyy.com and everything starts working with SRV registration, etc, then that is actually what the domainname is.

You can check this by looking at the FQDN of the domain controller. Right click my computer, properties, network ID, properties. You will see the FQDN of the server. If it is host.xxx.com, then you should have a DNS zone of xxx.com.
 
Sorry, meant to say if you have an FQDN of host.yyyy.com, your DNS zone should be yyyy.com, not xxxx.yyyy.com
 
Quote from my original post:

>>I have created the same name scenario at home, it's same problem. But if I change the domain to yyy.local only, DNS AD integrated, all seems well. There's no problem. Client are registering dynamically and nslookup is working. ping clinet1.yyy.local and ping client1 are all ok.

Right now it's obvious what can I do to solve my problem but I can't change that domain name already without causing a major downtime and I know I can meet resistance if I will propose the change.

I there another way to fix this?
--------------------------------------------------------


So still the same question... Is there another way to fix this?
 
I dont see why that would cause major downtime or be met with resistance. That is the correct domain name. They now have an incorrect domain name, and things are not functioning correctly.
 
Reason to cause a downtime:

1. The moment I change nobody can login.
2. Have to rejoin PCs 1 by 1.
3. If profile is not working, it must be created again. Maybe I can also copy original profile and fix any hiccups that arises like recreate any personal mappings, emails , printers. etc etc.

Resistance:

While I'm doing 1 PC the rest are doing nothing. Even the Bosses also have to wait for their turn and I beleive they are the one who gonna oppose this renaming the domain. They gonna ask.. Why are you fixing something when nobody is complaining.

 
there's no SRV records _msdcs, _sites, _tcp, _udp.
have you checked in advanced view mode?
are you sure your server is a domain controller, or indeed that there is a domain controller??
 
Yes I've checked already, no srv records in advanced view mode. Yes there's domain controller. For new PC, there's no problem joining. I just use the domain name xxx and it can join, users can login to the new pc. The only local user in the new PC is the administrator. So how can any domain user logs in in the new PC choosing the domain xxx in the login screeen, if there's no domain. If you go in to the server there's an AD, GC, sites etc etc there. Trust me, there's a domain in there.
 
Ok, I still need a question answered. What is the actual domain name. Not the zone that is configure in DNS, but what is the Active Directory domain name that shows up in AD Users and Computers?

Also, what is the FQDN of the domain controller?
 
Full Computer Name: Serveraname
Domain: xxx.yyy.local
(Right Click My Computer/Properties/Network Identification)

In Active Directory Users and Computers(Servername) you can see xxx.yyy.local


DNS - Forward Lookup Zone - xxx.yyy.local
(Open DNS snap in DNS/Servername/Forward Lookup Zone)


From workstation:
If you ping Servername is OK. If you ping Servername.xxx.yyy.local - Unknown host.

From Server: Also the same result if you ping a PC.

Protocol: Internet Protocl(TCP/IP) with Enable NetBios over TCP/IP


Here's the Weird part: The PC's Computer Name after joining domain:

PC1.xxx.yyy.local
PC2.xxx.yyy.local
PC3.xxx.yyy.local
Also we are not using hosts and LMhosts files.

I'm just wondering . . . If I don't test the DNS, it looks like everything works fine but I read that without DNS AD can't work.(Win2k server SP4) So definitely somehow DNS is working:) Hmm I think I just have to leave it alone 'till the future upgrade of HW and go to Server 2003 at least that time downtime is justified.



 
you say the domain name is xxx.yyy.local ...

who hosts yyy.local ?

is there an external dns (your ISP maybe?) hat hosts the yyy zone?

some server somewhere has authority for this zone...
your dns server is probably losing the pedals cos it can't join it???

the srv records and _msdcs might be in the other server's zone......

another thing to try...
change the zone from an AD integrated to a standard zone, and check the contents of the zone file /winnt/system32/dns....
do you have all the 'A' records in your dns zone???
or maybe maybe they are being recorded in another 'parent' one..
check all the existing parameters of the dns server and the zone...


if you find nothing at all that seems strange....
create a new zone in your dns server mmc (yyy.local as name!!!)
and then you will have authority.

good luck!
 
No ISP hosts yyy.local (As you can see .local). There's only 1 zone there, xxx.yyy.local. The dns problem actually is yyy.local. There's no dns server holding this zone and I tried creating this zone manually(yyy.local) but it won't fix the problem. I already give up on this because it's so far so good type of thing, no complain. Thanks guys for sharing your views, appreciated.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top