dnslint report shows: "One or more DNS servers is not authoritative.."

[Ceez]

Hello everyone,

I am running dnslint.exe with the following switches:

/ad /s <ip.of.master.DC.in.forest> /r

I have 1 root with 3 childs

1 of the childs has 2 DCs/DNS servers. One of the DCs of this child which is the 1st dc of that child is getting the following:

=====================================
DNS server: bafsrv01.child.domain.net
IP Address: 10.201.4.114
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: NO

SOA record data from server:
Authoritative name server: Unknown
Hostmaster: Unknown
Zone serial number: Unknown
Zone expires in: Unknown
Refresh period: Unknown
Retry delay: Unknown
Default (minimum) TTL: Unknown

Total number of CNAME records found on this server: 0
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
=====================================

At the end of the report the following:

One or more DNS servers is not authoritative for the domain
Zone serial numbers were not identical on every DNS server
One or more zone files may have expired
SOA record data was unavailable and/or missing on one or more DNS servers

At least one CNAME record for an AD forest GUID was missing from a DNS server



I have no other errors for my 7 DCs in the network.

How do I make the DNS server authoritative for the domain?

Let me know if you guys need to see the dnslint report

All servers run Server 2003 Enterprise SP2 R2

Thanks!

 

[Ceez]

Ok after some reading I found a posting somehwere about checking the prefered DNS, it was pointing to "bafsrv02.child.domain.net" intead of its own IP address.

Changed it and ran dnslint. Now I get the following:

==============================================
DNS server: bafsrv01.child.domain.net
IP Address: 10.201.4.114
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: bardc001.domain.NET
Hostmaster: hostmaster.domain.NET
Zone serial number: 221179
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds

Alias (CNAME) and glue (A) records for forest GUIDs from server:
==============================================
The only thing it doesnt show is the "Alias (CNAME) and glue (A) records for forest GUIDs" which the other DCs in the report show.

Should I wait for replication to take place and running dnslint again?

Thanks for your help,

ceez

 

[Ceez]

something else.

I just found out that the 2nd DC of this child domain had the prefered DNS pointing to the 1st DC of the child domain.

When I changed it I was not able to access these 2 servers via the DNS console.

And after talking to a my coworker he seems to remember that the original 1st DC of this child domain was once a 2000 server that was upgraded and believes that a 2nd DC was added with win2003 at the time of the upgrade because of DNS issues, people couldnt log in, domain not available, etc...

Would there be anything that needs to be done to this server which might have been done by the previous network admin?

thanks once again,
ceez