Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New to DNS running windows 2003 DNS. Need Help

Status
Not open for further replies.
freak12

freak12

MIS
Dec 6, 2001
28
0
0
US
I inherited a 2003 DNS and new to DNS. My problem is the clients (xp) aren't registry with DNS or updating there dns record if they end up with a new ip and the record time stamp isn't updating. The setup is as follows:
DHCP is being done by a pix firewall.
DNS on 2003 AD DC.
DNS is configured as AD Integrated Primary.
Aging isn't setup on the DNS server or zones.
Zone setup:
Forward LookupZones\ABC.com -- AD Integrated Primary
Forward LookupZones\_msdcs.abc.com -- AD Integrated Primary

Under Forward LookupZones\ABC.com there is _msdcs.
In the _msdcs ther is 1 record (same as parent) Name Server (NS) configured with a server that doesn't excist (I belive this needs to be fixed).

Client Host (A) record are only showing up in the following location:
Forward LookupZones\ABC.com -- list of 50 Host (A) record there is atleast 150 client pc's.

I enabled logging for dns and see the following error:

20070406 07:16:51 E60 PACKET UDP Rcv 10.0.0.132 964c Q [0001 D NOERROR] (7)JCONWAY(8)abc(3)com(0)

20070406 07:16:51 E60 PACKET UDP Snd 10.0.0.132 964c R Q [8385 A DR NXDOMAIN] (7)JCONWAY(8)abc(3)com(0)

20070406 07:16:51 1A0 PACKET TCP Rcv 10.0.0.132 724c Q [0000 NOERROR] (9)1040-ms-7(10)73-60ebab1(36)f4f8c51d-e343-11db-0f8b-000cf1e9e180(0)

20070406 07:16:51 1B8 PACKET TCP Snd 10.0.0.132 724c R Q [0080 NOERROR] (9)1040-ms-7(10)73-60ebab1(36)f4f8c51d-e343-11db-0f8b-000cf1e9e180(0)

20070406 07:16:51 E60 PACKET UDP Rcv 10.0.0.132 f34e U [0028 NOERROR] (8)abc(3)com(0)

20070406 07:16:51 1AC PACKET UDP Snd 10.0.0.132 f34e R U [08a8 NXRRSET] (8)abc(3)com(0)

20070406 07:16:51 E60 PACKET UDP Rcv 10.0.0.132 2641 Q [0001 D NOERROR] (7)JCONWAY(8)abc(3)com(0)

20070406 07:16:51 E60 PACKET UDP Snd 10.0.0.132 2641 R Q [8385 A DR NXDOMAIN] (7)JCONWAY(8)abc(3)com(0)

20070406 07:16:51 E60 PACKET UDP Rcv 10.0.0.132 7943 U [0028 NOERROR] (8)abc(3)com(0)

20070406 07:16:51 1B0 PACKET UDP Snd 10.0.0.132 7943 R U [05a8 REFUSED] (8)abc(3)com(0)

I have also checked the default domain policy:
Computer Config\administrative Templates\network\DNS client and things look to be enabled and configured.

Any suggestion or help would be appreciated.
 
Sort by date Sort by votes
Why are you using the PIX for DHCP? If you use the W2K3 server it will automatically update DNS when it assigns addresses.

Also, check the client TCP/IP settings and confirm if the "Register this connection in DNS" setting is checked on the NIC.
 
Upvote 0 Downvote
I inherited the PIX doing the DHCP, I'm going to change it to a W2K3 server but was trying to get the DNS issue resolved first. I will check some of the client pc TCP/IP settings and post back.
 
Upvote 0 Downvote
Check to see if your pix does DNS registration for your clients (like Windows DHCP).

If you find that the client workstation DNS registration has to be enabled, I've supplied a script so you can do it remotely. Copy script into a text file with the .vbs extention. Double-click the script to run, enter the computername you wish to enable.
Code: 
'* FileName:  SetDNSReg.vbs
'*=============================================================================
'* Script Name: Set DNS Registration on remote system
'* Created:     [05/06/2006]
'* Author:      Jesse Hamrick
'* Company:     
'* Email:       JHmarick@whokilledkenny.net
'* Web:         [URL unfurl="true"]http://www.whokilledkenny.net[/URL]
'* Reqrmnts:    
'* Keywords:    
'*=============================================================================
'* Purpose:     Sets DNS Registration on remote computers.
'*              Enables Register this connection's address
'*              in DNS.
'*=============================================================================

'*=============================================================================
'* DECLARE VARIABLES
'*=============================================================================
Const FULL_DNS_REGISTRATION = True
Const DOMAIN_DNS_REGISTRATION = False
Dim strComputer
Dim objWMIService
Dim colNetCards, colNetCard

'*=============================================================================
'* Code
'*============================================================================= 
On Error Resume Next
strComputer = InputBox("Enter Computer Name")
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
		If Err <> 0 Then
			MsgBox(strComputer & ", " & Err.Description)
			Err.Clear
		Else
Set colNetCards = objWMIService.ExecQuery _
    ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")

For Each objNetCard in colNetCards
    objNetCard.SetDynamicDNSRegistration FULL_DNS_REGISTRATION, _
        DOMAIN_DNS_REGISTRATION
Next
MsgBox("DNS Registration Set")
End If      
'*=============================================================================
'* END OF SCRIPT: [SetDNSReg.vbs]
'*=============================================================================
 
Upvote 0 Downvote
Sorry I haven’t replied I have been out of town and getting caught up on work. I checked about 20 XP SP2 PC’s and they all are configured with "Register this connection’s addresses in DNS". I verified that in the DNS zone there wasn’t any A or PTR records for the client PC’s I was testing from. The PIX won’t do DNS registration. On the client PC’s I was getting an Event ID 11163 source: Dnsapi with DNS server list: 10.0.0.11 and Sent update to server: 10.1.1.1 ……. To make sure things were ok with the DNS server I changed the dynamic updates for the zone ABC.com to allow nonsecure and secure updates from secure only. In doing this I went from 50 A record to 143 A records and all of them had updated time stamps. So any ideas on what is configured wrong for only secure updates?
 
Upvote 0 Downvote
The PIX IS the cause of your DNS problems. Get it out of there, get DHCP setup properly to give your clients the DC as the primary DNS server and your DNS problems will all go away .. I promise.



Chris Clancy, EnCE,CCE
 
Upvote 0 Downvote
On your DNS server, check option for Dynamic Updates for your zone. Is't allowed?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

KenMeans
  • Locked
  • Question
DNS Issues with wireless router behind Atlantic Broad band Business Modem
Replies
0
Views
2K
KenMeans
KenMeans
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
2K
technome
technome
tbright
  • Locked
  • Question
DNS reverse lookup errors: zone 1.168.192.in-addr.arpa/IN: has no NS records
Replies
1
Views
3K
tbright
tbright
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
2K
Richard Carter
Richard Carter
Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
2K
Wibble2004
Wibble2004

Part and Inventory Search

Sponsor

Back
Top