DNS QUESTIONS
1)List the types of DNS servers?
Ans: Standard primary, standard secondary, active directory integrated zone,
root server, caching only, and forwarders, master.
2) what is ttl?
Ans: time to live
3)What is PTR?
Ans: Used to map IP address to their host names. These records only used in
reverse lookup zone.
4)what is the primary purpose of DNS?
Ans: For host resolution.
5) what is start of authority?
Ans: It contains serial no. , this indicates the modification done to the zone.
6)what is Dynamic DNS?
Ans: Dynamically update the service records
7)what is the maximum character size of DNS?
Ans:63
9)what is zone or zone file?
Ans: A zone is a Database for either a DNS domain or for a DNS domain and one
or more of it’s Sub domains. This storage database is special text file called zone
or zone file.
11)why multiple DNS services are created for the same zone?
Ans: load balancing, fault tolerance.
12)what is caching only server?
Ans: Caching only servers does not stores only zones.it resolves host names
To IP address for client computers and stores the resulting mapping information
in it’s cache. this DNS server provides the cached information to the client
computer with contacting other DNS servers to resolve the query.
It is the temporary storage of zone information.
13)what is zone transfer?
Ans: The process of copying zone to a standard DNS server is called zone
transfer.
14)what is master DNS server?
Ans: As the DNS contains the master copy of the zone information is called
Master DNS.
15)what is forwarders?
Ans: The queries of one server will be forwarded to other DNS act as forwarder
by internal name resolution.
17)which protocol is supported by DNS server?
Ans: Dynamic Updated protocol.
18)what are four service records?
Ans: _msdcs,_sites,_tcp,_udp
19) what are six service records in win 2003?
Ans: -msdcs: (Microsoft Domain controller service)
It contains the information which domain controller is hosting the zone.
Site: In which site the zone has been configured.
Tcp& Udp: These are two protocols that are responsible for communicating with
active directory.
Domain DNS Zones & Forest DNS Zones:
In which domain & Forest, DNS has be configured the information.
20)what is Resource record?
Ans: The entries are in zone is called Resource record. The entry may be host
name IP address mapping entry.
21)what is the primary thing you have to do on a DNS server before it
starts resolution of host name?
21)when will you configure root DNS server?
Ans: : A root server should be used only when a network is not connected to the
internet or when a network is connected to the internet or when a network is
connected to the internet by using a proxy server
22)what is forward lookup zone?
Ans:Resolves hostnames to ip address.
23)what is reverse look up zone?
Ans: Resolves ip address to hostnames.
24)what is standard primary zone?
Ans: Standard primary DNS server stores DNS entries(IP address to host
mapping and other DNS resource records ) in zone file that is maintained on the
server. The primary server maintains the master copy of zone file. When changes
need to be the zone they should be made only standard primary server.
25)what is standard secondary zone?
Ans: Standard secondary DNS server stores copies of zones from the standard
primary.
26) what is root server?
Ans: Root server contains a copy of a zone for the root domain – either the root
domain for the internet, or the root domain for a company private, internal
network. the purpose of the root server is to enable other DNS servers on a
network to access the second level domains on the internet.
Note: A root server should be used only when a network is not connected to the
internet or when a network is connected to the internet or when a network is
connected to the internet by using a proxy server
27)what is round robin?
Ans: Round robin is used when multiple servers (such as web servers) have
identical configurations and identical host names ,but different IP addresses.
28) can you configure root server to use a forwarder?
Ans: NO.
29)what are Root hints?
Ans:Root hints are server names and ip address combination that point to the
root servers located either on the internet or on your organization private
network.
Root hint tab contains list of DNS Servers can contract to resolve client DNS
queries.
Maintains all the information of 13 root servers.
30)what is Active Directory integrated zone?
Ans: Active directory integrated DNS server just like standard primary except
DNS entries stored in active directory data store rather than in a zone file. Active
directory supports multi master replication when changes need to be made to
the zone. They can be on any active directory –integrated DNS server that
containg the zone.
31)what is simple query?
Ans: A simple query is a query that DNS server can resolve without contacting
any other DNS servers.
32) what is recursive query?
Ans: a recursive is a query that can’t resolve it self it must be contract one or
more additional DNS servers to resolve the query.
33) what is scavenging?
Ans: Scavenging is the process of searching for and Deletes stele resource
records in a zone
PTR: Pointer resource record
SRV: Service locator resource record
34)What is SRV?
Ans: Used to map specific service (tcp/ip) to list of servers that provide that
service.
35) What is CNAME?
Ans: Alias resource record .used to map an additional host name to the actual
name of the host.
36) What is stub zone in 2003?
Ans: stub zone contains the information of Name Server & start of authority. It
gives the information in which system, in which server, in which domain DNS has
been configured
The properties of DNS in Advanced Tab
(Disable Recursion or disable forwarder)
By default this option is unchecked telling that recursive property
is present.
BIND Secondaries:
The zone transfers between the primary & secondary (replication between
primary and secondary) BIND is responsible.
Fail on load if bad zone data:
This option is unchecked telling that even if the zone contains some errors it will
be loaded if it is checked the zone will not be loaded.
Enable Round Robin:
If the same zone is present in the same subnet the query will be passed on
round robin passion until it gets resolved.
Enable Net Mask ordering:
This option is utilized for DNS Server maintained on multihome pc ( A pc Having
multiple nic cards ) and solving the queries of diff clients subnets
Secure cache against pollution :
It secures the cache information by not storing the information of unauthorized
DNS servers.
DNS TROUBLESHOOTING
37)How to check AD DNS Registration
Ans: You should have four folders with the following names under DNS forward
lookup zones are present when DNS is correctly registering the Active Directory
DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
38)A Records appear and disappear randomly
Cause: Your DNS zone is configured to query WINS.
39)Can't logon or join the domain
Ans: If DNS is not set up on the Domain controller correctly, domain-wide issues
can occur such as replication between domain controllers. If DNS is not set up on
the client correctly, the client may experience many networking and internet
issues. Unable log on to the domain or join the domain from a workstation or
server, and can't access the Internet indicate that you may have DNS settings
issues.
40)Can't open an external website using the same network domain
name?
Ans: Create a DNS record for pointing to the www with the public IP.
41)What are Common DNS settings mistakes
1.The domain controller is not pointing to itself for DNS resolution on all network
interfaces. Especially, when you have multihomed server, the WAN connection
may be assign 127.0.0.1 as DNS ip.
2. The "." zone exists under forward lookup zones in DNS.
3. The clients on LAN do not point the DNS to internal DNS server.
42)Can't find server name for ....: No response from server - DNS
Request Timed Out?
Ans: Symptom: When running nslookup, you may receive this message: Can't
find server name for ....: No response from server
Cause: the DNS server's reverse lookup zones do not contain a PTR record for
the DNS server's IP address. Refer to case 0204BL
43)Can't Find Server Name for Address 127.0.0.1 when running
nslookup?
Ans: Cause: You don't have a DNS server specified in your TCP/IP Properties. If
you have no DNS server configured on your client, Nslookup will. default to the
local loopback address.
44)DNS issue with IP Filtering
Ans: Symptoms: you have a windows 2000 server running IIS for public access
with 10 public IPs. The router is broken. We would like to enable IP filtering to
block all ports except the port 80 for the web, 25 and 110 for the mail. After
enabling IP Filtering, the server can't access any web sites, can't ping yahoo.com
and nslookup gets time out.
Cause: IP Filtering block the ports fro DNS.
45)"DNS name does not exist."?
Ans: Cause: 1. Incorrect DNS.
2. The netlogon service tries to register the RR before the DNS service is up.
46)DNS on multi homed server?
Ans: It is not recommended to install DNS on a multihomed server. If you do,
you should restrict the DNS server to listen only on a selected address.
47)DNS request time out - ip name lookup failed?
Ans: When troubleshooting Outlook 550 5.7.1 relaying denied - ip name lookup
failed by using nslookup to resolve host name,
48)you may receive "DNS request time out...*** Request to
mail.chicagotech.net time-out.?
Ans: Possible causes: 1. Incorrect DNS settings.
2. Incorrect TCP/IP settings on the DC.
3. Missing PRT on Reverse Lookup Zones.
49)DNS server can't access the Internet?
Ans: Symptoms: You have a domain controller with DNS. The server can ping
router and any public IPs. However, the server can't open any web sites.
Resolution: Check the server DNS settings, especially make sure the server
points to the internal DNS instead of the ISP DNS or 127.0.0.1.
50)How to register the DNS RR?
Ans: 1. Go to DNS Manager to add it manually.
2. Use netlogon, ipconfig and nbtstat command.
51)How to troubleshoot DNS problems?
Ans: To correct DNS settings and troubleshoot DNS problems, you can 1) run
nslookup from a command line is the default dns server the one you expect.
2) use ipconfig /all on client to make sure the client point to correct DNS server
and the the DC server points to only itself for DNS by its actual tcp/ip address,
and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.
3) When the machine loads it should register itself with the DNS. If not, use
ipconfig /regiesterdns command.
4) Check Event Viewer to see whether the event logs contain any error
information. On both the client and the server, check the System log for failures
during the logon process. Also, check the Directory Service logs on the server
and the DNS logs on the DNS server.
5) Use the nltest /dsgetdc: domainname command to verify that a domain
controller can be located for a specific domain. The NLTest tool is installed with
the Windows XP support tools.
6) If you suspect that a particular domain controller has problems, turn on the
Netlogon debug logging. Use the NLTest utility by typing nltest
/dbflag:0x2000ffff at a command prompt. The information is logged in the Debug
folder in the Netlogon.log file.7) Use DC Diagnosis tool, dcdiag /v to diagnose
any errors. If you still have not isolated the problem, use Network Monitor to
monitor network traffic between the client and the domain controller.
52)How can I verify a computer DNS entries are correctly registered in
DNS?
A: You can use the NSLookup tool to verify that DNS entries are correctly
registered in DNS. For example, to verify record registration, use the following
commands: nslookup computername.domain.com.
53)How to add DNS and WINS into your Cisco VPN server?
Ans: If your VPN client cannot find servers or cannot ping computer name, you
may need to add DNS and WINS into your VPN server. For example, to add DNS
and WINS on a Cisco Firewall PIX, add vpdn group 1 client configuration DNS
server name and vpdn group 1 client configuration wins wins server name..
54)How to clear bad information in Active Directory-integrated DNS
Ans: You may need to clear bad information in Active Directory-integrated if DNS
is damaged or if the DNS contains incorrect registration information. To do that,
1) Change the DNS settings to Standard Primary Zone.
2) Delete the DNS zones.
3) Use ipconfig /flushdns command.
4) Recreate the DNS zones.
5) Restart Net Logon service
6)Use ipconfig /registerdns
55)How to ensure that DNS is registering the Active Directory DNS
records?
Ans: To ensure that DNS is registering the Active Directory DNS records, to go
DNS Management console>Server name>Forward Lookup Zones>Properties,
make sure Allow Dynamic Updates is set to Yes and _msdcs, _sites, _tcp and
_udp are correctly registering the Active Directory DNS records. If these folders
do not exist, DNS is not registering the Active Directory DNS records. These
records are critical to Active Directory functionality and must appear within the
DNS zone. You should repair the Active Directory DNS record registration.
56): How does the internal DNS resolve names Internet without the
ISP's DNS server?
Ans: As long as the "." zone does not exist under forward lookup zones in DNS,
the DNS service uses the root hint servers. The root hint servers are well-known
servers on the Internet that help all DNS servers resolve name queries.
70)How to reinstall the dynamic DNS in a Windows 2000 Active
Directory?
Ans: Under the following situations you may want to reinstall the DDNS in a
Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been
unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS)
and/or Active Directory are failing.
The secondary DNS server doesn't support dynamic updates.
To reinstall the dynamic DNS in a Windows 2000 Active Directory,
1. Clear the DNS information.
2. Clear the Caching Reslover.
3. Point all DNS servers to the first DNS server under TCP/IP properties.
4. Re-add the zones and configure them to be Active Directory integrated.
5. Register your A resource record for DNS as well as your start of authority
(SOA).
57)How to repair the DNS record registration
Ans: To repair the Active Directory DNS record registration:
Check for the existence of a Root Zone entry. View the Forward Lookup zones in
the DNS Management console. There should be an entry for the domain. Other
zone entries may exist. There should not be a dot (".") zone. If the dot (".") zone
exists, delete the dot (".") zone. The dot (".") zone identifies the DNS server as a
root server. Typically, an Active Directory domain that needs external (Internet)
access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration (by using Ipconfig)
after you delete the dot ("."). The Netlogon service may also need to be
restarted. Further details about this step are listed later in this article.
Manually repopulate the Active Directory DNS entries. You can use the Windows
2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is
included with the Windows 2000 Support tools. At a command prompt, type
netdiag /fix.
To install the Windows 2000 Support tools:
Insert the Windows 2000 CD-ROM.
Browse to Support\Tools.
Run Setup.exe in this folder.
Select a typical installation. The default installation path is Systemdrive:\Program
Files\Support Tools.
After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed.
NOTE: The server may need to reregister its IP configuration (by using Ipconfig)
after you run Netdiag. The Netlogon service may also need to be restarted.
If the Active Directory DNS records do not appear, you may need to manually re-
create the DNS zone.
After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed. Manually re-
create the DNS zone:
Still need help, contact consultant Your feedback and contributions to this web
site
58)How to configure DNS Forwarders
Ans: To ensure network functionality outside of the Active Directory domain
(such as browser requests for Internet addresses), configure the DNS server to
forward DNS requests to the appropriate Internet service provider (ISP) or
corporate DNS servers. To configure forwarders on the DNS server:
Start the DNS Management console.
Right-click the name of the server, and then click Properties.
Click the Forwarders tab.
Click to select the Enable Forwarders check box.
NOTE: If the Enable Forwarders check box is unavailable, the DNS server is
attempting to host a root zone (usually identified by a zone named only with a
period, or dot ("."). You must delete this zone to enable the DNS server to
forward DNS requests. In a configuration in which the DNS server does not rely
on an ISP DNS server or a corporate DNS server, you can use a root zone entry.
Type the appropriate IP addresses for the DNS servers that will accept forwarded
requests from this DNS server. The list reads from the top down in order; if there
is a preferred DNS server, place it at the top of the list.
Click OK to accept the changes.
59)DC's FQDN Does Not Match Domain Name?
Ans: Symptoms: After you promote or install a domain controller, the DNS suffix
of your computer name may not match the domain name. Or the FQDN does not
match the domain name because a NT 4.0 upgrade automatically clears the
Change primary DNS suffix when domain membership changes check box. It is
not possible to rename the computer on the Network Identification tab. Also, you
may receive NETLOGON events in the System Log with ID:5781 or other error
messages that indicate a failure to dynamically register DNS records.
Resolutions: 1. After you upgrade to Microsoft Windows 2000, but before you
run dcpromo and obtain the Active Directory Installation Wizard, add the
following values to the following registry key:
Value name: SyncDomainWithMembership
Value type: REG_DWORD
Value: 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
2. If you have already promoted to a domain controller, use the Active Directory
Installation Wizard to demote to a member server. Click to select the Change
primary DNS suffix when domain membership changes check box, and then run
dcpromo to promote back to a domain controller.
3. Modify
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
and changed domain=mydomain.com, NV Domain=mydomain.com,
SyncDomainWithMembership= 1 (here mydomain.com is yhe donaim name).
74)Primary or Active Directory Integrated DNS
Ans: With Active Directory Integrated DNS, this permits all servers to accept
updates. Instead of adding standard secondary DNS servers, you can convert the
server from a primary DNS server to an Active Directory Integrated Primary
server and configure another domain controller to be a DNS server. With Active
Directory Integrated DNS servers, all the servers are primary servers, so when a
zone change is made at one server, it is replicated to the others, eliminating the
need for a zone transfer.
60)2nd DNS Issues
1. When setup 2nd DNS, make sure you type correct Master DNS Server IP
address.
2. Make sure primary DNS and 2nd DNS servers can ping each other and not
firewall block them.
3. Make sure primary DNS and 2nd DNS servers point to each other as primary
and themselves as secondary.
76)Some A Records don't appear in DNS
Cause: 1. incorrect TCP/IP settings.
2. Register this connection's address in DNS is unchecked.
77)The DSA operation is unable to proceed because of a DNS lookup
failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed
because: The directory service failed to replicate off changes made locally. The
DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to
proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed
because of a DNS lookup failure".
Causes: 1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
61)“The procedure entry point DsIsManagedDnW could be located in
the dynamic link library NTDSAPI.dll”
Ans: Symptom: when trying to run DCDiag and getting the following error, "the
procedure entry point DsIsManagedDnW could be located in the dynamic link
library NTDSAPI.dll".
Resolutions: 1. Remove the dcdiag.exe from Controller Panel and install it from
w2k/xp DC.
2. The "entry point not found" is typical of a service pack mismatch and the
dcdiag.exe is out of sync with the service pack level of your system. To fix, go to
the service pack x folder, and find "adminpack.msi" Right click it and select
install.
62)Troubleshooting the Domain Locator Process
1) Check Event Viewer on both the client and the DNS server for any errors.
Verify that the IP configuration is correct for your network by using ipconfig /all.
Ping both the DNS IP address and the DNS server name to verify network
connectivity and name resolution. .
Use nslookup servername.domain.com command to verify that DNS entries are
correctly registered in DNS.
If nslookup command does not succeed, use one of the following methods to
reregister records with DNS: a) force host record registration by using ipconfig
/register dns; b) force domain controller service registration by
stopping/restarting the Netlogon service.
If you still have the same issue, use Network Monitor to monitor network traffic
between the client and the domain controller.
63)Which DNS does a VPN client use
1. Assuming both LAN connection and VPN connection have the different DNS
because they are assigned by different DHCPs, the active DNS goes with the
default gateway.
2. You can pick up which DNS you want to use manually.
64)Which ports are used for DNS
Ans:UDP and TCP port 53. However, the internal DNS clients may not hear
answers even though the query has been sent out on 53,until you open the UDP
port above 1023.
65)Why I can't perform external name resolution to the root hint
servers on the Internet?
A: make sure "." zone does not exist under forward lookup zones in DNS. If you
do not delete this setting, you may not be able to perform external name
resolution to the root hint servers on the Internet.
66) Why do I have to point my domain controller to itself for DNS?
A: The Netlogon service on the domain controller registers a number of records
in DNS that enable other domain controllers and computers to find Active
Directory-related information. If the domain controller is pointing to the ISP's
DNS server, Netlogon does not register the correct records for Active Directory,
and errors are generated in Event Viewer. The preferred DNS setting for the
domain controller is itself; no other DNS servers should be listed. The only
exception to this rule is with additional domain controllers. Additional domain
controllers in the domain must point to the first domain controller (which runs
DNS) that was installed in the domain and then to themselves as secondary.
67): Everyone can access our web site on the Internet. But no one can
access the web site internally. Instead, we are point to our Intranet.
A: If you network domain name is the same of your web site name, you should
point the web to the web public IP. To do this, open DNS manager and create a
host. for example www.chicagotech.net=public ip.
68) *** Can't find server name for address w.x.y.z: Timed out
Cause: the DNS server cannot be reached or the service is not running on that
computer.
2. *** Can't find server name for address 127.0.0.1: Timed out
Cause: no servers have been defined in the DNS Service Search Order list
3. *** Can't find server name for address w.x.y.z: Non-existent domain
Cause: there is no PTR record for the name server's IP address.
4.*** ns.domain.com can't find child.domain.com.: Non-existent domain
5. *** Can't list domain child.domain.com.: Non-existent domain
Cause: No separate db file for the domain, thus querying that domain or running
a zone transfer on it will produce the above errors.
69)What does netdiag /fix do
A: Netdiag /fix switch is very useful tool to correct issues with DNS and domain
controller tests. 1. DNS Test: If the computer is a domain controller, Netdiag
verifies all the DNS entries in the Netlogon.dns file to determine if they are
correct and updates the appropriate entries if there is a problem. 2. Domain
Controller Test: If the domain GUID cached in a local computer on your primary
domain is different than the domain GUID saved in a domain controller, Netdiag
tries to update the domain GUID on the local computer.
1)List the types of DNS servers?
Ans: Standard primary, standard secondary, active directory integrated zone,
root server, caching only, and forwarders, master.
2) what is ttl?
Ans: time to live
3)What is PTR?
Ans: Used to map IP address to their host names. These records only used in
reverse lookup zone.
4)what is the primary purpose of DNS?
Ans: For host resolution.
5) what is start of authority?
Ans: It contains serial no. , this indicates the modification done to the zone.
6)what is Dynamic DNS?
Ans: Dynamically update the service records
7)what is the maximum character size of DNS?
Ans:63
9)what is zone or zone file?
Ans: A zone is a Database for either a DNS domain or for a DNS domain and one
or more of it’s Sub domains. This storage database is special text file called zone
or zone file.
11)why multiple DNS services are created for the same zone?
Ans: load balancing, fault tolerance.
12)what is caching only server?
Ans: Caching only servers does not stores only zones.it resolves host names
To IP address for client computers and stores the resulting mapping information
in it’s cache. this DNS server provides the cached information to the client
computer with contacting other DNS servers to resolve the query.
It is the temporary storage of zone information.
13)what is zone transfer?
Ans: The process of copying zone to a standard DNS server is called zone
transfer.
14)what is master DNS server?
Ans: As the DNS contains the master copy of the zone information is called
Master DNS.
15)what is forwarders?
Ans: The queries of one server will be forwarded to other DNS act as forwarder
by internal name resolution.
17)which protocol is supported by DNS server?
Ans: Dynamic Updated protocol.
18)what are four service records?
Ans: _msdcs,_sites,_tcp,_udp
19) what are six service records in win 2003?
Ans: -msdcs: (Microsoft Domain controller service)
It contains the information which domain controller is hosting the zone.
Site: In which site the zone has been configured.
Tcp& Udp: These are two protocols that are responsible for communicating with
active directory.
Domain DNS Zones & Forest DNS Zones:
In which domain & Forest, DNS has be configured the information.
20)what is Resource record?
Ans: The entries are in zone is called Resource record. The entry may be host
name IP address mapping entry.
21)what is the primary thing you have to do on a DNS server before it
starts resolution of host name?
21)when will you configure root DNS server?
Ans: : A root server should be used only when a network is not connected to the
internet or when a network is connected to the internet or when a network is
connected to the internet by using a proxy server
22)what is forward lookup zone?
Ans:Resolves hostnames to ip address.
23)what is reverse look up zone?
Ans: Resolves ip address to hostnames.
24)what is standard primary zone?
Ans: Standard primary DNS server stores DNS entries(IP address to host
mapping and other DNS resource records ) in zone file that is maintained on the
server. The primary server maintains the master copy of zone file. When changes
need to be the zone they should be made only standard primary server.
25)what is standard secondary zone?
Ans: Standard secondary DNS server stores copies of zones from the standard
primary.
26) what is root server?
Ans: Root server contains a copy of a zone for the root domain – either the root
domain for the internet, or the root domain for a company private, internal
network. the purpose of the root server is to enable other DNS servers on a
network to access the second level domains on the internet.
Note: A root server should be used only when a network is not connected to the
internet or when a network is connected to the internet or when a network is
connected to the internet by using a proxy server
27)what is round robin?
Ans: Round robin is used when multiple servers (such as web servers) have
identical configurations and identical host names ,but different IP addresses.
28) can you configure root server to use a forwarder?
Ans: NO.
29)what are Root hints?
Ans:Root hints are server names and ip address combination that point to the
root servers located either on the internet or on your organization private
network.
Root hint tab contains list of DNS Servers can contract to resolve client DNS
queries.
Maintains all the information of 13 root servers.
30)what is Active Directory integrated zone?
Ans: Active directory integrated DNS server just like standard primary except
DNS entries stored in active directory data store rather than in a zone file. Active
directory supports multi master replication when changes need to be made to
the zone. They can be on any active directory –integrated DNS server that
containg the zone.
31)what is simple query?
Ans: A simple query is a query that DNS server can resolve without contacting
any other DNS servers.
32) what is recursive query?
Ans: a recursive is a query that can’t resolve it self it must be contract one or
more additional DNS servers to resolve the query.
33) what is scavenging?
Ans: Scavenging is the process of searching for and Deletes stele resource
records in a zone
PTR: Pointer resource record
SRV: Service locator resource record
34)What is SRV?
Ans: Used to map specific service (tcp/ip) to list of servers that provide that
service.
35) What is CNAME?
Ans: Alias resource record .used to map an additional host name to the actual
name of the host.
36) What is stub zone in 2003?
Ans: stub zone contains the information of Name Server & start of authority. It
gives the information in which system, in which server, in which domain DNS has
been configured
The properties of DNS in Advanced Tab
(Disable Recursion or disable forwarder)
By default this option is unchecked telling that recursive property
is present.
BIND Secondaries:
The zone transfers between the primary & secondary (replication between
primary and secondary) BIND is responsible.
Fail on load if bad zone data:
This option is unchecked telling that even if the zone contains some errors it will
be loaded if it is checked the zone will not be loaded.
Enable Round Robin:
If the same zone is present in the same subnet the query will be passed on
round robin passion until it gets resolved.
Enable Net Mask ordering:
This option is utilized for DNS Server maintained on multihome pc ( A pc Having
multiple nic cards ) and solving the queries of diff clients subnets
Secure cache against pollution :
It secures the cache information by not storing the information of unauthorized
DNS servers.
DNS TROUBLESHOOTING
37)How to check AD DNS Registration
Ans: You should have four folders with the following names under DNS forward
lookup zones are present when DNS is correctly registering the Active Directory
DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
38)A Records appear and disappear randomly
Cause: Your DNS zone is configured to query WINS.
39)Can't logon or join the domain
Ans: If DNS is not set up on the Domain controller correctly, domain-wide issues
can occur such as replication between domain controllers. If DNS is not set up on
the client correctly, the client may experience many networking and internet
issues. Unable log on to the domain or join the domain from a workstation or
server, and can't access the Internet indicate that you may have DNS settings
issues.
40)Can't open an external website using the same network domain
name?
Ans: Create a DNS record for pointing to the www with the public IP.
41)What are Common DNS settings mistakes
1.The domain controller is not pointing to itself for DNS resolution on all network
interfaces. Especially, when you have multihomed server, the WAN connection
may be assign 127.0.0.1 as DNS ip.
2. The "." zone exists under forward lookup zones in DNS.
3. The clients on LAN do not point the DNS to internal DNS server.
42)Can't find server name for ....: No response from server - DNS
Request Timed Out?
Ans: Symptom: When running nslookup, you may receive this message: Can't
find server name for ....: No response from server
Cause: the DNS server's reverse lookup zones do not contain a PTR record for
the DNS server's IP address. Refer to case 0204BL
43)Can't Find Server Name for Address 127.0.0.1 when running
nslookup?
Ans: Cause: You don't have a DNS server specified in your TCP/IP Properties. If
you have no DNS server configured on your client, Nslookup will. default to the
local loopback address.
44)DNS issue with IP Filtering
Ans: Symptoms: you have a windows 2000 server running IIS for public access
with 10 public IPs. The router is broken. We would like to enable IP filtering to
block all ports except the port 80 for the web, 25 and 110 for the mail. After
enabling IP Filtering, the server can't access any web sites, can't ping yahoo.com
and nslookup gets time out.
Cause: IP Filtering block the ports fro DNS.
45)"DNS name does not exist."?
Ans: Cause: 1. Incorrect DNS.
2. The netlogon service tries to register the RR before the DNS service is up.
46)DNS on multi homed server?
Ans: It is not recommended to install DNS on a multihomed server. If you do,
you should restrict the DNS server to listen only on a selected address.
47)DNS request time out - ip name lookup failed?
Ans: When troubleshooting Outlook 550 5.7.1 relaying denied - ip name lookup
failed by using nslookup to resolve host name,
48)you may receive "DNS request time out...*** Request to
mail.chicagotech.net time-out.?
Ans: Possible causes: 1. Incorrect DNS settings.
2. Incorrect TCP/IP settings on the DC.
3. Missing PRT on Reverse Lookup Zones.
49)DNS server can't access the Internet?
Ans: Symptoms: You have a domain controller with DNS. The server can ping
router and any public IPs. However, the server can't open any web sites.
Resolution: Check the server DNS settings, especially make sure the server
points to the internal DNS instead of the ISP DNS or 127.0.0.1.
50)How to register the DNS RR?
Ans: 1. Go to DNS Manager to add it manually.
2. Use netlogon, ipconfig and nbtstat command.
51)How to troubleshoot DNS problems?
Ans: To correct DNS settings and troubleshoot DNS problems, you can 1) run
nslookup from a command line is the default dns server the one you expect.
2) use ipconfig /all on client to make sure the client point to correct DNS server
and the the DC server points to only itself for DNS by its actual tcp/ip address,
and make sure no any ISP DNS listed in tcp/ip properties of any W2K/XP.
3) When the machine loads it should register itself with the DNS. If not, use
ipconfig /regiesterdns command.
4) Check Event Viewer to see whether the event logs contain any error
information. On both the client and the server, check the System log for failures
during the logon process. Also, check the Directory Service logs on the server
and the DNS logs on the DNS server.
5) Use the nltest /dsgetdc: domainname command to verify that a domain
controller can be located for a specific domain. The NLTest tool is installed with
the Windows XP support tools.
6) If you suspect that a particular domain controller has problems, turn on the
Netlogon debug logging. Use the NLTest utility by typing nltest
/dbflag:0x2000ffff at a command prompt. The information is logged in the Debug
folder in the Netlogon.log file.7) Use DC Diagnosis tool, dcdiag /v to diagnose
any errors. If you still have not isolated the problem, use Network Monitor to
monitor network traffic between the client and the domain controller.
52)How can I verify a computer DNS entries are correctly registered in
DNS?
A: You can use the NSLookup tool to verify that DNS entries are correctly
registered in DNS. For example, to verify record registration, use the following
commands: nslookup computername.domain.com.
53)How to add DNS and WINS into your Cisco VPN server?
Ans: If your VPN client cannot find servers or cannot ping computer name, you
may need to add DNS and WINS into your VPN server. For example, to add DNS
and WINS on a Cisco Firewall PIX, add vpdn group 1 client configuration DNS
server name and vpdn group 1 client configuration wins wins server name..
54)How to clear bad information in Active Directory-integrated DNS
Ans: You may need to clear bad information in Active Directory-integrated if DNS
is damaged or if the DNS contains incorrect registration information. To do that,
1) Change the DNS settings to Standard Primary Zone.
2) Delete the DNS zones.
3) Use ipconfig /flushdns command.
4) Recreate the DNS zones.
5) Restart Net Logon service
6)Use ipconfig /registerdns
55)How to ensure that DNS is registering the Active Directory DNS
records?
Ans: To ensure that DNS is registering the Active Directory DNS records, to go
DNS Management console>Server name>Forward Lookup Zones>Properties,
make sure Allow Dynamic Updates is set to Yes and _msdcs, _sites, _tcp and
_udp are correctly registering the Active Directory DNS records. If these folders
do not exist, DNS is not registering the Active Directory DNS records. These
records are critical to Active Directory functionality and must appear within the
DNS zone. You should repair the Active Directory DNS record registration.
56): How does the internal DNS resolve names Internet without the
ISP's DNS server?
Ans: As long as the "." zone does not exist under forward lookup zones in DNS,
the DNS service uses the root hint servers. The root hint servers are well-known
servers on the Internet that help all DNS servers resolve name queries.
70)How to reinstall the dynamic DNS in a Windows 2000 Active
Directory?
Ans: Under the following situations you may want to reinstall the DDNS in a
Windows 2000 Active Directory:
Some weird DNS errors have occurred and clearing DNS information has been
unsuccessful.
Services that depend upon DNS, such as, the File Replication service (FRS)
and/or Active Directory are failing.
The secondary DNS server doesn't support dynamic updates.
To reinstall the dynamic DNS in a Windows 2000 Active Directory,
1. Clear the DNS information.
2. Clear the Caching Reslover.
3. Point all DNS servers to the first DNS server under TCP/IP properties.
4. Re-add the zones and configure them to be Active Directory integrated.
5. Register your A resource record for DNS as well as your start of authority
(SOA).
57)How to repair the DNS record registration
Ans: To repair the Active Directory DNS record registration:
Check for the existence of a Root Zone entry. View the Forward Lookup zones in
the DNS Management console. There should be an entry for the domain. Other
zone entries may exist. There should not be a dot (".") zone. If the dot (".") zone
exists, delete the dot (".") zone. The dot (".") zone identifies the DNS server as a
root server. Typically, an Active Directory domain that needs external (Internet)
access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration (by using Ipconfig)
after you delete the dot ("."). The Netlogon service may also need to be
restarted. Further details about this step are listed later in this article.
Manually repopulate the Active Directory DNS entries. You can use the Windows
2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is
included with the Windows 2000 Support tools. At a command prompt, type
netdiag /fix.
To install the Windows 2000 Support tools:
Insert the Windows 2000 CD-ROM.
Browse to Support\Tools.
Run Setup.exe in this folder.
Select a typical installation. The default installation path is Systemdrive:\Program
Files\Support Tools.
After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed.
NOTE: The server may need to reregister its IP configuration (by using Ipconfig)
after you run Netdiag. The Netlogon service may also need to be restarted.
If the Active Directory DNS records do not appear, you may need to manually re-
create the DNS zone.
After you run the Netdiag utility, refresh the view in the DNS Management
console. The Active Directory DNS records should then be listed. Manually re-
create the DNS zone:
Still need help, contact consultant Your feedback and contributions to this web
site
58)How to configure DNS Forwarders
Ans: To ensure network functionality outside of the Active Directory domain
(such as browser requests for Internet addresses), configure the DNS server to
forward DNS requests to the appropriate Internet service provider (ISP) or
corporate DNS servers. To configure forwarders on the DNS server:
Start the DNS Management console.
Right-click the name of the server, and then click Properties.
Click the Forwarders tab.
Click to select the Enable Forwarders check box.
NOTE: If the Enable Forwarders check box is unavailable, the DNS server is
attempting to host a root zone (usually identified by a zone named only with a
period, or dot ("."). You must delete this zone to enable the DNS server to
forward DNS requests. In a configuration in which the DNS server does not rely
on an ISP DNS server or a corporate DNS server, you can use a root zone entry.
Type the appropriate IP addresses for the DNS servers that will accept forwarded
requests from this DNS server. The list reads from the top down in order; if there
is a preferred DNS server, place it at the top of the list.
Click OK to accept the changes.
59)DC's FQDN Does Not Match Domain Name?
Ans: Symptoms: After you promote or install a domain controller, the DNS suffix
of your computer name may not match the domain name. Or the FQDN does not
match the domain name because a NT 4.0 upgrade automatically clears the
Change primary DNS suffix when domain membership changes check box. It is
not possible to rename the computer on the Network Identification tab. Also, you
may receive NETLOGON events in the System Log with ID:5781 or other error
messages that indicate a failure to dynamically register DNS records.
Resolutions: 1. After you upgrade to Microsoft Windows 2000, but before you
run dcpromo and obtain the Active Directory Installation Wizard, add the
following values to the following registry key:
Value name: SyncDomainWithMembership
Value type: REG_DWORD
Value: 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
2. If you have already promoted to a domain controller, use the Active Directory
Installation Wizard to demote to a member server. Click to select the Change
primary DNS suffix when domain membership changes check box, and then run
dcpromo to promote back to a domain controller.
3. Modify
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
and changed domain=mydomain.com, NV Domain=mydomain.com,
SyncDomainWithMembership= 1 (here mydomain.com is yhe donaim name).
74)Primary or Active Directory Integrated DNS
Ans: With Active Directory Integrated DNS, this permits all servers to accept
updates. Instead of adding standard secondary DNS servers, you can convert the
server from a primary DNS server to an Active Directory Integrated Primary
server and configure another domain controller to be a DNS server. With Active
Directory Integrated DNS servers, all the servers are primary servers, so when a
zone change is made at one server, it is replicated to the others, eliminating the
need for a zone transfer.
60)2nd DNS Issues
1. When setup 2nd DNS, make sure you type correct Master DNS Server IP
address.
2. Make sure primary DNS and 2nd DNS servers can ping each other and not
firewall block them.
3. Make sure primary DNS and 2nd DNS servers point to each other as primary
and themselves as secondary.
76)Some A Records don't appear in DNS
Cause: 1. incorrect TCP/IP settings.
2. Register this connection's address in DNS is unchecked.
77)The DSA operation is unable to proceed because of a DNS lookup
failure.
Symptoms: 1. When trying to DCPROMO, ,you receive: "The operation failed
because: The directory service failed to replicate off changes made locally. The
DSA operation is unable to proceed because of a DNS lookup failure."
2. The Event Viewer may list Event ID: 1265 - The DSA operation is unable to
proceed because of a DNS lookup failure.
3. DCDiag test display this message: "The DSA operation is unable to proceed
because of a DNS lookup failure".
Causes: 1. Incorrect TCP/IP configuration.
2. Incorrect DNS configuration
3. Bad information in DNS Manager.
61)“The procedure entry point DsIsManagedDnW could be located in
the dynamic link library NTDSAPI.dll”
Ans: Symptom: when trying to run DCDiag and getting the following error, "the
procedure entry point DsIsManagedDnW could be located in the dynamic link
library NTDSAPI.dll".
Resolutions: 1. Remove the dcdiag.exe from Controller Panel and install it from
w2k/xp DC.
2. The "entry point not found" is typical of a service pack mismatch and the
dcdiag.exe is out of sync with the service pack level of your system. To fix, go to
the service pack x folder, and find "adminpack.msi" Right click it and select
install.
62)Troubleshooting the Domain Locator Process
1) Check Event Viewer on both the client and the DNS server for any errors.
Verify that the IP configuration is correct for your network by using ipconfig /all.
Ping both the DNS IP address and the DNS server name to verify network
connectivity and name resolution. .
Use nslookup servername.domain.com command to verify that DNS entries are
correctly registered in DNS.
If nslookup command does not succeed, use one of the following methods to
reregister records with DNS: a) force host record registration by using ipconfig
/register dns; b) force domain controller service registration by
stopping/restarting the Netlogon service.
If you still have the same issue, use Network Monitor to monitor network traffic
between the client and the domain controller.
63)Which DNS does a VPN client use
1. Assuming both LAN connection and VPN connection have the different DNS
because they are assigned by different DHCPs, the active DNS goes with the
default gateway.
2. You can pick up which DNS you want to use manually.
64)Which ports are used for DNS
Ans:UDP and TCP port 53. However, the internal DNS clients may not hear
answers even though the query has been sent out on 53,until you open the UDP
port above 1023.
65)Why I can't perform external name resolution to the root hint
servers on the Internet?
A: make sure "." zone does not exist under forward lookup zones in DNS. If you
do not delete this setting, you may not be able to perform external name
resolution to the root hint servers on the Internet.
66) Why do I have to point my domain controller to itself for DNS?
A: The Netlogon service on the domain controller registers a number of records
in DNS that enable other domain controllers and computers to find Active
Directory-related information. If the domain controller is pointing to the ISP's
DNS server, Netlogon does not register the correct records for Active Directory,
and errors are generated in Event Viewer. The preferred DNS setting for the
domain controller is itself; no other DNS servers should be listed. The only
exception to this rule is with additional domain controllers. Additional domain
controllers in the domain must point to the first domain controller (which runs
DNS) that was installed in the domain and then to themselves as secondary.
67): Everyone can access our web site on the Internet. But no one can
access the web site internally. Instead, we are point to our Intranet.
A: If you network domain name is the same of your web site name, you should
point the web to the web public IP. To do this, open DNS manager and create a
host. for example www.chicagotech.net=public ip.
68) *** Can't find server name for address w.x.y.z: Timed out
Cause: the DNS server cannot be reached or the service is not running on that
computer.
2. *** Can't find server name for address 127.0.0.1: Timed out
Cause: no servers have been defined in the DNS Service Search Order list
3. *** Can't find server name for address w.x.y.z: Non-existent domain
Cause: there is no PTR record for the name server's IP address.
4.*** ns.domain.com can't find child.domain.com.: Non-existent domain
5. *** Can't list domain child.domain.com.: Non-existent domain
Cause: No separate db file for the domain, thus querying that domain or running
a zone transfer on it will produce the above errors.
69)What does netdiag /fix do
A: Netdiag /fix switch is very useful tool to correct issues with DNS and domain
controller tests. 1. DNS Test: If the computer is a domain controller, Netdiag
verifies all the DNS entries in the Netlogon.dns file to determine if they are
correct and updates the appropriate entries if there is a problem. 2. Domain
Controller Test: If the domain GUID cached in a local computer on your primary
domain is different than the domain GUID saved in a domain controller, Netdiag
tries to update the domain GUID on the local computer.
No comments:
Post a Comment