Introduction
My Active Directory Server has being down for a couple of weeks or so. My friend, who helps me repair computers, says that it is the same capacitor problem that besieges this particular Dell Model.
It looks like it will take a while to get it back up.
Problem Diagnosis
I was hoping that the secondary domain controller will be able to service DNS Requests, but that does not seem to be occurring.
Connected to my Domain Name Registrant and confirmed that my ns1 and ns2 entries are pointing to my current Dynamic IP Addresses.
Wishing DNS resolution has a good way to trace and debug things.
Problem Diagnosis – Secondary DNS Server
Let us determine what tools are available for reviewing DNS Server issues:
Review Secondary DNS Server – Event Viewer
As always MS Windows Event Viewer is a good place to check.
Thankfully, saw a few errors:
|
Verify – DNS Server – DNSLint
Introduction
Microsoft has a tool for diagnosing DNS Issues.
Download
Download DNSlint from http://support.microsoft.com/kb/321045.
Install
Run Self-extracting install.
Usage
Use – Test Domain Name
Syntax:
dnslint /d [domain-name]
Sample:
dnslint /d myLab.org
Output : DNS Server : ns1
DNS Server : ns2
Explanation:
- So we ran DNSLint from the secondary server itself — Doing so means we are less likely to experience network \ firewall issues
- And, still the secondary server is coming back with not responding to UDP Port 53 requests
- None of the tests came back with data that is useful. The following tests came back as Unknown : Answering authoritatively for domain, Authoritative name server
Conclusion:
- Though our secondary server is up, it is really not very useful in terms of servicing DNS requests
Verify – DNS Server – Listening Port
Introduction
On the secondary DNS Server, let us go check our listening ports
Review Listening Ports
Syntax:
netstat -anb | find "LISTENING"
Sample:
netstat -anb | find "LISTENING"
Output:
Explanation:
- We can see that the server has TCP port 53 opened and listening on all interfaces on this box
Verify – DNS Server – DLint
Introduction
One can use dlint to query DNS.
Download
Syntax:
wget [URL] -O [output-file]
Sample:
wget http://pkgs.repoforge.org/dlint/dlint-1.4.0-0.2.el4.rf.noarch.rpm \ -O /tmp/dlint-1.4.0-0.2.el4.rf.noarch.rpm
Output:
Install
Syntax:
sudo rpm -Uvh [rpm]
Sample:
sudo rpm -Uvh dlint-1.4.0-0.2.el4.rf.noarch.rpm
Output:
Test
Syntax:
dlint -n [domain-name]
Sample:
dlint -n labDomain.org
Output:
Explanation:
- Error: no name servers found for domain
Upgrade Secondary Server to Primary Server
Steps
- Launch DNS Management (dnsmgmt.msc)
- Select the Domain Name
- Right click on the Domain Name and from the drop-down menu select the “Properties” option
- In the “Properties” window, select the “General” Tab
- In the “General” Tab, you will see the following values – For Status, Expired and for Type: Secondary
- As Type is listed as Secondary, click on the “Change” button
- The “Change Zone Type” window appears
- Click on the “Primary zone” button and click on the “OK” button
- The change is almost complete – The Status is still Expired, but the Type is Primary
- Click on the Apply button
- Return to the main window
- In the “Properties” window, select the “Start of Authority (SOA)” Tab
- Change the “Primary Server” to the recently upgraded Server
- Click on the Apply button
- Click on the Domain Zone
- Right-click on the Zone and from the drop-down, select the “Reload” button
- Restart DNS Server
Couple of quick things:
- Please repeat similar steps for each pertinent reverse DNS Zones
DNSMGMT – DNS – Forward Lookup Zones
DNSMGMT – DNS – Change Zone Type
Current:
Changes Started:
Changes Ongoing:
DNS – Verify – DNSList
Steps
Run DNSList again …
DNS Zones in Active Directory
Though I have yet to fully vet the path of storing DNS Zones in “Active Directory”.
But, as we all know Active Directory’s great leap over MS Windows NT 4.0 is doing away with the limitation of Domain And Backup Domain Server and having multiple domain controllers.
Thus following the thought that each server will have its own copy of Active Directory,we can see that when we store DNS in AD, DNS is replicated and available on all Domain Servers, as well.