Introduction

My Active Directory Server has being down for a couple of weeks or so.  My friend, who helps me repair computers, says that it is the same capacitor problem that besieges this particular Dell Model.

It looks like it will take a while to get it back up.

Problem Diagnosis

I was hoping that the secondary domain controller will be able to service DNS Requests, but that does not seem to be occurring.

Connected to my Domain Name Registrant and confirmed that my ns1 and ns2 entries are pointing to my current Dynamic IP Addresses.

Wishing DNS resolution has a good way to trace and debug things.

Problem Diagnosis – Secondary DNS Server

Let us determine what tools are available for reviewing DNS Server issues:

Review Secondary DNS Server – Event Viewer

As always MS Windows Event Viewer is a good place to check.

Thankfully, saw a few errors:

EventID Description 3000 The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate. 6527 Zone myLAB.com expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down. 408 The DNS server could not open socket for address 24.6.18.17. Verify that this is a valid IP address for the server computer. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ ListenAddress value in the services section of the registry and restart.)If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.For more information, see “DNS server log reference” in the online Help.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 407 The DNS server could not bind a User Datagram Protocol (UDP) socket to 24.6.18.17. The event data is the error code. Restart the DNS server or reboot your computer.

Verify – DNS Server – DNSLint

Introduction

Microsoft has a tool for diagnosing DNS Issues.

Download

Download DNSlint from http://support.microsoft.com/kb/321045.

Install

Run Self-extracting install.

Usage

Use – Test Domain Name

Syntax:

   dnslint /d [domain-name]

Sample:

    dnslint /d myLab.org

 

Output : DNS Server : ns1

DNS Server : ns2

Explanation:

• So we ran DNSLint from the secondary server itself — Doing so means we are less likely to experience network \ firewall issues
• And, still the secondary server is coming back with not responding to UDP Port 53 requests
• None of the tests came back with data that is useful.  The following tests came back as Unknown : Answering authoritatively for domain, Authoritative name server

Conclusion:

• Though our secondary server is up, it is really not very useful in terms of servicing DNS requests

Verify – DNS Server – Listening Port

Introduction

On the secondary DNS Server, let us go check our listening ports

Review Listening Ports

Syntax:

        netstat -anb | find "LISTENING"

Sample:

        netstat -anb | find "LISTENING"

Output:

Explanation:

• We can see that the server has TCP port 53 opened and listening on all interfaces on this box

 

Verify – DNS Server – DLint

Introduction

One can use dlint to query DNS.

Download

Syntax:

wget [URL] -O [output-file]

Sample:

  wget http://pkgs.repoforge.org/dlint/dlint-1.4.0-0.2.el4.rf.noarch.rpm \
    -O /tmp/dlint-1.4.0-0.2.el4.rf.noarch.rpm

Output:

Install

Syntax:

sudo rpm -Uvh [rpm]

Sample:

sudo rpm -Uvh dlint-1.4.0-0.2.el4.rf.noarch.rpm

Output:

 

Test

Syntax:

dlint -n [domain-name]

Sample:

dlint -n labDomain.org

Output:

Explanation:

•  Error: no name servers found for domain

Upgrade Secondary Server to Primary Server

Steps

• Launch DNS Management (dnsmgmt.msc)
• Select the Domain Name
• Right click on the Domain Name and from the drop-down menu select the “Properties” option
• In the “Properties” window, select the “General” Tab
• In the “General” Tab, you will see the following values – For Status, Expired and for Type: Secondary
• As Type is listed as Secondary, click on the “Change” button
• The “Change Zone Type” window appears
• Click on the “Primary zone” button and click on the “OK” button
• The change is almost complete – The Status is still Expired, but the Type is Primary
• Click on the Apply button
• Return to the main window
• In the “Properties” window, select the “Start of Authority (SOA)” Tab
• Change the “Primary Server” to the recently upgraded Server
• Click on the Apply button
• Click on the Domain Zone
• Right-click on the Zone and from the drop-down, select the “Reload” button
• Restart DNS Server

 

Couple of quick things:

• Please repeat similar steps for each pertinent reverse DNS Zones

 

DNSMGMT – DNS – Forward Lookup Zones

DNSMGMT – DNS – Change Zone Type

Current:

Changes Started:

Changes Ongoing:

 

DNS – Verify – DNSList

Steps

Run DNSList again …

DNS Zones in Active Directory

Though I have yet to fully vet the path of storing DNS Zones in “Active Directory”.

But, as we all know Active Directory’s great leap over MS Windows NT 4.0 is doing away with the limitation of Domain And Backup Domain Server and having multiple domain controllers.

Thus following the thought that each server will have its own copy of Active Directory,we can see that when we store DNS in AD, DNS is replicated and  available on all Domain Servers, as well.