Multiple DNS Servers

G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

I work for a small state agency that only has thirty users
that can possibly be logged on at any given time. We
currently have three domain controllers running on our
network and all of them have their own copy of DNS
installed. It was my belief at the time I set this
network up that this approach would add redundancy to our
network and allow for a failure of one of the servers w/o
bringing down the entire network. In addition, I also
felt that this would provide some load balancing and help
keep the network running faster and smoother. I have
recently been having some second thoughts on that
strategy. It seems that some of the DNS servers are not
synchronizing with the other servers on the network. Can
somebody tell me if I was correct in using this approach
or would it have been better off to only have one server
running DNS since our agency is so small?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:20b6c01c45a27$f4665cb0$a601280a@phx.gbl,
Steven Rulison <anonymous@discussions.microsoft.com> posted their thoughts,
then I offered mine
> I work for a small state agency that only has thirty users
> that can possibly be logged on at any given time. We
> currently have three domain controllers running on our
> network and all of them have their own copy of DNS
> installed. It was my belief at the time I set this
> network up that this approach would add redundancy to our
> network and allow for a failure of one of the servers w/o
> bringing down the entire network. In addition, I also
> felt that this would provide some load balancing and help
> keep the network running faster and smoother. I have
> recently been having some second thoughts on that
> strategy. It seems that some of the DNS servers are not
> synchronizing with the other servers on the network. Can
> somebody tell me if I was correct in using this approach
> or would it have been better off to only have one server
> running DNS since our agency is so small?


It's the correct approach. I'm going to assume the zones on each DC/DNS
server are all AD Integrated. If not, make that so. AD Integration means the
zone is stored in the actual physical AD database (logically in the Domain
NC containter). This gets replicated to other domain controllers with AD's
replication process. If you believe that replication is not occuring
properly, then to further tech support this, we'll need more information to
help out.

1. What observations are you basing this on?
2. Are there any errors on any of the DCs' Event logs? - Looking for NTFRS,
Netlogon, Kerberos and LDAP errors.
3. Please post from each DC an unedited ipconfig /all
4. Please provide the actual AD DNS domain name so we can match up the
configuration with the ipconfig /all.

Thanks


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

Per your request, I have attached the information
regarding our DNS servers.

Thank you for your assistance.

Note:
The two domain controllers currently running DNS are
identified as FS-DC-1 and DB2SERVER. There are also two
additional domain controllers that were running on our
network identified as SP1 and SP2 but they are not
currently running at this time. They are however still
listed in the Active Directory DNS listing with identical
zones.

1. WHAT OBSERVATIONS ARE YOU BASING THIS ON?

Error messages appearing on a daily basis in the DNS Event
log

2. ARE THERE ANY ERRORS ON ANY OF THE DCS' EVENT LOGS -
LOOKING FOR NTFRS, NETLOGON, KERBEROS, AND LDAP ERRORS?

Yes we have in the past but I did not find any error
messages in our log at the time of this writing that
referred to any of the entities mentioned above. I have
listed below the error message that is continually written
to the DNS event log.

Error Message on FS-DC-1:
The description for Event ID ( 7062 ) in Source ( DNS )
cannot be found. The local computer may not have the
necessary registry information or message DLL files to
display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description;
see Help and Support for details. The following
information is part of the event: 10.44.1.210.

Error Message on DB2SERVER:
The description for Event ID ( 7062 ) in Source ( DNS )
cannot be found. The local computer may not have the
necessary registry information or message DLL files to
display messages from a remote computer. You may be able
to use the /AUXSOURCE= flag to retrieve this description;
see Help and Support for details. The following
information is part of the event: 10.44.1.18.

3. PLEASE POST FROM EACH DC AN UNEDITED IPCONFIG/ALL




IPCONFIG For DB2SERVER

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

H:\>IPCONFIG /ALL

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : db2server
Primary DNS Suffix . . . . . . . : ilptab.il.us
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ilptab.il.us
il.us

Ethernet adapter Springfield Primary 10.44.1.18:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/100+ Server Adapter (PI
LA8470B)
Physical Address. . . . . . . . . : 00-E0-18-29-B8-
E1
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.44.1.18
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.44.1.1
DNS Servers . . . . . . . . . . . : 10.44.1.18
10.44.1.210

IPCONFIG For FS-DC-1





>-----Original Message-----
>I work for a small state agency that only has thirty
users
>that can possibly be logged on at any given time. We
>currently have three domain controllers running on our
>network and all of them have their own copy of DNS
>installed. It was my belief at the time I set this
>network up that this approach would add redundancy to our
>network and allow for a failure of one of the servers w/o
>bringing down the entire network. In addition, I also
>felt that this would provide some load balancing and help
>keep the network running faster and smoother. I have
>recently been having some second thoughts on that
>strategy. It seems that some of the DNS servers are not
>synchronizing with the other servers on the network.
Can
>somebody tell me if I was correct in using this approach
>or would it have been better off to only have one server
>running DNS since our agency is so small?
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

You can only view event logs from a machine with the DNS server installed.

The text of those events is pasted below. You should follow the steps to
search for mis-configurations.

The DNS server encountered a packet addressed to itself -- IP address %1.
%n
%nThe DNS server should never be sending a packet to itself. This situation
usually
indicates a configuration error.
%n
%nCheck the following areas for possible self-send configuration errors:
%n 1) Forwarders list. (DNS servers should not forward to themselves).
%n 2) Master lists of secondary zones.
%n 3) Notify lists of primary zones.
%n 4) Delegations of subzones. Must not contain NS record for this DNS
server
unless subzone is also on this server.
%n
%nExample of self-delegation:
%n -> This DNS server dns1.foo.com is the primary for the zone foo.com.
%n -> The foo.com zone contains a delegation of bar.foo.com to
dns1.foo.com,
%n (bar.foo.com NS dns1.foo.com)
%n -> BUT the bar.foo.com zone is NOT on this server.
%n
%nNote, you should make this delegation check (with nslookup or DNS manager)
both
on this DNS server and on the server(s) you delegated the subzone to.
It is possible that the delegation was done correctly, but that the primary
DNS for the subzone, has any incorrect NS record pointing back at this
server.
If this incorrect NS record is cached at this server, then the self-send
could result. If found, the subzone DNS server admin should remove the
offending NS record.

"Steve Rulison" <anonymous@discussions.microsoft.com> wrote in message
news:226ea01c45de8$3decc720$a601280a@phx.gbl...
> Per your request, I have attached the information
> regarding our DNS servers.
>
> Thank you for your assistance.
>
> Note:
> The two domain controllers currently running DNS are
> identified as FS-DC-1 and DB2SERVER. There are also two
> additional domain controllers that were running on our
> network identified as SP1 and SP2 but they are not
> currently running at this time. They are however still
> listed in the Active Directory DNS listing with identical
> zones.
>
> 1. WHAT OBSERVATIONS ARE YOU BASING THIS ON?
>
> Error messages appearing on a daily basis in the DNS Event
> log
>
> 2. ARE THERE ANY ERRORS ON ANY OF THE DCS' EVENT LOGS -
> LOOKING FOR NTFRS, NETLOGON, KERBEROS, AND LDAP ERRORS?
>
> Yes we have in the past but I did not find any error
> messages in our log at the time of this writing that
> referred to any of the entities mentioned above. I have
> listed below the error message that is continually written
> to the DNS event log.
>
> Error Message on FS-DC-1:
> The description for Event ID ( 7062 ) in Source ( DNS )
> cannot be found. The local computer may not have the
> necessary registry information or message DLL files to
> display messages from a remote computer. You may be able
> to use the /AUXSOURCE= flag to retrieve this description;
> see Help and Support for details. The following
> information is part of the event: 10.44.1.210.
>
> Error Message on DB2SERVER:
> The description for Event ID ( 7062 ) in Source ( DNS )
> cannot be found. The local computer may not have the
> necessary registry information or message DLL files to
> display messages from a remote computer. You may be able
> to use the /AUXSOURCE= flag to retrieve this description;
> see Help and Support for details. The following
> information is part of the event: 10.44.1.18.
>
> 3. PLEASE POST FROM EACH DC AN UNEDITED IPCONFIG/ALL
>
>
>
>
> IPCONFIG For DB2SERVER
>
> Microsoft Windows 2000 [Version 5.00.2195]
> (C) Copyright 1985-2000 Microsoft Corp.
>
> H:\>IPCONFIG /ALL
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : db2server
> Primary DNS Suffix . . . . . . . : ilptab.il.us
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ilptab.il.us
> il.us
>
> Ethernet adapter Springfield Primary 10.44.1.18:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R)
> PRO/100+ Server Adapter (PI
> LA8470B)
> Physical Address. . . . . . . . . : 00-E0-18-29-B8-
> E1
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.44.1.18
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.44.1.1
> DNS Servers . . . . . . . . . . . : 10.44.1.18
> 10.44.1.210
>
> IPCONFIG For FS-DC-1
>
>
>
>
>
> >-----Original Message-----
> >I work for a small state agency that only has thirty
> users
> >that can possibly be logged on at any given time. We
> >currently have three domain controllers running on our
> >network and all of them have their own copy of DNS
> >installed. It was my belief at the time I set this
> >network up that this approach would add redundancy to our
> >network and allow for a failure of one of the servers w/o
> >bringing down the entire network. In addition, I also
> >felt that this would provide some load balancing and help
> >keep the network running faster and smoother. I have
> >recently been having some second thoughts on that
> >strategy. It seems that some of the DNS servers are not
> >synchronizing with the other servers on the network.
> Can
> >somebody tell me if I was correct in using this approach
> >or would it have been better off to only have one server
> >running DNS since our agency is so small?
> >.
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.dns (More info?)

In news:226ea01c45de8$3decc720$a601280a@phx.gbl,
Steve Rulison in <anonymous@discussions.microsoft.com> posted their
thoughts, then I offered mine
> Per your request, I have attached the information
> regarding our DNS servers.
>
> Thank you for your assistance.
>
> Note:
> The two domain controllers currently running DNS are
> identified as FS-DC-1 and DB2SERVER. There are also two
> additional domain controllers that were running on our
> network identified as SP1 and SP2 but they are not
> currently running at this time. They are however still
> listed in the Active Directory DNS listing with identical
> zones.
>
> 1. WHAT OBSERVATIONS ARE YOU BASING THIS ON?
>
> Error messages appearing on a daily basis in the DNS Event
> log
>
> 2. ARE THERE ANY ERRORS ON ANY OF THE DCS' EVENT LOGS -
> LOOKING FOR NTFRS, NETLOGON, KERBEROS, AND LDAP ERRORS?
>
> Yes we have in the past but I did not find any error
> messages in our log at the time of this writing that
> referred to any of the entities mentioned above. I have
> listed below the error message that is continually written
> to the DNS event log.
>
> Error Message on FS-DC-1:
> The description for Event ID ( 7062 ) in Source ( DNS )
> cannot be found. The local computer may not have the
> necessary registry information or message DLL files to
> display messages from a remote computer. You may be able
> to use the /AUXSOURCE= flag to retrieve this description;
> see Help and Support for details. The following
> information is part of the event: 10.44.1.210.
>
> Error Message on DB2SERVER:
> The description for Event ID ( 7062 ) in Source ( DNS )
> cannot be found. The local computer may not have the
> necessary registry information or message DLL files to
> display messages from a remote computer. You may be able
> to use the /AUXSOURCE= flag to retrieve this description;
> see Help and Support for details. The following
> information is part of the event: 10.44.1.18.
>
> 3. PLEASE POST FROM EACH DC AN UNEDITED IPCONFIG/ALL
>
>
>
>
> IPCONFIG For DB2SERVER
>
> Microsoft Windows 2000 [Version 5.00.2195]
> (C) Copyright 1985-2000 Microsoft Corp.
>
> H:\>IPCONFIG /ALL
>
> Windows 2000 IP Configuration
>
> Host Name . . . . . . . . . . . . : db2server
> Primary DNS Suffix . . . . . . . : ilptab.il.us
> Node Type . . . . . . . . . . . . : Broadcast
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ilptab.il.us
> il.us
>
> Ethernet adapter Springfield Primary 10.44.1.18:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R)
> PRO/100+ Server Adapter (PI
> LA8470B)
> Physical Address. . . . . . . . . : 00-E0-18-29-B8-
> E1
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 10.44.1.18
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.44.1.1
> DNS Servers . . . . . . . . . . . : 10.44.1.18
> 10.44.1.210
>
> IPCONFIG For FS-DC-1
>

Thanks for posting that information. However, you accidentally left out the
other ipconfig.
Based on what Jeff posted, which is the Event ID # 7062 error message, it
pretty much states a configuration error.

Are forwarders configured? If yes, to what are they forwarding to?
Are any of the DC/DNS servers mutlihomed?
Is there a delegation?

As for your one comment about two other DCs but you unplugged them, you
can't do that with AD. You can't just unplug them like you can in NT4. Need
to properly demote them. But not knowing how long they've been unplugged,
(there's a 60 day limit based on AD's tombstone lifetime), I would suggest
to keep them unplugged at this time and perform a Metadata cleanup. I
believe this is essential at this point. Here's how:

HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion Q216498:
http://support.microsoft.com/?id=216498




--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================