Secondary DNS failing to redirect clients when Primary DNS goes down
i have single domain 2 windows 2008 servers, dc1 (physical) , dc2 (virtual). both servers run dns , gc servers, , entire domain on same subnet (192.168.0.x).
all clients on network configured use dc1 primary dns, dc2 secondary dns.
dhcp enabled on dc1. (this might part of issue, not sure).
the problem when dc1 goes down reboot or repair, lose access internet our clients. trying pull website results in "page cannot displayed" error. dc2 available during time , can pinged client not resolve dns requests, if specify primary dns server on 1 of workstations. can log on to dc2 locally , browse web.
here results of dcdiag /dnsall dc2 (i bolded areas of concern):
-------------------------------------------------------------------------------
directory server diagnosis
performing initial setup:
* connecting directory service on server dc2.
* identified ad forest.
collecting ad specific global data
* collecting site info.
calling ldap_search_init_page(hld,cn=sites,cn=configuration,dc=mydomain,dc=com,ldap_scope_subtree,(objectcategory=ntdssitesettings),.......
the previous call succeeded
iterating through sites
looking @ base site object: cn=ntds site settings,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com
getting istg , options site
* identifying servers.
calling ldap_search_init_page(hld,cn=sites,cn=configuration,dc=mydomain,dc=com,ldap_scope_subtree,(objectclass=ntdsdsa),.......
the previous call succeeded....
the previous call succeeded
iterating through list of servers
getting information server cn=ntds settings,cn=dc1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com
objectguid obtained
invocationid obtained
dnshostname obtained
site info obtained
all info server collected
getting information server cn=ntds settings,cn=dc2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration,dc=mydomain,dc=com
objectguid obtained
invocationid obtained
dnshostname obtained
site info obtained
all info server collected
* identifying nc cross-refs.
* found 2 dc(s). testing 1 of them.
done gathering initial info.
doing initial required tests
testing server: default-first-site-name\dc2
starting test: connectivity
* active directory ldap services check
determining ip4 connectivity
determining ip6 connectivity
* active directory rpc services check
......................... dc2 passed test connectivity
doing primary tests
testing server: default-first-site-name\dc2
test omitted user request: advertising
test omitted user request: checksecurityerror
test omitted user request: cutoffservers
test omitted user request: frsevent
test omitted user request: dfsrevent
test omitted user request: sysvolcheck
test omitted user request: kccevent
test omitted user request: knowsofroleholders
test omitted user request: machineaccount
test omitted user request: ncsecdesc
test omitted user request: netlogons
test omitted user request: objectsreplicated
test omitted user request: outboundsecurechannels
test omitted user request: replications
test omitted user request: ridmanager
test omitted user request: services
test omitted user request: systemlog
test omitted user request: topology
test omitted user request: verifyenterprisereferences
test omitted user request: verifyreferences
test omitted user request: verifyreplicas
starting test: dns
dns tests running , not hung. please wait few minutes...
see dns test in enterprise tests section results
......................... dc2 passed test dns
running partition tests on : forestdnszones
test omitted user request: checksdrefdom
test omitted user request: crossrefvalidation
running partition tests on : domaindnszones
test omitted user request: checksdrefdom
test omitted user request: crossrefvalidation
running partition tests on : schema
test omitted user request: checksdrefdom
test omitted user request: crossrefvalidation
running partition tests on : configuration
test omitted user request: checksdrefdom
test omitted user request: crossrefvalidation
running partition tests on : mydomain
test omitted user request: checksdrefdom
test omitted user request: crossrefvalidation
running enterprise tests on : mydomain.com
starting test: dns
test results domain controllers:
dc: dc2.mydomain.com
domain: mydomain.com
test: authentication (auth)
authentication test: completed
test: basic (basc)
microsoftr windows serverr 2008 standard (service pack level: 2.0)
is supported
netlogon service running
kdc service running
dnscache service running
dns service running
dc dns server
network adapters information:
adapter [00000006] intel(r) pro/1000 mt network connection:
mac address 00:0c:29:91:59:68
ip address static
ip address: 192.168.0.249
dns servers:
192.168.0.105 (dc1.mydomain.com.) [valid]
127.0.0.1 (dc2) [valid]
the host record(s) dc found
warning: aaaa record dc not found
[error details: 9501 (type: win32 - description: no records found given dns query.) - mydomain.com]
the soa record active directory zone found
the active directory zone on dc/dns server found primary
root zone on dc/dns server not found
test: forwarders/root hints (forw)
recursion enabled
forwarders information:
192.168.0.105 (dc1.mydomain.com.) [valid]
192.168.0.7 (<name unavailable>) [invalid (unreachable)]
error: forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
test: delegations (del)
delegation information zone: mydomain.com.
delegated domain name: _msdcs.mydomain.com.
dns server: dc1.mydomain.com. ip:192.168.0.105 [valid]
test: dynamic update (dyn)
test record _dcdiag_test_record added in zone mydomain.com
test record _dcdiag_test_record deleted in zone mydomain.com
test: records registration (rreg)
network adapter
[00000006] intel(r) pro/1000 mt network connection:
matching cname record found @ dns server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
matching record found @ dns server 192.168.0.105:
dc2.mydomain.com
warning:
missing aaaa record @ dns server 192.168.0.105:
dc2.mydomain.com
[error details: 9501 (type: win32 - description: no records found given dns query.)]
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kerberos._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kerberos._udp.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kpasswd._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_kerberos._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
matching record found @ dns server 192.168.0.105:
gc._msdcs.mydomain.com
warning:
missing aaaa record @ dns server 192.168.0.105:
gc._msdcs.mydomain.com
[error details: 9501 (type: win32 - description: no records found given dns query.)]
matching srv record found @ dns server 192.168.0.105:
_gc._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.105:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.mydomain.com
matching cname record found @ dns server 192.168.0.249:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
matching record found @ dns server 192.168.0.249:
dc2.mydomain.com
warning:
missing aaaa record @ dns server 192.168.0.249:
dc2.mydomain.com
[error details: 9501 (type: win32 - description: no records found given dns query.)]
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kerberos._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kerberos._udp.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kpasswd._tcp.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.default-first-site-name._sites.dc._msdcs.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_kerberos._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
matching record found @ dns server 192.168.0.249:
gc._msdcs.mydomain.com
warning:
missing aaaa record @ dns server 192.168.0.249:
gc._msdcs.mydomain.com
[error details: 9501 (type: win32 - description: no records found given dns query.)]
matching srv record found @ dns server 192.168.0.249:
_gc._tcp.default-first-site-name._sites.mydomain.com
matching srv record found @ dns server 192.168.0.249:
_ldap._tcp.default-first-site-name._sites.gc._msdcs.mydomain.com
warning: record registrations not found in network adapters
test: external name resolution (ext)
internet name www.microsoft.com resolved successfully
summary of test results dns servers used above domain
controllers:
dns server: 192.168.0.7 (<name unavailable>)
1 test failure on dns server
ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.168.0.7 [error details: 1460 (type: win32 - description: operation returned because timeout period expired.)]
dns server: 192.168.0.105 (dc1.mydomain.com.)
all tests passed on dns server
name resolution functional._ldap._tcp srv record forest root domain registered
dns delegation domain _msdcs.mydomain.com. operational on ip 192.168.0.105
dns server: 192.168.0.249 (dc2)
all tests passed on dns server
name resolution functional._ldap._tcp srv record forest root domain registered
summary of dns test results:
auth basc forw del dyn rreg ext
_________________________________________________________________
domain: mydomain.com
dc2 pass warn fail pass pass warn pass
......................... mydomain.com failed test dns
test omitted user request: locatorcheck
test omitted user request: intersite
looks may trying forward machine that's down (dc1 , 192.168.0.7) and root hints aren't available.
check out article: http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
see if can enable dns access through firewall internet if it's not available. try match whatever forwarder settings on dc1, or remove them entirely , let server resolve dns internet root servers. alternativly, change forwarder public dns server have access to, isp should supply or test common 4.2.2.2.
please remember, if see post helped please click "vote helpful" , if answered question please click "mark answer". swc unified communications
Windows Server > IPAM, DHCP, DNS
Comments
Post a Comment