Problemas con Servidor DNS

-

buenos dias

tengo problemas con mi servidor dns principal.

explico detalle mi escenario.

tengo un servidor active directory y con dns primario con mi segmento de red 192.168.55.x
servidor secundario de active directory y dns secundario con mi segmento de red 192.168.50.x

ambas redes configuradas para que convivan perfectamente con un router cisco 2800 series

el problema en especifico es: desde mi servidor primario realizo consultas dns hacia afuera y no tengo respuesta

c:\documents , settings\$$$$$$$>nslookup hotmail.com 192.168.55.###
*** no se puede encontrar el nombre de servidor para la dirección 192.168.55.###
: non-existent domain
servidor:  unknown
address:  192.168.55.###

dns request timed out.
    timeout 2 seconds.
*** la petici¢n unknown caducado

lo raro: desde mi servidor secundario todas las consultas dns funcionan perfectamente

c:\documents , settings\$$$$$$>nslookup hotmail.com 192.168.50.##
servidor:  xxxserver.xxxxxxdades.com
address:  192.168.50.###

respuesta no autoritativa:
nombre:  hotmail.com
addresses:  65.55.72.151, 65.55.72.167, 65.55.72.183, 65.55.72.135

lo que tuve que hacer es todos mis equipos de la lan desde mi dhcp configurar que su dns primario sea el servidor 192.168.50.###
anteriormente estaba como dns primario el 192.168.55.### y dns secundario 192.168.50.###, obviamente como mi principal tiene problemas realize el cambio de que todos trabajaran por el secundario.

que puedo hacer para que mi dns primario funcione perfectamente?
veo que la falla es en mis reenviadores pero aun poniendo los correctos tengo un error como lo pueden ver en el diagnostico
anexo tambien analisis de dns desde mi principal.

mis reenviadores son: 4.2.2.2 y 4.2.2.4

dcdiag /test:dns

domain controller diagnosis

performing initial setup:
   done gathering initial info.

doing initial required tests
  
   testing server: central\dc1
      starting test: connectivity
         ......................... dc1 passed test connectivity

doing primary tests
  
   testing server: central\dc1

dns tests running , not hung. please wait few minutes...
  
   running partition tests on : forestdnszones
  
   running partition tests on : domaindnszones
  
   running partition tests on : schema
  
   running partition tests on : configuration
  
   running partition tests on : nombre del dominio (modificado por mi)
  
   running enterprise tests on : dominio.com
      starting test: dns
         test results domain controllers:
           
            dc: dc1.dominio.com
            domain: dominio.com

                 
               test: forwarders/root hints (forw)
                  error: root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
                  error: root hints list has invalid root hint server: b.root-servers.net. (192.228.79.201)
                  error: root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
                  error: root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
                  error: root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
                  error: root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
                  error: root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
                  error: root hints list has invalid root hint server: l.root-servers.net. (199.7.83.42)
        
         summary of test results dns servers used above domain controllers:

            dns server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 128.63.2.53
              
            dns server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.228.79.201
              
            dns server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.33.4.12
              
            dns server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.5.5.241
              
            dns server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 192.58.128.30
              
            dns server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 193.0.14.129
              
            dns server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 198.41.0.4
              
            dns server: 199.7.83.42 (l.root-servers.net.)
               1 test failure on dns server
               not valid dns server. ptr record query 1.0.0.127.in-addr.arpa. failed on dns server 199.7.83.42
              
         summary of dns test results:
        
                                            auth basc forw del  dyn  rreg ext 
               ________________________________________________________________
            domain: dominio.com
               dominio                pass pass fail pass pass pass n/a 
        
         ......................... dominio.com failed test dns

 

strush: disculpa que te editado el post, pero hubo un lugar donde se te escapó y quedó el nombre real del dominio, ya puse varias xxxx para que no se vea

 

la pregunta sería cómo sale el servidor "principal" hacia internet? través del cisco? desde ese dc, puedes navegar correctamente?
saludos,

marc
mcsa/mcse 2003
mcitp: enterprise administrator (windows server 2008)
mcitp: enterprise messaging administrator (microsoft exchange 2007 & exchange 2010)
mcitp: lync server administrator 2010
mcc: microsoft community contributor 2011
citrix cca
visita mi blog en itpro.es
mcp virtual bussines card


Windows Server  >  Administración de servidor



Comments

Post a Comment

Popular posts from this blog

CRL Revocation always failed

-
hi all, i try configure radius server nps, somehow certificate authentication client failed with reason: reason = revocation function unable check revocation because revocation server offline. then check certificate client, certutil -f -urlfetch -verify client7.cer, result follow: issuer:     cn=entca     dc=intra     dc=domain     dc=co     dc=sg subject:     cn=computer.intra.domain.co.sg cert serial number: 1c5b00de000000000041 dwflags = ca_verify_flags_allow_untrusted_root (0x1) dwflags = ca_verify_flags_ignore_offline (0x2) dwflags = ca_verify_flags_full_chain_revocation (0x8) dwflags = ca_verify_flags_console_trace (0x20000000) dwflags = ca_verify_flags_dump_chain (0x40000000) chainflags = cert_chain_revocation_check_chain (0x20000000) hcce_local_machine cert_chain_policy_base -------- cert_chain_context -------- chaincontext.dwinfostatus = ce...
Read more

Failed to query the results of bpa xpath

-
Image
i have new server installed hyper v, iis , domain services roles on it.  i checking event log , see warning multiple times, idea how rid of it?? failed query results of bpa xpath: microsoft/windows/fileservices:$reports$\*\result.xml:/resultdatabase/result. error: device attached system not functioning., last error: system cannot find path specified.. follow me on twitter <<< levalencia blog <<< hi, similar issue discussed in forum: to rid of warnings: 1. go dashboard 2. click on add roles , features 3. click next "before begin step" 4. select "role based or feature based installation" , click next 5. select given server server pool , click next 6. in server roles step make sure following checked:   file , storage services > file , iscsi services > file server, click next 7.click next through rest of steps , install server role 8. rerun bpa scan described earlier for more information please refer foll...
Read more

0x300000d errors in Microsoft Remote Desktop client

-
we use rd connect home users office. @ server side remote desktop gateway configured on 2008r2 server. experience following:   for years worked fine, starting last year users apple macbook experienced connection errors after new version of microsoft remote desktop in app store , automatic update. after couple of weeks error disappaered when new updates released. since 6 8 weeks problem again. because don’t have macbook cannot reproduce problem.   starting couple of weeks samsung s6 experiencing problems, here version 8.1.37.135 installed, error displayed is: can’t connect tot remote pc because remote desktop gateway server temporaraily unavailable. try connecting later or contact network administrator assistance. error code  0x300000d   because has worked fine years expect issues on client can configuration error on gateway server.   who pin point real cause?   however, testing other rd gateway server works ok settings identically....
Read more