Unable to query DNS

Dear TE,

I have a DNS server with one NIC that is unable to query itself, when DNS is configured it automatically modified the preferred DNS server and uses the loopback address of 127.0.0.1, I had to modify this and have to specifically assign the DNS server.

Configuration wise I believe I have not missed a thing, since this is not the first time I've configured one, the Forward Lookup Zone exists and dynamic update is enabled, but for some reason when nslookup is run on the DNS server it's unable to contact the DNS which itself, same thing happens with client that is using the DNS server.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

undomiel

Is your dns server started? Make sure it is running.

net start dns

Quick way to make sure it has started.

snadam

jbaello wrote:

Dear TE,

I have a DNS server with one NIC that is unable to query itself, when DNS is configured it automatically modified the preferred DNS server and uses the loopback address of 127.0.0.1, I had to modify this and have to specifically assign the DNS server.

Configuration wise I believe I have not missed a thing, since this is not the first time I've configured one, the Forward Lookup Zone exists and dynamic update is enabled, but for some reason when nslookup is run on the DNS server it's unable to contact the DNS which itself, same thing happens with client that is using the DNS server.

and confirmed that all clients are pointing to the proper DNS server? Have you cleared the local DNS cache on all the clients too? Have you run netdiag? To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server. Other than that, I cant think of anything else...

undomiel

Loopback should definitely work for the server and I don't believe that would trigger the firewall, though I could be wrong. So in that case you may want to make sure port 53 tcp/udp is allowed.

astorrs

going back to basics here, can you ping the loopback adapter?

blargoe

Exactly what did you do in nslookup that made you think DNS isn't working? Does ping hostname.domain work? If so, then DNS is working.

blargoe

Can you copy and paste the command prompt and what you did in nslookup, and the result?

Ahriakin

Definitely check the service is running, stop and restart it just to be sure. Also run netstat to make sure the server is listening on port 53.

jbaello

astorrs wrote:

going back to basics here, can you ping the loopback adapter?

The first two posts I've checked and done this, and it still persists, loopback is replying.

*** Can't find server name for address 127.0.0.1: No response from server
*** Default servers are not available
Default Server: UnKnown
Address: 127.0.0.1

The 127.0.0.1 is just an example from a client since, I just wanted to duplicate the issue, the actual address defined here is the DNS own IP address.

DNS server can be pinged from a client machine via IP address, not hostname I haven't tried it yet, and all machine is pointed to this DNS server, even running nslookup on the DNS itself, where DNS server in TCP/IP pointing to it's box directly persists.

I've restarted this box numerous times, and also installed/uninstalled DNS, but problem persists.

jbaello

Ahriakin wrote:

Definitely check the service is running, stop and restart it just to be sure. Also run netstat to make sure the server is listening on port 53.

Hmm I haven't tried this, I skipped restarting the service off my radar.

I don't have it on top of my head, what is the service name for DNS?

Guys as always thanks for d help...

When I'm running nslookup on the DNS server itself, isn't port configuration would be irrelevant, unless I'm running nslookup on a client? I could be wrong?

blargoe

jbaello wrote:

Hmm I haven't tried this, I skipped restarting the service off my radar.

I don't have it on top of my head, what is the service name for DNS?

"DNS Server"

Guys as always thanks for d help...

When I'm running nslookup on the DNS server itself, isn't port configuration would be irrelevant, unless I'm running nslookup on a client? I could be wrong?

The port configuration would still be applicable. It's still using TCP/IP.

blargoe

Go to the properties of the DNS Server in the DNS administrative tool. On the Interfaces tab, are there any IP addresses listed there?

jbaello

blargoe wrote:

Go to the properties of the DNS Server in the DNS administrative tool. On the Interfaces tab, are there any IP addresses listed there?

I checked this already and the DNS IP address is there.

astorrs

Run netstat like someone else suggested and verify its listening on port 53.

jbaello

Restartng DNS Server/Client is no go...

C:\Documents and Settings\Administrator.W2K3EN32-S05>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP w2k3en32-s05:domain w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:kerberos w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:epmap w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:microsoft-ds w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:kpasswd w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:http-rpc-epmap w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:ldaps w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:1027 w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:1037 w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:1274 w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:msft-gc w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:msft-gc-ssl w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:ms-wbt-server w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1032 ESTABLISHED
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1033 ESTABLISHED
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:activesync ESTABLISH
ED
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1269 ESTABLISHED
TCP w2k3en32-s05:1032 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
TCP w2k3en32-s05:1033 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
TCP w2k3en32-s05:activesync w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
TCP w2k3en32-s05:1046 w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:1269 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
TCP w2k3en32-s05:epmap w2k3en32-s05.soggyrice.com:1265 ESTABLISHED
TCP w2k3en32-s05:netbios-ssn w2k3en32-s05.soggyrice.com:0 LISTENING
TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1140 ESTABLISHED
TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1142 ESTABLISHED
TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1362 ESTABLISHED
TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1450 ESTABLISHED
TCP w2k3en32-s05:1140 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
TCP w2k3en32-s05:1142 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
TCP w2k3en32-s05:1265 w2k3en32-s05.soggyrice.com:epmap ESTABLISHED
TCP w2k3en32-s05:1362 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
TCP w2k3en32-s05:1371 w2k3en32-s05.soggyrice.com:1025 TIME_WAIT
TCP w2k3en32-s05:1449 w2k3en32-s05.soggyrice.com:epmap TIME_WAIT
TCP w2k3en32-s05:1450 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
UDP w2k3en32-s05:microsoft-ds *:*
UDP w2k3en32-s05:isakmp *:*
UDP w2k3en32-s05:1267 *:*
UDP w2k3en32-s05:1363 *:*
UDP w2k3en32-s05:1379 *:*
UDP w2k3en32-s05:1410 *:*
UDP w2k3en32-s05:ipsec-msft *:*
UDP w2k3en32-s05:domain *:*
UDP w2k3en32-s05:ntp *:*
UDP w2k3en32-s05:1031 *:*
UDP w2k3en32-s05:1038 *:*
UDP w2k3en32-s05:1135 *:*
UDP w2k3en32-s05:1249 *:*
UDP w2k3en32-s05:1266 *:*
UDP w2k3en32-s05:1268 *:*
UDP w2k3en32-s05:1364 *:*
UDP w2k3en32-s05:1372 *:*
UDP w2k3en32-s05:domain *:*
UDP w2k3en32-s05:kerberos *:*
UDP w2k3en32-s05:ntp *:*
UDP w2k3en32-s05:netbios-ns *:*
UDP w2k3en32-s05:netbios-dgm *:*
UDP w2k3en32-s05:389 *:*
UDP w2k3en32-s05:kpasswd *:*

C:\Documents and Settings\Administrator.W2K3EN32-S05>

It doesn't look like it's listening to port 53, how do you make it listen?

astorrs

Stop and restart the DNS Server service

Look in both the "System" and "DNS Server" event logs for any warnings/errors since the restart and post them here (use the copy button so we get all the details).

jbaello

Damn it, why can it just work properly, I wanna finish my MCSE so I can go party already...

funking A

This DNS was working b/w and all of a sudden BAM!!!

SmokeH

jbaello wrote:

Damn it, why can it just work properly, I wanna finish my MCSE so I can go party already...

funking A

This DNS was working b/w and all of a sudden BAM!!!

Maybe this is "Let's make some troubleshooting of DNS - sim" exam?

blargoe

I didn't understand what you typed a few posts above. Are you saying that you are NOT able to ping the DNS Server (or any other host) by host name, but you ARE able to ping it by IP address?

blargoe

jbaello wrote:

astorrs wrote:

going back to basics here, can you ping the loopback adapter?

*** Can't find server name for address 127.0.0.1: No response from server
*** Default servers are not available
Default Server: UnKnown
Address: 127.0.0.1

Just to be clear, this is the output from when you ran it on the server, right? When you did this, was 127.0.0.1 that dns server that is defined in the network connection properties? Is 127.0.0.1 listed in the Interfaces tab?

Do you have any firewall software running? Multiple network interfaces that might be confusing the issue?

Mishra

Do you have an A record for your DNS seerver?

Did you define your network connection to use 127.0.0.1 as your DNS server?

dynamik

Please post outputs of dcdiag and netdiag, your zones and records, and the exact commands and corresponding outputs of how you're troubleshooting this.

undomiel

Even having it bound specifically to one interface on the interfaces tab will still allow loopback, I tested that out.

net start dns

That command in the command line will start your dns server. If it is not starting properly check your event logs for errors. Also as recommended do the dcdiag & netdiag commands.

jbaello

blargoe wrote:

I didn't understand what you typed a few posts above. Are you saying that you are NOT able to ping the DNS Server (or any other host) by host name, but you ARE able to ping it by IP address?

This is correct...

astorrs

How about posting those event log warnings/errors and netdiag/dcdiag we've all been requesting?

jbaello

astorrs wrote:

How about posting those event log warnings/errors and netdiag/dcdiag we've all been requesting?

As soon I get home tonite

I did saw some logs there pertaining to a zone error or something

paintb4707

snadam wrote:

jbaello wrote:

To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server.

Actually when I was working with Microsoft on an issue I had in the past, I was specifically told NOT to use the loopback address for the DNS server as it could cause authentication issues in the domain. Whether or not this statement holds any truth I can't say, I didn't really see any problems but I figured I'd toss that out there.

jbaello

paintb4707 wrote:

snadam wrote:

jbaello wrote:

To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server.

Actually when I was working with Microsoft on an issue I had in the past, I was specifically told NOT to use the loopback address for the DNS server as it could cause authentication issues in the domain. Whether or not this statement holds any truth I can't say, I didn't really see any problems but I figured I'd toss that out there.

I'm not using a "loopback" I am using the DNS physical IP address as it's own preferred DNS server.

The screenshot was just a test I did on my laptop to duplicate the error.

jbaello

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 6/5/2008
Time: 10:38:36 AM
User: N/A
Computer: W2K3EN32-S05
Description:
The DNS server encountered error 32 attempting to load zone soggyrice.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

****************************************************************************

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4007
Date: 6/5/2008
Time: 10:00:13 AM
User: N/A
Computer: W2K3EN32-S05
Description:
The DNS server was unable to open zone _msdcs.soggyrice.com in the Active Directory from the application directory partition ForestDnsZones.soggyrice.com. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00 ....

*******************************************************************************

I reloaded the zone, but still the same...

astorrs

Ah, you're using AD integrated zones and that is where the problem is. Is Active Directory running? (do a "net view" and look for the NETLOGON and SYSVOL shares).

Are there any AD related warnings/errors since last reboot in the Directory Services event log?

jbaello

Net Share - shows sysvol and netlogon...