Unable to query DNS

jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
Dear TE,

I have a DNS server with one NIC that is unable to query itself, when DNS is configured it automatically modified the preferred DNS server and uses the loopback address of 127.0.0.1, I had to modify this and have to specifically assign the DNS server.

Configuration wise I believe I have not missed a thing, since this is not the first time I've configured one, the Forward Lookup Zone exists and dynamic update is enabled, but for some reason when nslookup is run on the DNS server it's unable to contact the DNS which itself, same thing happens with client that is using the DNS server.
«13

Comments

  • undomielundomiel Member Posts: 2,818
    Is your dns server started? Make sure it is running.

    net start dns

    Quick way to make sure it has started.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • snadamsnadam Member Posts: 2,234 ■■■■□□□□□□
    jbaello wrote:
    Dear TE,

    I have a DNS server with one NIC that is unable to query itself, when DNS is configured it automatically modified the preferred DNS server and uses the loopback address of 127.0.0.1, I had to modify this and have to specifically assign the DNS server.

    Configuration wise I believe I have not missed a thing, since this is not the first time I've configured one, the Forward Lookup Zone exists and dynamic update is enabled, but for some reason when nslookup is run on the DNS server it's unable to contact the DNS which itself, same thing happens with client that is using the DNS server.

    and confirmed that all clients are pointing to the proper DNS server? Have you cleared the local DNS cache on all the clients too? Have you run netdiag? To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server. Other than that, I cant think of anything else...
    **** ARE FOR CHUMPS! Don't be a chump! Validate your material with certguard.com search engine

    :study: Current 2015 Goals: JNCIP-SEC JNCIS-ENT CCNA-Security
  • undomielundomiel Member Posts: 2,818
    Loopback should definitely work for the server and I don't believe that would trigger the firewall, though I could be wrong. So in that case you may want to make sure port 53 tcp/udp is allowed.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    going back to basics here, can you ping the loopback adapter?
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Exactly what did you do in nslookup that made you think DNS isn't working? Does ping hostname.domain work? If so, then DNS is working.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Can you copy and paste the command prompt and what you did in nslookup, and the result?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Definitely check the service is running, stop and restart it just to be sure. Also run netstat to make sure the server is listening on port 53.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    astorrs wrote:
    going back to basics here, can you ping the loopback adapter?

    The first two posts I've checked and done this, and it still persists, loopback is replying.

    *** Can't find server name for address 127.0.0.1: No response from server
    *** Default servers are not available
    Default Server: UnKnown
    Address: 127.0.0.1

    The 127.0.0.1 is just an example from a client since, I just wanted to duplicate the issue, the actual address defined here is the DNS own IP address.

    DNS server can be pinged from a client machine via IP address, not hostname I haven't tried it yet, and all machine is pointed to this DNS server, even running nslookup on the DNS itself, where DNS server in TCP/IP pointing to it's box directly persists.

    I've restarted this box numerous times, and also installed/uninstalled DNS, but problem persists.
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Ahriakin wrote:
    Definitely check the service is running, stop and restart it just to be sure. Also run netstat to make sure the server is listening on port 53.

    Hmm I haven't tried this, I skipped restarting the service off my radar.

    I don't have it on top of my head, what is the service name for DNS?

    Guys as always thanks for d help...

    When I'm running nslookup on the DNS server itself, isn't port configuration would be irrelevant, unless I'm running nslookup on a client? I could be wrong?
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    jbaello wrote:
    Hmm I haven't tried this, I skipped restarting the service off my radar.

    I don't have it on top of my head, what is the service name for DNS?
    "DNS Server"

    Guys as always thanks for d help...

    When I'm running nslookup on the DNS server itself, isn't port configuration would be irrelevant, unless I'm running nslookup on a client? I could be wrong?

    The port configuration would still be applicable. It's still using TCP/IP.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    Go to the properties of the DNS Server in the DNS administrative tool. On the Interfaces tab, are there any IP addresses listed there?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    blargoe wrote:
    Go to the properties of the DNS Server in the DNS administrative tool. On the Interfaces tab, are there any IP addresses listed there?

    I checked this already and the DNS IP address is there.
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Run netstat like someone else suggested and verify its listening on port 53.
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Restartng DNS Server/Client is no go...

    C:\Documents and Settings\Administrator.W2K3EN32-S05>netstat -a

    Active Connections

    Proto Local Address Foreign Address State
    TCP w2k3en32-s05:domain w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:kerberos w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:epmap w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:microsoft-ds w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:kpasswd w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:http-rpc-epmap w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:ldaps w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:1027 w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:1037 w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:1274 w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:msft-gc w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:msft-gc-ssl w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:ms-wbt-server w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1032 ESTABLISHED
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1033 ESTABLISHED
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:activesync ESTABLISH
    ED
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1269 ESTABLISHED
    TCP w2k3en32-s05:1032 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
    TCP w2k3en32-s05:1033 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
    TCP w2k3en32-s05:activesync w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
    TCP w2k3en32-s05:1046 w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:1269 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
    TCP w2k3en32-s05:epmap w2k3en32-s05.soggyrice.com:1265 ESTABLISHED
    TCP w2k3en32-s05:netbios-ssn w2k3en32-s05.soggyrice.com:0 LISTENING
    TCP w2k3en32-s05:ldap w2k3en32-s05.soggyrice.com:1140 ESTABLISHED
    TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1142 ESTABLISHED
    TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1362 ESTABLISHED
    TCP w2k3en32-s05:1025 w2k3en32-s05.soggyrice.com:1450 ESTABLISHED
    TCP w2k3en32-s05:1140 w2k3en32-s05.soggyrice.com:ldap ESTABLISHED
    TCP w2k3en32-s05:1142 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
    TCP w2k3en32-s05:1265 w2k3en32-s05.soggyrice.com:epmap ESTABLISHED
    TCP w2k3en32-s05:1362 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
    TCP w2k3en32-s05:1371 w2k3en32-s05.soggyrice.com:1025 TIME_WAIT
    TCP w2k3en32-s05:1449 w2k3en32-s05.soggyrice.com:epmap TIME_WAIT
    TCP w2k3en32-s05:1450 w2k3en32-s05.soggyrice.com:1025 ESTABLISHED
    UDP w2k3en32-s05:microsoft-ds *:*
    UDP w2k3en32-s05:isakmp *:*
    UDP w2k3en32-s05:1267 *:*
    UDP w2k3en32-s05:1363 *:*
    UDP w2k3en32-s05:1379 *:*
    UDP w2k3en32-s05:1410 *:*
    UDP w2k3en32-s05:ipsec-msft *:*
    UDP w2k3en32-s05:domain *:*
    UDP w2k3en32-s05:ntp *:*
    UDP w2k3en32-s05:1031 *:*
    UDP w2k3en32-s05:1038 *:*
    UDP w2k3en32-s05:1135 *:*
    UDP w2k3en32-s05:1249 *:*
    UDP w2k3en32-s05:1266 *:*
    UDP w2k3en32-s05:1268 *:*
    UDP w2k3en32-s05:1364 *:*
    UDP w2k3en32-s05:1372 *:*
    UDP w2k3en32-s05:domain *:*
    UDP w2k3en32-s05:kerberos *:*
    UDP w2k3en32-s05:ntp *:*
    UDP w2k3en32-s05:netbios-ns *:*
    UDP w2k3en32-s05:netbios-dgm *:*
    UDP w2k3en32-s05:389 *:*
    UDP w2k3en32-s05:kpasswd *:*

    C:\Documents and Settings\Administrator.W2K3EN32-S05>

    It doesn't look like it's listening to port 53, how do you make it listen?
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Stop and restart the DNS Server service

    Look in both the "System" and "DNS Server" event logs for any warnings/errors since the restart and post them here (use the copy button so we get all the details).
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Damn it, why can it just work properly, I wanna finish my MCSE so I can go party already...

    funking A

    This DNS was working b/w and all of a sudden BAM!!!
  • SmokeHSmokeH Member Posts: 8 ■□□□□□□□□□
    jbaello wrote:
    Damn it, why can it just work properly, I wanna finish my MCSE so I can go party already...

    funking A

    This DNS was working b/w and all of a sudden BAM!!!

    Maybe this is "Let's make some troubleshooting of DNS - sim" exam?

    icon_wink.gificon_wink.gif
    Reading MS pRESS, dooing AD staff material...

    Goooooing for MCSA-MCSE 2003
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I didn't understand what you typed a few posts above. Are you saying that you are NOT able to ping the DNS Server (or any other host) by host name, but you ARE able to ping it by IP address?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    jbaello wrote:
    astorrs wrote:
    going back to basics here, can you ping the loopback adapter?

    *** Can't find server name for address 127.0.0.1: No response from server
    *** Default servers are not available
    Default Server: UnKnown
    Address: 127.0.0.1
    Just to be clear, this is the output from when you ran it on the server, right? When you did this, was 127.0.0.1 that dns server that is defined in the network connection properties? Is 127.0.0.1 listed in the Interfaces tab?

    Do you have any firewall software running? Multiple network interfaces that might be confusing the issue?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • MishraMishra Member Posts: 2,468 ■■■■□□□□□□
    Do you have an A record for your DNS seerver?

    Did you define your network connection to use 127.0.0.1 as your DNS server?
    My blog http://www.calegp.com

    You may learn something!
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Please post outputs of dcdiag and netdiag, your zones and records, and the exact commands and corresponding outputs of how you're troubleshooting this.
  • undomielundomiel Member Posts: 2,818
    Even having it bound specifically to one interface on the interfaces tab will still allow loopback, I tested that out.

    net start dns

    That command in the command line will start your dns server. If it is not starting properly check your event logs for errors. Also as recommended do the dcdiag & netdiag commands.
    Jumping on the IT blogging band wagon -- http://www.jefferyland.com/
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    blargoe wrote:
    I didn't understand what you typed a few posts above. Are you saying that you are NOT able to ping the DNS Server (or any other host) by host name, but you ARE able to ping it by IP address?

    This is correct...
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    How about posting those event log warnings/errors and netdiag/dcdiag we've all been requesting?
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    astorrs wrote:
    How about posting those event log warnings/errors and netdiag/dcdiag we've all been requesting?

    As soon I get home tonite :) I did saw some logs there pertaining to a zone error or something :)
  • paintb4707paintb4707 Member Posts: 420
    snadam wrote:
    jbaello wrote:
    To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server.

    Actually when I was working with Microsoft on an issue I had in the past, I was specifically told NOT to use the loopback address for the DNS server as it could cause authentication issues in the domain. Whether or not this statement holds any truth I can't say, I didn't really see any problems but I figured I'd toss that out there.
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    paintb4707 wrote:
    snadam wrote:
    jbaello wrote:
    To be honest Ive never tried using the loopback for the DNS server addy on the actual DNS server.

    Actually when I was working with Microsoft on an issue I had in the past, I was specifically told NOT to use the loopback address for the DNS server as it could cause authentication issues in the domain. Whether or not this statement holds any truth I can't say, I didn't really see any problems but I figured I'd toss that out there.

    I'm not using a "loopback" I am using the DNS physical IP address as it's own preferred DNS server.

    The screenshot was just a test I did on my laptop to duplicate the error.
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Event Type: Warning
    Event Source: DNS
    Event Category: None
    Event ID: 4521
    Date: 6/5/2008
    Time: 10:38:36 AM
    User: N/A
    Computer: W2K3EN32-S05
    Description:
    The DNS server encountered error 32 attempting to load zone soggyrice.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    ****************************************************************************

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4007
    Date: 6/5/2008
    Time: 10:00:13 AM
    User: N/A
    Computer: W2K3EN32-S05
    Description:
    The DNS server was unable to open zone _msdcs.soggyrice.com in the Active Directory from the application directory partition ForestDnsZones.soggyrice.com. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 0d 00 00 00 ....

    *******************************************************************************

    I reloaded the zone, but still the same...
  • astorrsastorrs Member Posts: 3,139 ■■■■■■□□□□
    Ah, you're using AD integrated zones and that is where the problem is. Is Active Directory running? (do a "net view" and look for the NETLOGON and SYSVOL shares).

    Are there any AD related warnings/errors since last reboot in the Directory Services event log?
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    Net Share - shows sysvol and netlogon...
Sign In or Register to comment.