Here are some tips, tools, and resources to help you troubleshoot DNS problems on Windows 2000/2003-based networks.
DNS troubleshooting is usually straightforward, because most errors tend to be simple configuration or setup errors. To troubleshoot DNS, you must have details of the configuration of any DNS resolvers and/or DNS servers and be able to use common DNS troubleshooting tools. This hack provides some details and links to tools you can use to troubleshoot DNS, as well as tips on how to overcome common DNS errors.
Here are a few useful web sites that offer tools for troubleshooting DNS:
This site will check the DNS settings for an Internet zone and provide prescriptive guidance on optimizing the settings.
This site has a number of DNS tools that you can use to diagnose DNS issues.
This site has some good tools for DNS troubleshooting. It promotes its tools and expertise as anti-spam utilities, as opposed to just DNS troubleshooting. The site's tools page (http://www.samspade.org/t/) provides tools similar to those at www.DNSstuff.com. I have the Sam Spade For Windows tool (http://www.samspade.org/ssw/) on my desktop and use it a great deal.
This page provides an online version of DIG?a useful tool from the Unix world that is used to troubleshoot DNS issues. (Why can't Microsoft provide a port of DIG in Windows or the resource kit?)
Given a record name and a record type, this page will return a report that details all possible answers.
This is a truly awesome script by Dean Wells that exports/imports DNS server configurations. Read carefully before using it, and make sure you change the extension before you run it!
Here is a list of common problems and solutions that have been discussed in online newsgroups:
If you run nslookup, you might see an error that looks like this:
C:\>nslookup *** Can't find server name for address 192.168.1.1: Non-existent domain *** Default servers are not available Default Server: UnKnown Address: 192.168.1.1
When nslookup starts, it attempts do a reverse lookup of the IP address of the DNS server. If the reverse lookup fails, nslookup returns the preceding error message, which is somewhat misleading. The solution is to either install a reverse lookup zone for your workstations or to ignore the message.
This error is typically caused by the use of a DNS server that does not allow dynamic update or is set to refuse operations from your computer. Sometimes, this is due to a workstation that points to the ISP's DNS server instead of an internal DNS server. In general, all internal servers and workstations should point to one or more internal DNS servers that in turn point to a DNS server that forwards to the Internet.
This error usually occurs when the computer is configured without a DNS domain name. If the computer is a DNS server that has only a single label name (e.g., kona2 versus kona2.reskit.net), any zone created will have the default SOA and NS records created using just a single label. This in turn will lead to invalid or failed referrals for the zone used to provide lookups for this zone.
This error indicates that the DNS server has received a packet with an invalid domain name and the packet has been rejected. The most common cause of this is DNS cache pollution, as described in Knowledge Base (KB) article 241352 (http://support.microsoft.com/default.aspx?scid=kb;en-us;241352).
Dynamic update is a DNS feature that enables hosts to update their DNS details at the DNS server. Although easy to set up, there are some ways in which DNS dynamic update can fail. See the KB article 287156 for more details (http://support.microsoft.com/default.aspx?scid=kb;en-us;287156)
In some cases, it appears that server is just not functioning and not resolving some names. The cause is that Extension Mechanisms for DNS (EDNS0) requests from the 2003 DNS server are not recognized by all other DNS servers. To resolve this, you should disable EDNS0 requests, using the DNScmd program from the Windows Server 2003 Support Tools folder and type dnscmd /config /enableednsprobes at a command prompt.
If the previous tips and tools do not help and you are using any version of Microsoft Windows (or DOS, for that matter), consider posting a query to the microsoft.public.win2000.dns newsgroup. This newsgroup can be obtained from news://news.microsoft.com. If you do post, you will need to provide some details of your particular issue, including most of all of the following:
Is the problem a client problem or a DNS server problem?
What operating system are you running and with which service packs or other fixes?
What is the client configuration? (ipconfig /all provides this!)
What specific error, if any, are you seeing?
What zones are configured on your DNS server, and what properties are set for those zones?
Are your DNS zones configured to be updated dynamically?
What sort of Internet connection do you have? Does your ISP allow you to run servers on your connection? Does your provided IP address vary, or is it fixed?
Finally, here are two books you can use to learn more about troubleshooting DNS issues:
By Cricket Liu and Paul Ablitz (O'Reilly). This book is possibly the best introduction to DNS in existence. It's Unix-based, but it's still a good book.
By Herman Knief, Roger Abell, Jeffery Graham, and Andrew Daniels (O'Reilly). This is a pretty good Windows 2000 DNS book.
?Thomas Lee