none
Windows Server 2008 R2 DNS Server Issue

    Question

  • I have added a Windows Server 2008 R2 DC with DNS role enabled to my Windows Server 2003 domain. (I don't have any issue with the new DC, such as PDCe and RID roles, except the DNS role.)

    On a member server which uses the new 2008 R2 DNS server as the primary DNS server, it resolves some internal names, and it doesn't resolve any external names. But NSLOOKUP can return all the IP addresses, including those whose names cannot be resolved.

    I did some research, and ran dnscmd /config /enableEDNSProbes 0, which didn't fix the issue.

    Also, when I try to remotely connect to the 2008 R2 DNS admin console from the 2003 DC, I got "The server is unavailable" or "Access was denied" (connecting by the DNS server IP from a XP computer with Admin tool installed").

    Thanks and regards.

    Friday, September 03, 2010 4:13 PM

Answers

  • Hi,

     

    After reading your post ,I understand that some clients computer which using new windows server 2008R2 as primary DNS server entry had encountered issue that system did not return the external domain name with perform ping external IP address .

    If I misunderstand please let me know.

    First ,please modify the DNS entry of windows server 2008R2 to the IP address of itself.

     

    In order to narrow down  the issue more efficiently, we may collect more information for further investigation.

     

    Is issue also occurred on other computers which using other internal DNS server as primary DNS server entry?

    What if you ping the external domain , will system return the IP address of external domain ?

     

    Please check if the external domain would be resolved with perform “ipconfig /flushdns” to clean DNS cache and set to use only windows server 2008R2 as DNS server entry on the client computer ,then perform “ping –4 <external IP address>”.

    Meanwhile ,please post the hosts file result here from one of client which using windows server 2008R2 as DNS server here.(perform “ notepad %systemroot%\system32\drivers\etc\hosts “ )

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Fat Frog Tuesday, September 07, 2010 3:59 PM
    Monday, September 06, 2010 5:41 AM
  • Thanks for the help that I got from everyone!

    As it turned out, this was not a DNS issue, because I cannot duplicate the problem on another computer when I set the Windows Server 2008 R2 DNS server as the sole DNS server on another computer's IP configuration.

    This is what happened: I rebuilt (wipe-and-load) the member server (DNS client here) from Windows Server 2003 to 2008 R2, and re-used the same host name and IP address, and configure it to use my new DNS server as the primary one. But, what I missed was, when I re-used the old member server's host name, I did not delete the old server's computer account in AD. This has never been allowed by the AD, but why I didn't get an error this time, I don't know.

    I deleted the member server's computer account, brought the server to workgroup, and re-joined it to the AD domain, and still use the new DNS server as the primary DNS server. The issue is gone.

    Thanks and regards.

    • Marked as answer by Tiger Li Wednesday, September 08, 2010 2:12 AM
    Tuesday, September 07, 2010 3:59 PM

All replies

  • Please use this command on the server: ipconfig /flushdns

    Also, make sure that your hosts file on the server is not including DNS entries for internal or external DNS ressources.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights

    Friday, September 03, 2010 4:28 PM
  • "Also, when I try to remotely connect to the 2008 R2 DNS admin console from the 2003 DC, I got "The server is unavailable" or "Access was denied" (connecting by the DNS server IP from a XP computer with Admin tool installed")."

    Is remote desktop admin (rdp) enabled on the 2008 server?

    http://www.techotopia.com/index.php/Configuring_Windows_Server_2008_Remote_Desktop_Administration


    Roy Mayo | MCSE
    Friday, September 03, 2010 5:08 PM
  • "On a member server which uses the new 2008 R2 DNS server as the primary DNS server, it resolves some internal names, and it doesn't resolve any external names. But NSLOOKUP can return all the IP addresses, including those whose names cannot be resolved."

    when you run nslookup are you connected to the 2008 dns server or another dns server?

    is your 2008 dns server using a standard primary zone or ADI primary zone or something else? do you have a forwarder listed?


    Roy Mayo | MCSE
    Friday, September 03, 2010 5:10 PM
  • A statement you made above, doesnt make a lot of sense... "On a member server which uses the new 2008 R2 DNS server as the primary DNS server, it resolves some internal names, and it doesn't resolve any external names. But NSLOOKUP can return all the IP addresses, including those whose names cannot be resolved."

    Are you saying that you ran NSLOOKUP from the server?  that would make sense if the server has its DNS Client settings not pointed to itself, but another DNS server as Roy was trying to point out.

    Configuring DNS FORWARDERS will probably resolve this issue.  Can you have this 2008 server forward to one of your other internal DNS servers?  At least to test out if this is the issue (described in the summary link)

    Windows 2008 DNS Server May Fail to Resolve Top-Level Domain Queries
    http://www.anitkb.com/2010/05/windows-2008-dns-server-may-fail-to.html

     


    Visit: anITKB.com, an IT Knowledge Base.
    Friday, September 03, 2010 5:43 PM
  • I am combining my responses to all the possible solutions provided to me in this single post.

    1. On the problem DNS server running Windows Server 2008 R2, I did a /flushdns and /registerdns, but it didn't fix the issue; and I am not using host file on the DNS server.
    2. RDP is enabled on this DNS server, and I can connect with no problem;
    3. NSLOOKUP was run on a member server as the DNS client that uses the 2008 R2 DNS server as the primary DNS server; the NSLOOKUP can resolve all internal and external names to IP, but PING (again, run on the member server) can resolve some internal host names, not others; PING CANNOT resolve any external DNS name, such as microsoft.com or google.com, (but NSLOOKUP is returning 207.46.197.32 for Microsoft.com)
    4. I didn't manually do anything to the 2008 DNS server. The DNS role was enabled when I ran DCPROMO. There are 3 entries listed on it as forwarders. These forwarders are the same as those on my other 2 DNS servers running Windows 2003.
    5. On the 2008 R2 DNS server itself I don't have any problem, because the server as a client is using my 2003 DNS server as primary DNS server.

    Thanks and regards.

    Friday, September 03, 2010 6:34 PM
  • Sorry, I misread. You cannot remotely connect to the 2008 server from the DNS console. Have you looked at the DNS event log on the 2008 server? or the system event log?
    Roy Mayo | MCSE
    Friday, September 03, 2010 6:49 PM
  • I have no problem to RDP into the 2008 DNS server. But I cannot open DNS management console from another computer and connect to the 2008 server. When I add the 2008 DNS server, I got access denied or server unavailable error.

    Thanks and regards.

    Friday, September 03, 2010 7:07 PM
  • I have no problem to RDP into the 2008 DNS server. But I cannot open DNS management console from another computer and connect to the 2008 server. When I add the 2008 DNS server, I got access denied or server unavailable error.

    Thanks and regards.


    Just to add to the confusion, since it's R2, R2 uses Network Location Awareness, such as Public, Private, etc. What's it set to on the server, and is the local firewall enabled on all three? If you disable all firewall instances, and enable File Sharing on the Location R2 thinks it belongs to, does the DNS console now work remotely?
    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Friday, September 03, 2010 11:27 PM
  • Hi,

     

    After reading your post ,I understand that some clients computer which using new windows server 2008R2 as primary DNS server entry had encountered issue that system did not return the external domain name with perform ping external IP address .

    If I misunderstand please let me know.

    First ,please modify the DNS entry of windows server 2008R2 to the IP address of itself.

     

    In order to narrow down  the issue more efficiently, we may collect more information for further investigation.

     

    Is issue also occurred on other computers which using other internal DNS server as primary DNS server entry?

    What if you ping the external domain , will system return the IP address of external domain ?

     

    Please check if the external domain would be resolved with perform “ipconfig /flushdns” to clean DNS cache and set to use only windows server 2008R2 as DNS server entry on the client computer ,then perform “ping –4 <external IP address>”.

    Meanwhile ,please post the hosts file result here from one of client which using windows server 2008R2 as DNS server here.(perform “ notepad %systemroot%\system32\drivers\etc\hosts “ )

     

    Thanks.

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com 


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Fat Frog Tuesday, September 07, 2010 3:59 PM
    Monday, September 06, 2010 5:41 AM
  • Thanks for the help that I got from everyone!

    As it turned out, this was not a DNS issue, because I cannot duplicate the problem on another computer when I set the Windows Server 2008 R2 DNS server as the sole DNS server on another computer's IP configuration.

    This is what happened: I rebuilt (wipe-and-load) the member server (DNS client here) from Windows Server 2003 to 2008 R2, and re-used the same host name and IP address, and configure it to use my new DNS server as the primary one. But, what I missed was, when I re-used the old member server's host name, I did not delete the old server's computer account in AD. This has never been allowed by the AD, but why I didn't get an error this time, I don't know.

    I deleted the member server's computer account, brought the server to workgroup, and re-joined it to the AD domain, and still use the new DNS server as the primary DNS server. The issue is gone.

    Thanks and regards.

    • Marked as answer by Tiger Li Wednesday, September 08, 2010 2:12 AM
    Tuesday, September 07, 2010 3:59 PM
  • Good to hear you figured it out.

    I didn't realize that was the history behind this machine. I guess based on the issues you were seeing, it was a question that didn't come to mind.

    Just as an FYI, whenever a rebuild is involved and reusing the old computer name, the account must be deleted due to the new SID created when the machine is reinstalled. Otherwise, communications and authentication issues will appear because the system actually uses the SID to identify the machine, and not the computer name, since the computer name is just there for human convenience. :-)

    Once again, glad to hear you figured it out. :-)


    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.
    Tuesday, September 07, 2010 4:33 PM