none
DNS server failed a query with error code NAME ERROR

    Question

  • I'm having some issues with DNS.  We have 4 Windows 2008 R2 DCs with DNS and 10 RODCs with DNS running.  I created an A Record in my PDC server's DNS and it properly created the reverse lookup zone recrod.  Yet when I try to access a WEB Application using the DNS name, I receive an error.

    **********************************************************************

    This Page Cannot Be Displayed


    The host name resolution (DNS lookup) for this host name ( dca-fu-81-r-vip.DOMAINName) has failed. The Internet address may be misspelled or obsolete, the host ( dca-fu-81-r-vip.DOMAINName ) may be temporarily unavailable, or the DNS server may be unresponsive.

    **********************************************************************

    However if I user the IP address instead, the WEB application is displayed.

    When I look at my PDC and other DC servers, I find this error.

    **********************************************************************

    The global query block list is a feature that prevents attacks on your network by blocking DNS queries for specific host names. This feature has caused the DNS server to fail a query with error code NAME ERROR for wpad.mbc.ca.gov. even though data for this DNS name exists in the DNS database. Other queries in all locally authoritative zones for other names that begin with labels in the block list will also fail, but no event will be logged when further queries are blocked until the DNS server service on this computer is restarted. See product documentation for information about this feature and instructions on how to configure it.

    Below is the current global query block list (this list may be truncated in this event if it is too long):

    wpad

    isatap

    **********************************************************************

    Any suggestions on what to do next???


    Chris Premo


    • Edited by ChrisPremo Wednesday, August 29, 2012 8:19 PM
    Wednesday, August 29, 2012 8:13 PM

All replies

  • Windows Server\DNS\Event 6268 on trying to query WPAD
    http://support.microsoft.com/kb/2003485


    Server 2008 DNS Global Query Block List
    http://idubrawsky.wordpress.com/2009/01/19/server-2008-dns-global-query-block-list/

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    Wednesday, August 29, 2012 8:22 PM
  • Thanks for the information.  I removed the wpad entry from the registry on the PDC and rebooted.  I then removed the Forward and Reverse zones and tried to recreate the Hot(A) record.  It created the Forward zone record, but failed to create the reverse zone automatically.  I created it manually and the record showed up.  Unfortuanately, the URL still fails on the DNS name.  I tried to create a "tester" A record and received this error:

    *******************************************

    DNS - Warning: The associated pointer (PTR) record cannot be created, probably because the referenced reverse lookup zone cannot be found.


    Chris Premo

    Wednesday, August 29, 2012 9:30 PM
  • The reverse lookup zone will be not created automatically,you need to create the same manually.Force the replication between DC's using AD sistes and services or repadmin /syncall /AdeP as multiple DC are present in network,wait for sometime and check.

    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, August 29, 2012 9:41 PM
  • Thanks for the quick response.  I deleted all my A records created the reverse zone and added the A records back.  This time now errors.  I then ran the command:

    repadmin /syncall /AdeP

    on the PDC and got the following message on all partitions:

    CALLBACK MESSAGE: SyncAll Finished.
    SyncAll terminated with no errors.

    Tried to access the WEB application using the DNS name and still get the:

    This Page Cannot Be Displayed


    The host name resolution (DNS lookup) for this host name ( dca-fu-81-r-vip.DOMAINName) has failed. The Internet address may be misspelled or obsolete, the host ( dca-fu-81-r-vip.DOMAINName ) may be temporarily unavailable, or the DNS server may be unresponsive.


    Chris Premo

    Wednesday, August 29, 2012 9:46 PM
  • It seems to be web application configuration issue.Please use the General forum and ask your quesion.
    http://social.technet.microsoft.com/Forums/en/winservergen/threads
    http://social.msdn.microsoft.com/Forums/en-US/categorie

    Also the IIS forum will be helpful:http://forums.iis.net/


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, August 29, 2012 10:42 PM
  • Hi Chris,

    Thanks for posting here.

    After reading you post I understand that we were unable to access an internal site with internal domain name (dca-fu-81-r-vip.DOMAINName) however with its internal IP address. If I misunderstand please let me know.

    First at all, we need to make sure the DNS forward lookup zone “DOMAINName” (which is hidden in your reply ) has been added on our internal DNS server, server that all internal clients are pointing and using now. After that we need to have an A record “dca-fu-81-r-vip” with pointing to the private address of web server under it . we can verify that by running the command “nsloolup dca-fu-81-r-vip.DOMAINName” form one of client and see if can get the actual address of that web host.

    Add a Forward Lookup Zone

    http://technet.microsoft.com/en-us/library/cc771566.aspx

    Creating reverse zone will not affect the web site accessing form client via domain name at this moment and can be set later .

    Add a Reverse Lookup Zone

    http://technet.microsoft.com/en-us/library/cc753997.aspx

    May I know the Network ID and the mask in this environment ?

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    Thursday, August 30, 2012 6:13 AM
  • The domain is hidden for security reasons.  However this is the result of NSLOOKUP from my PC and the PDC.  (NOTE: The IP addresses for the ADDomain and the MyDomain are different and not it the same subnet.)

    **********************************************************

    nslookup dca-fu-81-r-vip.MyDomain
    Server:  ADSecondary.ADDomain
    Address:  XXX.XXX.25.142

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Name:    dca-fu-81-r-vip.MyDomain
    Address:  XX.XXX.44.142

    **********************************************************


    Chris Premo

    Thursday, August 30, 2012 3:09 PM
  • Yes, there is a Zone in the Reverse Lookup called "MyDomain" with a PTR record and one in the Forward Lookup Zone pointing to the IP Address of the WEB Server.

    Chris Premo

    Thursday, August 30, 2012 3:11 PM
  • ??why your DNS request is showing timed out.....

    Ahmed Gaziyani Enterprise Admin.

    Thursday, August 30, 2012 3:13 PM
  • Good question.  I have no Idea.

    I found a Support Tip that recommended running "ipconfig /registerDNS".  Did this and now I get this response:

    C:\>nslookup dca-fu-81-r-vip.MyDomain

    Server:  ADMaster.ADDomain
    Address:  XXX.XXX.25.141

    Name:    dca-fu-81-r-vip.MyDomain
    Address:  XX.XXX.44.142


    Chris Premo


    • Edited by ChrisPremo Thursday, August 30, 2012 3:19 PM
    Thursday, August 30, 2012 3:14 PM
  • the ip which resolved is the correct ip address for your URL.......

    Ahmed Gaziyani Enterprise Admin.

    Thursday, August 30, 2012 3:31 PM
  • Yes, the lookup resolves to the correct IP address.

    Strange, I just re-ran the nslookup and now th timed out responses returned.  It still resolves, but shows two timed out responses.

    Then, two minutes later, no timed out responses?????


    Chris Premo



    • Edited by ChrisPremo Thursday, August 30, 2012 3:44 PM
    Thursday, August 30, 2012 3:41 PM