none
DNS client: The question in the response from server does not match the original question RRS feed

  • Question

  • Hi

    In first I'm faced with strange problem - DNS response is wrong because DNS server faked initial DNS question. In first the problem came from monitoring - SCOM monitor test failed to resolve DNS conditional forwarders in other datacenter than DNS server where check is running

    SCOM monitor try to resolve PTR record of arpa zone:

    I've performed some tests and their results were not clearly for me.

    Test case configuration:

    client machine - name: "AS101", Windows Server 2016, ip: 172.17.72.32, datacenter "TX"
    DNS server 1 - name: "DC102", Windows Server 2016, ip: 172.17.71.11, datacenter "TX"
    DNS server 2 - name: "DC302", Windows Server 2016, ip: 172.18.71.11, datacenter "KC"

    DNS servers belong same domain but located in different sites (in different datacenters), client belongs another domain and located in same datacenter with DC102.

    When I try to perform cmdlet from SCOM monitor from client against DC102 to resolve PTR record of one of zone stored on this DNS server then I recieve a right answer but when I try resolve PTR record of one of zone stored on DC302 then I receive wrong answer:

    Then I used Message Analyzer and saw contents of wrong answer:

    Also I enabled DNS client log:

    Requested DNS zones:


    Has anybody any thoughts why it happens?


    Tuesday, November 14, 2017 11:21 AM

All replies

  • Some images need better resolution :-)

    Tuesday, November 14, 2017 11:26 AM
  • Hi,

    Please set this registry setting: “HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters” DisableAutoReverseZones to 1 on DC302.

    Then run dnscmd /clearcache on DC302. After doing these steps, please run nslookup or resolve-dnsname again to check if this issue still persists.

    More info:

    https://technet.microsoft.com/en-us/library/cc940772.aspx

    Best Regards, 

    Frank



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 15, 2017 8:27 AM

  • Hi,
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Frank

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 17, 2017 10:18 AM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards,

    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 20, 2017 9:12 AM
  • No success. We set the registry key, cleared cache, deleted 0-, 255- and 127- reverse zones from DC302 and finally reboot this server:

    after all actions we've got same result:

    answer:


    Monday, November 20, 2017 12:58 PM
  • Hi,

    Please try to reinstall DNS role .After doing that, it will sync automatic by AD .

    Best Regards,
    Frank


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 21, 2017 5:51 AM