none
DNS server (Win2012R2) does not returns authoritative records count for zone, for which it is authoritative RRS feed

  • Question

  • I have a problem with my Windows 2012 R2 based DNS server.

    I use W2012R2 as a public DNS server for my internet visible zones. The server is configured to not use recursion (this also disables using of root hints). I have several DNS zones delegated to my server as primary zones. For second DNS server I use a linux based DNS, which is notified from my primary when changes occurs in a given zone, and information is replicated by zone transfers.

    When I use NSLOOKUP to query my primary DNS (W2012R2 based), for a record from zone for which it is authoritative (the zone is delegated to it), in “answer” section I see “authoritative records = 0”. It returns correct records, but not marked them as authoritative.

    For example, if I query my DNS server for NS records (there are two NS records with corresponding “glue” A records), the windows based DNS returns 0 (zero) for authoritative records count, but linux based DNS returns 2 (two). Zone records are completely equal on both servers.

    To avoid confusing: ns2.my-dns-zone.com is my Primary DNS server (Windows based), and ns1.my-dns-zone.com is my secondary DNS server (linux based)

    > set type=ns

    > my-dns-zone.com

    Server:  localhost

    Address:  127.0.0.1

    ------------

    SendRequest(), len 32

        HEADER:

            opcode = QUERY, id = 4, rcode = NOERROR

            header flags:  query, want recursion

            questions = 1,  answers = 0,  authority records = 0,  additional = 0

        QUESTIONS:

            my-dns-zone.com, type = NS, class = IN

    ------------

    ------------

    Got answer (100 bytes):

        HEADER:

            opcode = QUERY, id = 4, rcode = NOERROR

            header flags:  response, auth. answer, want recursion

            questions = 1,  answers = 2,  authority records = 0,  additional = 2

        QUESTIONS:

            my-dns-zone.com, type = NS, class = IN

        ANSWERS:

        ->  my-dns-zone.com

            type = NS, class = IN, dlen = 6

            nameserver = ns2.my-dns-zone.com

            ttl = 7200 (2 hours)

        ->  my-dns-zone.com

            type = NS, class = IN, dlen = 6

            nameserver = ns1.my-dns-zone.com

            ttl = 7200 (2 hours)

        ADDITIONAL RECORDS:

        ->  ns2.my-dns-zone.com

            type = A, class = IN, dlen = 4

            internet address = xx.xx.xx.xx    <-- here is the public IP address of my primary (windows based) DNS server;

            ttl = 7200 (2 hours)

        ->  ns1.my-dns-zone.com

            type = A, class = IN, dlen = 4

            internet address = yy.yy.yy.yy    <-- here is the public IP address of my secondary (linux based) DNS server;

            ttl = 7200 (2 hours)

    ------------

    my-dns-zone.com

            type = NS, class = IN, dlen = 6

            nameserver = ns2.my-dns-zone.com

            ttl = 7200 (2 hours)

    my-dns-zone.com

            type = NS, class = IN, dlen = 6

            nameserver = ns1.my-dns-zone.com

            ttl = 7200 (2 hours)

    ns2.my-dns-zone.com

            type = A, class = IN, dlen = 4

            internet address = xx.xx.xx.xx

            ttl = 7200 (2 hours)

    ns1.my-dns-zone.com

            type = A, class = IN, dlen = 4

            internet address = yy.yy.yy.yy

            ttl = 7200 (2 hours)

    >


    Wednesday, March 23, 2016 10:06 AM

Answers

  • Hi Oleg,

    1.Please post the text of an unedited ipconfig /all of your windows server.
    2.A complete copy of a zone file must have:
    • a valid Start of Authority (SOA) record,
    • valid Name Server (NS) records for the domain, and
    • the listed NS records should match the servers listed in the SOA record

                 Please check them.

    3.Please try to set linux server as master server and  winserver as secondary server,take a zone transfer from linux server.Then set it back.

      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.




    Thursday, March 24, 2016 5:21 AM