locked
Dns issue RRS feed

  • 問題

  • 你好, 有一些DNS 的問題, 想請教一下

    網絡的環境如下:

    除了Win2k8R2 做內部的DNS , 另外還有兩台用Centos 做外部的DNS,

    用dcdiag /test:dns , 出現以下的問題:

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       Home Server = DC

       * Identified AD Forest.
       Done gathering initial info.


    Doing initial required tests

      
       Testing server: Default-First-Site-Name\DC

          Starting test: Connectivity

             ......................... DC passed test Connectivity

     

    Doing primary tests

      
       Testing server: Default-First-Site-Name\DC

      
          Starting test: DNS

            

             DNS Tests are running and not hung. Please wait a few minutes...

             ......................... DC passed test DNS

      
       Running partition tests on : ForestDnsZones

      
       Running partition tests on : DomainDnsZones

      
       Running partition tests on : Schema

      
       Running partition tests on : Configuration

      
       Running partition tests on : domain

      
       Running enterprise tests on : domain.com

          Starting test: DNS

             Test results for domain controllers:

               
                DC: DC.domain.com

                Domain: domain.com

               

                     
                   TEST: Basic (Basc)
                      Warning: adapter

                      [00000007] Microsoft Virtual Machine Bus Network Adapter has

                      invalid DNS server: 192.168.5.2 (<name unavailable>)

                      Warning: adapter

                      [00000007] Microsoft Virtual Machine Bus Network Adapter has

                      invalid DNS server: 192.168.5.3 (<name unavailable>)

                     
                   TEST: Records registration (RReg)
                      Network Adapter

                      [00000007] Microsoft Virtual Machine Bus Network Adapter:

                         Warning:
                         Missing CNAME record at DNS server 192.168.5.2:
                         093c433d-e69f-4748-a67e-1e8700299e8c._msdcs.domain.com
                        
                         Warning:
                         Missing A record at DNS server 192.168.5.2:
                         DC.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.f929fb9f-0f3f-4979-91d4-66e177736194.domains._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kerberos._tcp.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kerberos._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kerberos._udp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kpasswd._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _kerberos._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.gc._msdcs.domain.com
                        
                         Warning:
                         Missing A record at DNS server 192.168.5.2:
                         gc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _gc._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.2:
                         _ldap._tcp.pdc._msdcs.domain.com
                        
                         Warning:
                         Missing CNAME record at DNS server 192.168.5.3:
                         093c433d-e69f-4748-a67e-1e8700299e8c._msdcs.domain.com
                        
                         Warning:
                         Missing A record at DNS server 192.168.5.3:
                         DC.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.f929fb9f-0f3f-4979-91d4-66e177736194.domains._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kerberos._tcp.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kerberos._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kerberos._udp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kpasswd._tcp.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _kerberos._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.gc._msdcs.domain.com
                        
                         Warning:
                         Missing A record at DNS server 192.168.5.3:
                         gc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _gc._tcp.Default-First-Site-Name._sites.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.com
                        
                         Error:
                         Missing SRV record at DNS server 192.168.5.3:
                         _ldap._tcp.pdc._msdcs.domain.com
                        
                   Error: Record registrations cannot be found for all the network

                   adapters

            
             Summary of test results for DNS servers used by the above domain

             controllers:

            

                DNS server: 192.168.5.2 (<name unavailable>)

                   1 test failure on this DNS server

                   Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 192.168.5.2
                  
                DNS server: 192.168.5.3 (<name unavailable>)

                   1 test failure on this DNS server

                   Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 192.168.5.3
                  
             Summary of DNS test results:

            
                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: domain.com

                   DC                           PASS WARN PASS PASS PASS FAIL n/a 
            
             ......................... domain.com failed test DNS

     

    三個DNS SERVER 都是運作正常, 我需要在CENTOS 外部的DNS 加回有關的記錄嗎?

    2013年9月9日 上午 06:54

解答

  • 在LAN Zone機器使用DMZ的Dns服務器是有甚麼考慮嗎?

    我想像的話, 只用127.0.0.1 (或多加一台內部DNS) 就可以了

    如果要在LAN查詢DMZ的機器, 可以試試用DNS Conditional Forwarder

    http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx


    邊幫助, 邊鍛鍊

    • 已提議為解答 AChange 2013年9月12日 上午 10:25
    • 已標示為解答 AChange 2013年9月16日 上午 01:31
    2013年9月9日 上午 07:17
  • Hi

    如果你在DMZ中的DNS並沒有要讓AD的Client作查詢登入的話,是可以不理會

    然後,將您內部的DNS透過Forward的方式轉到DMZ中的DNS即可

    實際上的網卡並不需要將DNS往外部指,指自己就可以了


    Best Regards, Daniel Liang

    • 已提議為解答 AChange 2013年9月12日 上午 10:25
    • 已標示為解答 AChange 2013年9月16日 上午 01:31
    2013年9月9日 上午 07:25

所有回覆

  • 在LAN Zone機器使用DMZ的Dns服務器是有甚麼考慮嗎?

    我想像的話, 只用127.0.0.1 (或多加一台內部DNS) 就可以了

    如果要在LAN查詢DMZ的機器, 可以試試用DNS Conditional Forwarder

    http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx


    邊幫助, 邊鍛鍊

    • 已提議為解答 AChange 2013年9月12日 上午 10:25
    • 已標示為解答 AChange 2013年9月16日 上午 01:31
    2013年9月9日 上午 07:17
  • Hi

    如果你在DMZ中的DNS並沒有要讓AD的Client作查詢登入的話,是可以不理會

    然後,將您內部的DNS透過Forward的方式轉到DMZ中的DNS即可

    實際上的網卡並不需要將DNS往外部指,指自己就可以了


    Best Regards, Daniel Liang

    • 已提議為解答 AChange 2013年9月12日 上午 10:25
    • 已標示為解答 AChange 2013年9月16日 上午 01:31
    2013年9月9日 上午 07:25