DNS
42 Topics- Windows Server 2016 is not pingable while it can ping other devices and have DNS problemsHello Community, I have the following problem: On my VMWare vSphere ESXi 6.7 I have two Windows Server 2016 VMs. One (WDS-01) provides the AD, DNS and DHCP Server, the other one (WDS-02) should provide the WDS and WSUS. While WDS-01 works perfect, I can't ping the WDS-02 from the WDS-01 or the coreswitch of my network. WDS-02 also don't have connection to the internet due to a problem with DNS name resolution. But i was able to add WDS-02 to my domain and WDS-02 was able to receive an IP-address lease from my DHCP Service running on WDS-01. WDS-02 can ping all other devices in the network but like I allready said, its not pingable itself. Hope somebody can help me with this problem. Thank you! JonasSolved91KViews0likes9Comments
- Problem to setup DNS server on Windows Server 2016Hello, I have problem to setup my DNS server on Windows Server 2016 Standard. But from beginning. I have installed Hyper-V 2016, on this I create Virtual Machine, and setup there Windows Server 2016. My ActiveDirectory works fine, and I want to add DNS server. I follow many tutorials on YouTube, and everyone have more folders/files in DNS Manager, on forward zone to be exactly. I have attached 2 screens: One is from YouTube where files and folders are visible. Second is from my server where I dont see this files/folders. Can I ask for help? Because I can't figure it out. I dont have ideas. I was reinstalling AD, DNS and nothing. Thank You in advance, Greetings. Jacob.54KViews0likes42Comments
- DNS duplicate record issueCurrently we are seeing duplicate DNS records for multiple DNS zones. This is specific to our VPN IP scopes, as other scopes do not appear to have this problem. In an effort to correct this issue, as it appears to be occurring from DHCP not being able to update/delete DNS records due to the client being the owner of the record, the below steps have been implemented. This is a smaller environment with approx 1200 endpoints, so the slightly more aggressive DNS intervals is not a concern. DHCP lease time adjusted to 8 days from previously 1 day DNS scavenging adjusted to "No Refresh + Refresh" = DHCP lease - 1 day 3 days (no-refresh) + 4 days (refresh) and 1 day scavenging https://docs.microsoft.com/en-us/archive/blogs/askpfe/how-dns-scavenging-and-the-dhcp-lease-duration-relate I also implemented Dynamic DNS Updates per the below MVP blog, but oddly the owner of all DNS records changed from SYSTEM as the owner to being self owned, rather than being owned by the DHCP server. https://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/ The DNS duplicate issue is still occurring, which I'm assuming is due to the DHCP server not owning the DNS records and deleting them when their lease expires or updating when the IP is reassigned. Searched around quite a bit on this one and I'm stumped at this point. Anyone have an thoughts/suggestions to get DNS records to be properly owned by the DHCP server?23KViews0likes6Comments
- External private IP addresses registering with DNS serverHello all, I've been trying to fine-tune our NIDS configuration (which predates my employment here) and more specifically trying to figure out why certain IP addresses/ranges that we don't use, keep appearing in reports/logs. I think I've figured out the root cause, but I'm not sure of the best way to fix it: We have a number of remote users who connect to our network by VPN. As best I can tell, when their laptops connect to the network, they're sending updates to the DNS server running on the DC with both the IP address of their VPN interface (routable on our network) and their private IP address on their home LAN (obviously not routable) - if I do an nslookup on a domain machine, the DC returns two A records, one for each address. This has a slight ripple effect through the network - which manifests mostly with Windows Update Delivery Optimization, where the peer discovery process frequently gets the non-routable private IP somehow and then tries to download Windows updates from it. Long story short: what is the best way to prevent VPN'ed machines from registering external private IP addresses with the DNS server running on the DC?14KViews2likes9Comments
- Upgrading 2012 R2 to 2019 Domain Controller / DFRS / DNS / DHCPHi All, Looking for some advice been a while since I have had to do an upgrade of the domain controllers but I just want to get people advice on the plan I have put in place to do this: Current setup is as follows: Domain Controller Operating System Functional Level FRS / DFRS Other Functions ROLE DC1 Microsoft Windows Server 2012 (64-bit) Windows Server 2012 R2 FRS DNS / DHCP PDC / RID POOL MANAGER DC2 Microsoft Windows Server 2012 (64-bit) Windows Server 2012 R2 FRS DNS / DHCP DC3 Microsoft Windows Server 2012 (64-bit) Windows Server 2012 R2 FRS DNS / DHCP SCHEMA MASTER / DOMAIN NAMING MASTER DC4 Microsoft Windows Server 2012 (64-bit) Windows Server 2012 R2 FRS DNS / DHCP INFRASTRUCTURE MASTER The aim is to upgrade all servers to 2019 and upgrade their functional level to 2016R2 and also if possible or easier keep the existing IP's and Names. Things I need to try and avoid if possible: - No downtime (or minimal) - No impact on live services if possible i.e clients etc - In place upgrading So In terms of the high level plan it was as follows: - Upgrade/Migrate to DFRS on all existing DC's - Create 4 new servers running 2019 i.e DCNEW1, DCNEW2, DCNEW3, DCNEW4 install Active directory and add as a DC Member - Migrate the FSMO Roles to the corresponding new server i.e DC1 > DCNEW1 DC2 > DCNEW2 etc etc - Migrate DHCP / DNS to an other server - Demote the old DC's from AD - Rename / Re-IP the new DC's to the old DC's name and IP address. (I believe I will need to demote the new DCs i.e DCNEW1 and move the FSMO Roles to another server, rename and re-ip the DC to DC1 give it the same ip address, add it as a DC member and then move the FSMO roles back onto it and then repeat this process for each other DC) Some questions i have: Do I really need to upgrade to DFRS 1st ?? or can this be avoided? In a very high level plan, does this sound about right? or am I overthinking or missing anything. Is there a much slicker way to achieve my goal? In order to move a DHCP server I recall just exporting the DHCP scopes exporting/importing using "netsh dhcp server export C:\dhcp.txt all" If I want to move DNS is there anything else i need to consider other than installing the DNS Role? How would anyone else approach this? Help appreciated! ThanksSolved12KViews1like4Comments
- DNS suffix is added when using nslookup but not when using ping or browsingHi everyone, I am using Windows Server 2016, running DHCP and DNS. I have configured DHCP option 15 to add suffix "abc.de". In the DNS server, I've created a zone called "corp.abc.de" .Entries in that zone should be resolvable only by hostname. In theory, if I want to ping user.corp , this should be resolved as the FQDN user.corp.abc.de . example: Server config: A record: "user" inside the forwarding Lookup zone "corp.abc.de" Client machine: We run the below command that works nslookup user.corp Server: DC.corp.abc.de Address: 10.130.3.254 Name: user.corp.abc.de Address: 10.150.70.11 Then we rung the below command that should also work, but it doesn't. ping user.corp Ping request could not find host user.corp. Please check the name and try again. This however, works on Linux machines, but doesn't work on Windows or MAC. I've tried reinstalling the server (both with DC AD and without). After spending 2 days on this, I'm out of ideas. Any help will be highly appreciated.11KViews0likes1Comment
- DNS Server: Edit Name Server Record, Resolve buttonHello, I am configuring a DNS Server on Windows Server 2022 Datacenter (in a test lab environment) and I want to change (resolve) the "Unknown" status with the right IP address. Is there a PowerShell command (including .NET API) or CMD commands to use in order to accomplish what the "Resolve" button does? Thank you.9.9KViews0likes4Comments
- Register only network adapter in DNS which is connected to company networkA client in a company network has multiple network adapters (e.g. VMware Workstation, Virtualbox, Docker). On all network adapters, the checkbox for "Register this connection's addresses in DNS" is checked by default. The client has multiple DNS entries in DNS with all IP addresses of all network adapters. If I uncheck "Register this connection's addresses in DNS" for a network adapter, this IP address is not registered in DNS anymore. This behaviour is expected and correct. It is not reasonable every user needs to configure this checkbox "Register this connection's addresses in DNS" on their own on all network adapters on their client. As an admin, how can I configure globally on all clients in the domain network, only the network adapter which is connected to the company network, is registered in DNS?7.5KViews0likes1Comment
- Server 2016 Std DNS BPA ErrorsI have three DNS errors and a large number of warnings which I cannot resolve. There is also a problem with Windows Time which cannot resolve the time server and defaults to the CMOS clock. There is only one ethernet adaptor: IPConfig/all gives: Windows IP Configuration Host Name . . . . . . . . . . . . : XXX-Server Primary Dns Suffix . . . . . . . : XXX.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : XXX.local Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) I210 Gigabit Network Connection Physical Address. . . . . . . . . : AC-1F-6B-6A-2F-F5 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f8db:3ccb:4fb6:a153%12(Preferred) IPv4 Address. . . . . . . . . . . : 10.0.0.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.0.0.0 Default Gateway . . . . . . . . . : 10.0.0.1 DHCPv6 IAID . . . . . . . . . . . : 61611883 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-E0-CA-14-AC-1F-6B-6A-2F-F5 DNS Servers . . . . . . . . . . . : 10.0.0.100 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.{7E07F518-866F-449E-8032-3F6AAF177C0F}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes DCDiag /test:dns gives: Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = XXX-Server * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\XXX-Server Starting test: Connectivity ......................... XXX-SERVER passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\XXX-SERVER Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... ......................... XXX-SERVER passed test DNS Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : XXX Running enterprise tests on : XXX.local Starting test: DNS Test results for domain controllers: DC: XXX-Server.XXX.local Domain: XXX.local TEST: Dynamic update (Dyn) Warning: Failed to delete the test record dcdiag-test-record in zone XXX.local XXX-Server PASS PASS PASS PASS WARN PASS n/a ......................... XXX.local passed test DNS Any help gratefully received.5.6KViews0likes8Comments