What
problem are you having?
- The DNS server is not responding to clients.
- The DNS server does not resolve names correctly.
- The DNS server appears to be affected by a problem for reasons not described here.
The
DNS server is not responding to clients.
Cause:  The Domain Name System (DNS) server is affected
by a network failure.
Solution:  Verify that the server computer has a valid
functioning network connection. First, check that related client hardware
(cables and network adapters) are working properly at the client by using basic
network and hardware troubleshooting steps.
If the server hardware appears to be
prepared and functioning properly, check that it has network connectivity by
using the ping command to contact other computers or routers (such as
its default gateway) that are used and available on the same network as the
affected DNS servers.
Cause:  The DNS server is reachable through basic
network testing, but it is not responding to DNS queries from clients.
Solution:  If the DNS client can ping the DNS server
computer, verify that the DNS server is started and able to listen to and
respond to client requests. Try using the nslookup command to test
whether the server can respond to DNS clients.
For more information, see Start or Stop a DNS Server.
Cause:  The DNS server has been configured to limit
service to a specific list of its configured IP addresses. The IP address
originally used in testing its responsiveness is not included in this list.
Solution:  If the server was previously configured to
restrict the IP addresses for which it responds to queries, it is possible that
the IP address that are being used by clients to contact it is not in the list
of restricted IP addresses that are permitted to provide service to clients.
Try testing the server for a
response again, but specify a different IP address that is known to be in the
restricted interfaces list for the server. If the DNS server responds for that
address, add the missing server IP address to the list.
Cause:  The DNS server has been configured to disable
the use of its automatically created default reverse lookup zones.
Solution:  Verify that automatically created reverse lookup
zones have been created for the server or that advanced configuration changes
have not been previously made to the server.
By default, DNS servers
automatically create the following three standard reverse lookup zones based on
Request for Comments (RFC) recommendations.
These zones are created with common
IP addresses covered by these zones that are not useful in a reverse lookup
search (0.0.0.0, 127.0.0.1, and 255.255.255.255). By being authoritative for
the zones corresponding to these addresses, the DNS service avoids unnecessary
recursion to root servers to perform reverse lookups on these types of IP
addresses.
It is possible, although unlikely,
that these automatic zones are not created. This is because disabling the
creation of these zones involves advanced manual configuration of the server
registry by a user.
To verify that these zones have been
created, do the following:
- Open DNS Manager.
- On the View menu, click Advanced.
- In the console tree, click Reverse Lookup Zones.
 
 Where?
- DNS/applicable DNS server/Reverse Lookup Zones
- In the details pane, verify that the following reverse lookup zones are present:
- 0.in-addr.arpa
- 127.in-addr.arpa
- 255.in-addr.arpa
Cause:  The DNS server is configured to use a nondefault
service port, for example, in an advanced security or firewall configuration.
Solution:  Verify that the DNS server is not using a
nonstandard configuration.
This is a rare but possible cause.
By default, the nslookup command sends queries to targeted DNS servers
using User Datagram Protocol (UDP) port 53. If the DNS server is located
on another network and is reachable only through an intermediate host (such as
a packet-filtering router or proxy server), the DNS server might use a
nonstandard port to listen for and receive client requests.
If this situation applies, determine
whether any intermediate firewall or proxy server configuration is
intentionally used to block traffic on well-known service ports that are used
for DNS. If not, you might be able to add such a packet filter to these
configurations to permit traffic to standard DNS ports.
Also, check the DNS server event log
to see if Event ID 414 or other critical service-related events have occurred that
might indicate why the DNS server is not responding.
The
DNS server does not resolve names correctly.
Cause:  The DNS server provides incorrect data for
queries that it answers successfully.
Solution:  Determine the cause of the incorrect data for
the DNS server.
Some of the most likely causes
include the following:
- Resource records were not dynamically updated in a zone.
- An error was made when static resource records were manually added or modified in the zone.
- Stale resource records in the DNS server database that were left from cached lookups or zone records were not updated with current information or removed when they were no longer needed.
To help prevent the most common
types of problems, be sure to first review best practices for tips and suggestions
for deploying and managing your DNS servers. Also, follow and use the
checklists that are appropriate for installing and configuring DNS servers and
clients, based on your deployment needs.
If you are deploying DNS for Active
Directory Domain Services (AD DS), note the new directory-integration
features. These features can cause some differences for DNS server
defaults—when the DNS database is directory-integrated—that differ from the DNS
server defaults that are used with traditional file-based storage.
Many DNS server problems start with
failed queries at a client. Therefore, it is often a good idea to start there
and troubleshoot the DNS client first.
For more information, see Troubleshooting DNS Clients
Cause:  The DNS server does not resolve names for
computers or services outside your immediate network, for example, the names of
computers or services that are located on external networks or the Internet.
Solution:  The server has a problem with its ability to
correctly perform recursion. Recursion is used in most DNS configurations to
resolve names that are not located within the configured DNS domain name that
is used by the DNS servers and clients.
If a DNS server fails to resolve a
name for which it is not authoritative, the cause is usually a failed recursive
query. Recursive queries are used frequently by DNS servers to resolve remote
names that are delegated to other DNS zones and servers.
For recursion to work successfully,
all DNS servers in the path of a recursive query must be able to respond to and
forward correct data. If not, a recursive query can fail for any of the
following reasons:
- The recursive query times out before it can be completed.
- A remote DNS server fails to respond.
- A remote DNS server provides incorrect data.
Cause:  The DNS server is not configured to use other
DNS servers to assist it in resolving queries.
Solution:  Check whether the DNS server can use both
forwarders and recursion.
By default, all DNS servers are
enabled to use recursion, although the option to disable its use is
configurable in DNS Manager to modify advanced server options. The other
possible situation in which recursion might be disabled is if the server is
configured to use forwarders and recursion has been specifically disabled for
that configuration.
Note  
If you disable recursion on the
  DNS server, you will not be able to use forwarders on the same server.
.
For more information, see Configure a DNS Server to Use Forwarders.
Cause:  Current root hints for the DNS server are not
valid.
Solution:  Check whether server root hints are valid.
If they are configured and used
correctly, root hints should always point to DNS servers that are authoritative
for the zone that contains the domain root and top-level domains.
By default, DNS servers are configured
to use root hints that are appropriate to your deployment, based on the
following available choices when you use DNS Manager to configure a server:
- If the DNS server is installed as the first DNS server
     for your network, it is configured as a root server. 
 
 For this configuration, root hints are disabled at the server because the server is authoritative for the root zone.
- If the installed server is an additional DNS server for your network, you can direct the Configure a DNS Server Wizard to update its root hints from an existing DNS server on the network.
- If you do not have other DNS servers on your network but you still need to resolve Internet DNS names, you can use the default root hints file, which includes a list of Internet root servers that are authoritative for the Internet DNS namespace.
Cause: The DNS server does not have network connectivity to
the root servers.
Solution:  Test for connectivity to the root servers.
If root hints appear to be
configured correctly, verify that the DNS server that is used in a failed query
can ping its root servers by IP address
If a ping attempt to one root server
fails, it might indicate that an IP address for that root server has changed.
Reconfiguration of root servers, however, is uncommon.
A more likely cause is a full loss
of network connectivity or in some cases, poor network performance on the
intermediate network links between the DNS server and its configured root
servers. Follow basic TCP/IP network troubleshooting steps to diagnose
connections and determine whether this is the problem.
By default, the DNS service uses a
recursive time-out of 15 seconds before failing a recursive query. Under
normal network conditions, this time-out does not have to be changed. If
performance requires it, however, you can increase this value.
To review additional
performance-related information for DNS queries, you can enable and use the DNS
server debug log file, Dns.log. This log can provide extensive information
about some types of service-related events.
Cause: Other problems exist with updating DNS server data,
such as an issue that is related to zones or dynamic updates.
Solution:  Determine whether the problem is related to
zones. As needed, troubleshoot any issues in this area, such as possible
failure of zone transfer.
For more information, see Troubleshooting Dynamic Updates; Troubleshooting zone problems.
The
DNS server appears to be affected by a problem for reasons not described here.
Cause:  My problem is not described here.
Solution:  Search TechNet (http://go.microsoft.com/fwlink/?LinkId=170)
for the latest technical information that might relate to the problem. If
necessary, you can obtain information and instructions that pertain to your
problem or issue.
If you are connected to the
Internet, the latest operating system updates are available at Microsoft Update
(http://go.microsoft.com/fwlink/?LinkId=284).
No comments:
Post a Comment