Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, July 8, 2015 4:42 PM
Hello. I'm fairly new to advanced DNS administration. My organization is in the process of migrating our non-AD DNS servers and I'm trying to script what should be a simple process, but I'm running into some problems.
I'm trying to add an NS record to all of my zones via either PowerShell or dnscmd, each with the same result--an asterisk by the IP address, meaning it is an "IP address retrieved as the result of a DNS query and may not represent actual records on this server". The zone absolutely will not transfer when the asterisk is present.
If I add the same server via the Name Servers tab in the GUI, there is no asterisk and the zone transfers without issue.
Results are the same whether commands or GUI change occurs on the server in question or on a remote server. I hope this is enough information. Thank you for your time.
All replies (3)
Thursday, July 9, 2015 7:05 AM ✅Answered | 1 vote
Hi Thewaiting28bs,
When adding NS record by GUI, we specify the FQDN and IP address.
When adding by commands, we type the FQDN, not IP address. The DNS server would serach for the Host record to get IP address.
If the A record of the FQDN is in the same zone of the NS record, there would not be an asterisk.
For example:
1. dnscmd aaa.old.com /recordadd old.com "@" NS bbb.new.com
There would be an asterisk.
2. dnscmd aaa.old.com /recordadd old.com "@" NS bbb.old.com
There would be no asterisks.
Best Regards,
Leo
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, July 9, 2015 5:12 PM ✅Answered
Okay so I think I found a workable solution.
Creating an A record for the DNS servers in each zone works as long as they point to the right IP address. I can then create an NS record with the same hostname in the A record and the zone then transfers correctly.
Seems so simple in hindsight. Thank you for your help.
Thursday, July 9, 2015 4:39 PM
Hey Leo, I appreciate your response--I unmarked your reply as the answer because I'm still sort of stuck.
You were absolutely correct in your diagnosis, and as I dug deeper, I found out exactly where the problem lies. Correct me if I'm wrong, but what I'm missing in the .dns file for the NS record entry added by the command line is a glue record telling the zone where it can find the specified NS server?
Added by GUI
@ NS svr-dns1.domain.local
svr-dns1.domain.local A 192.168.1.10
@ NS svr-dns2.domain.local
svr-dns2.domain.local A 192.168.1.11
@ NS svr-dns3.domain.local
svr-dns3.domain.local A 192.168.1.12
Added by command line
@ NS svr-dns1.domain.local
svr-dns1.domain.local A 192.168.1.10
@ NS svr-dns2.domain.local
svr-dns2.domain.local A 192.168.1.11
@ NS svr-dns3.domain.local
Notice the the last DNS server does not have a glue record telling the zone what IP address svr-dns3 can be found at.
If I edit the .dns file and manually add that line, the asterisk is gone. So the question is, how can I script that? I've done a bit of digging into glue records, but I haven't found anything that has worked yet.
If I add an A record for the DNS server for that zone: svr-dns3.webdomain.com -- then add the NS record svr-dns3.webdomain.com A 192.168.1.12, then there is no asterisk, but that's kind of a clunky work around.
My organization's DNS servers are all in one domain, but the DNS servers in question host dozens of zones for websites and such, so our name servers are not a part of those zones, which cuts out 99% of helpful Google search results.
Thank you again for your help!
Edit: Found workable solution--marked Leo's response as answer again, as it set me in the right direction to solve the problem.