Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, August 18, 2011 6:12 PM
Environment: Windows 2008 R2
Problem: I added an IP Address and host name to my Windows host file. I restarted the DNS server. I can use nslookup to reslove the name but after a period of time passes it will no longer resolve. If I restart the DNS server, the process repeats itself with the end result being not able to reslove the host name.
What am I missing?
Thanks...CJ
All replies (10)
Friday, August 19, 2011 3:14 PM ✅Answered
I'm not updating a client machine, I'm using the HOST file on the Windows 2008 R2 DNS server and restarting the DNS server service does cause the host to resolve with nslookup and ping. Why? Don't have a clue. Why it goes away was the reason for my initial post. I thought the DNS would always use the HOST file records.
The DNS server does not use its own local HOSTS file. It's only used by the local client side resolver that is trying to resolve the name you're pinging or using nslookup, etc, such as your workstation or someone else's workstation, or even if you were physically sitting at the DNS server's console, but to a DNS client that is using the DNS server as a DNS address in its NIC properties.
Read the following for more info on this:
Technet Thread question: "HOSTS file in DNS server - why not?"
http://social.technet.microsoft.com/Forums/en/winserverNIS/thread/20e6a7cc-62e9-49e6-bdbb-815156be9f91
So, any clue to what is blocking name resolution? I don't think the Windows firewall is causing the problem because when I turn it off the problem remains. One other clue: when I do an nslookup on the short name I get a Non-authoritative answer, which I would expect because my DNS doesn't have the record, but it returns the FQDN but no IP address.
If you are getting an non-authorative response, and the IP address is empty, then that means the record exists, but no IP address was conifigured for the record.
This may be the case where the record is a blank domain record, for example when you run nslookup on 'domain.local' (also applies to the Active Directory LdapIpADdress - the one that shows up as 'same as parent'). If this is the case, then the nslookup response will show a name but without an IP. To create an IP for that type of record (a blank domain record):
- go into the DNS console
- right-click the zone
- create new host record
- leave the name blank
- type in the IP address, and hit Ok
No, there are no trusts between my domain and any of the other internal domains. I can give a stub zone a try but if DNS is functioning properly I shouldn't have to do that. Currently, I'm using root hints (which resolve) and no forwarders. I'm really trying to figure out the root cause of the problem. The root hints servers contain the records for the host I'm trying to resolve but for some reason I'm not getting the info. returned to my DNS.
I believe the DNS server in the domain I'm trying to get name resoluton from is Unix based.
Thanks... CJ
By default, the Root hints will only resolve public names. Is the name you're speaking of a public name? Unless you altered the Root Hints list?
You can also opt to use a Forwarder, or a conditional forwarder.
You can also create a zone based on the record name, such as wwwserver.domain.local, and create a blank hostname and IP address.
However, based on your description, it sounds like there may be a slight DNS infrastructure resolution design issue, or it could be based on a simple IP address missing on a record.
I also believe based on some of the responses, that there maybe a slight misconception on how this whole resolution thing works.
To make sure that all machines in an infrastructure can resolve everything in the infrastructure, and with the correct name to IP, then all DNS servers that are listed in the client side NIC properties must all have a reference to the zone (whether thru a stub, secondary, fowarder or conditional forwarder). Therefore all DNS addresses configured on a machine MUST be able to resolve everything or ahave a reference to it.
Say for example if your client machine's NIC has different DNS addresses that do not have the same data, such as pointing to your own internal DNS, and another address pointing to an ISP's DNS, or a partner company DNS that neither have info in your own zone, then you will always get inconsistent results that may be frustrating to try to find the problem.
HOSTS files are avoided for the most part, because they cannot be centrally controlled, and are only individual to a specific machine (no other machines can use them) unless physically copied to other machines. That's why we tend to stay away from their use. They can also cause problems if a user creates their own hosts file names, and one day in the future complain that they can't get to a resource, that is usually the last place we look because we assume no one has touched it.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Thursday, August 18, 2011 8:16 PM
Hi,
Question:
Why do you use the hosts file? Why don't you add a host record in DNS? Did you configure a reverse lookup zone?
MCTS...
Friday, August 19, 2011 2:23 AM
Hi,
I assume you have updated the host file of a client machine. try to ping that IP. I believe you dns doesnot have that record.
Ping using name resolution processes local to the computer, but NSLOOKUP uses the DNS service on the name server you connected to.
Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Friday, August 19, 2011 3:37 AM
I agree with Tanmoy.
Nslookup is a "NameServerLookup" tool. It ignores the Windows HOSTS file. Restarting DNS wouldn't matter.
As Marius asked, why are you using the HOSTS file? If you have a DNS server, remove the entries you made in your HOSTS file, and create all necessary hostname in DNS under your zone name.
Also, make absolutely sure that the only DNS address configured in your NIC is YOUR DNS server, otherwise expect mixed results.
Another factor is the search suffix. If you expect to ping or nslookup based on the single name, then your search suffix (or Primary DNS Suffix) must match the zone name.
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, August 19, 2011 11:37 AM
Why am I using the HOST file: To get name resolution for a computer that is NOT in my domain.
I'm not updating a client machine, I'm using the HOST file on the Windows 2008 R2 DNS server and restarting the DNS server service does cause the host to resolve with nslookup and ping. Why? Don't have a clue. Why it goes away was the reason for my initial post. I thought the DNS would always use the HOST file records.
The hostname I'm trying to get name resolution for is located internally but is located in a different internal domain, ie different zone. I could create an alias but I believe if your DNS environment is working properly you shouldn't need that approach.
All of the domains are listed as DNS search suffixes, including the domain where this host lives. Also, it doesn't matter if I use a short name ore a FQDN, it won't resolve via ping or nslookup even though it is in the resolver cache ( ipconfig /displaydns )
So, any clue to what is blocking name resolution? I don't think the Windows firewall is causing the problem because when I turn it off the problem remains. One other clue: when I do an nslookup on the short name I get a Non-authoritative answer, which I would expect because my DNS doesn't have the record, but it returns the FQDN but no IP address.
CJ
Friday, August 19, 2011 12:46 PM
Hi,
"Why am I using the HOST file: To get name resolution for a computer that is NOT in my domain" -now we are getting somwhere. If you had given enough details regarding the situation we would have had a better understanding of your infrastructure.
There are more 'efficient' way of doing this:
You can create a stub zone from the other domain on your DNS server. Make sure the DNS server in that domain allows zone transfers to your domain's DNS. If the other domain is on a different subnet make sure you add a static route to that subnet. Are there any forest trusts between the domains?
Regards,
Marius
MCTS...
Friday, August 19, 2011 1:13 PM
No, there are no trusts between my domain and any of the other internal domains. I can give a stub zone a try but if DNS is functioning properly I shouldn't have to do that. Currently, I'm using root hints (which resolve) and no forwarders. I'm really trying to figure out the root cause of the problem. The root hints servers contain the records for the host I'm trying to resolve but for some reason I'm not getting the info. returned to my DNS.
I believe the DNS server in the domain I'm trying to get name resoluton from is Unix based.
Thanks... CJ
Friday, August 19, 2011 1:26 PM
hello,
Try to enable bind secondaries on your server. Then allow zone transfers from the Unix dns to your server. There should be a way to create a secondary zone, a read only copy of the unix based zone. Also consider creating a Realm Trust.
Hope it helps.
MCTS...
Friday, August 19, 2011 6:42 PM
Ace,
Good info. I should be able to get this figured out.
The servers listed in my root hints are not Public they are Private. That may be one of the reasons that I get name resolution for awhile and then it disappers and then magically returns. I'll start using the conditional forwarder.
Thanks again... CJ
Friday, August 19, 2011 10:27 PM
You're welcome, CJ.
Keep in mind to only use your own internal DNS. Make sure there's a forwarder or conditional forwarder to the other one.
:-)
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.