On a network running
Windows Server 2003 servers, the inability to resolve DNS names can
bring client activities to a standstill, because Active Directory relies
on DNS and is responsible for controlling all client access to Windows
server resources. When a client’s attempts to resolve DNS names fail,
there are usually two possible causes: either the client is incorrectly
configured, or the DNS server itself is inaccessible or not functioning
properly. These problems are discussed in the following sections.
Troubleshooting Client Configuration Problems
When a client reports a
failure to access a TCP/IP resource, such as a “Name Not Found” error
message, the first order of business is to determine whether the
computer has any TCP/IP connectivity at all. Once you have determined
that the computer is connected to the network and that it can access
TCP/IP resources, the usual method for isolating a name resolution
problem is to try accessing a server using its IP address instead of its
DNS name. If the computer can access the server using the IP address,
you know that the problem is related to the name resolution process.
The next order of
business is to check the client computer’s TCP/IP configuration
parameters. Assuming that the client is running Windows 2000 or Windows
XP, display a Command Prompt window, type ipconfig /all
at the prompt, and press Enter. The resulting display contains all the
computer’s TCP/IP settings, including the IP addresses of the DNS
servers it is configured to use.
Check to see that the
IP addresses listed under DNS Servers in the Ipconfig.exe display are
correct for a computer on the client’s network. If they are not correct,
you can modify them using the Network Connections tool. If the IP
addresses of the DNS servers are correct, use the Ping.exe tool at the
command prompt to determine if the client computer can contact them,
using the following syntax, where ipaddress is the address of the DNS server:
If
the ping test fails, you know that either the DNS server is not running
at all, or a network connectivity problem is preventing the client from
accessing the DNS server. If you have already checked the client
computer’s general network connectivity, there might be a problem with
the router or other connection device that provides access to the
network on which the DNS server is located. If this is the case, follow
the protocol established at your organization for troubleshooting a
network connectivity problem. This protocol might require you to
escalate the incident to another technician, or to begin the
troubleshooting process yourself. In either case, if the client’s
computer can access the network and is configured with the correct DNS
server addresses, you can be sure that the problem lies elsewhere in the
network.
Troubleshooting DNS Server Problems
If a client computer
is able to access the network, and you have ruled out other network
connectivity problems, the cause of the name resolution failures lies in
the DNS server itself. A variety of conditions can prevent DNS servers
from fulfilling their functions, as described in the following sections.
Non-Functioning DNS Servers
If a client is unable
to ping a DNS server, and there is no client configuration or network
connectivity problem, the DNS server itself might not be functioning, or
might be suffering from its own configuration or connectivity problem.
Assuming the server is turned on and the operating system is running as
it should, you should begin by checking the server’s own TCP/IP client
configuration parameters.
|
Windows Server 2003
DNS servers should have static IP addresses. If the server is configured
to obtain its IP address from DHCP, then make sure that the DHCP server
is manually allocating the address, so that it never changes, and that
the DNS server is actually using the IP address that the DNS clients are
configured to use. You can use the same ipconfig /all command to view the DNS server’s IP address and other TCP/IP settings, whether or not they are assigned by DHCP.
|
If clients are able to
ping the DNS server, but are not receiving replies to name resolution
requests, the problem could be that the DNS Server service is not
running. Display the Services console and check to see that its status
is Started. In nearly all cases, the Startup Type selector for the
service should be set to Automatic. If the Startup Type selector is set
to Manual, then it is likely that the server restarted and no one
manually started the DNS Server service. If the Startup Type selector
for the DNS Server service is Automatic and the service is not running,
either someone stopped it deliberately or a problem caused it to stop.
Check the logs in the Event Viewer console for any indication of a
problem, and check with your colleagues to see if someone is working on
the server and has stopped it for a reason.
If
you can find no reason for the DNS Server service to have stopped, you
can try to start it again. Then test it carefully to see if it is
functioning properly.
Tip
To
test the functionality of a Windows Server 2003 DNS server, display the
server’s Properties dialog box in the DNS console and then click the
Monitoring tab. Choose whether you want to perform a simple (iterative)
query or a recursive query test and then click Test Now. Windows Server
2003 also includes a tool called Nslookup.exe, which you can use to test
the functionality of a specific DNS server from any location on the
network. |
Troubleshooting Incorrect Name Resolutions
In some cases,
client computers are able to complete the DNS name resolution process,
but the DNS server supplies them with outdated or incorrect information.
If the clients are attempting to resolve names for which the DNS server
is the authoritative source, it is possible that the DNS server has bad
information in its resource records. This could be attributable to any
of the following causes:
Incorrect resource records
If your DNS servers rely on administrators to manually create and
modify resource records, the possibility of typographical errors always
exists. If this is the case, the only solution is to manually check and
correct the resource records on the server.
Dynamic updates failed to occur
If you have configured your DNS servers to use dynamic updates, and
those updates have not occurred for any reason, the server’s resource
records could contain incorrect or outdated IP addresses. In this event,
you can correct the resource records manually, or trigger a new dynamic
update by traveling to the computer whose resource record is wrong and
typing ipconfig /registerdns
at a command prompt. This causes the DNS client on the computer to
re-register its IP address with the DNS server. If dynamic updates still
fail to occur, check to see whether the server supports them and is
configured to accept them.
Zone transfers failed to occur
If the DNS server is incorrectly resolving names from a secondary zone,
it is possible that a zone transfer has failed to occur, leaving
outdated information in the secondary zone database file. Try to
manually trigger a zone transfer. If the zone transfer still does not
occur, the problem might be due to incompatible DNS server
implementations, such as different compression formats or unsupported
resource record types. If this is the case, you might have to update the
secondary zone’s resource records manually, until you can update one or
both servers to compatible DNS software implementations.
If the DNS server
supplying incorrect information is not the authority for the names it is
resolving, it is possible that the server’s cache contains incorrect or
outdated information. The best solution for this problem is to clear
the cache, which you do in Windows Server 2003 by clicking the server’s
icon in the DNS console and, from the Action menu, selecting Clear
Cache.
Troubleshooting Outside Name Resolution Failures
In some cases, you
might discover that a DNS server can successfully resolve names for
which it is the authority, but fails to resolve names in other domains.
This problem is typically due to a recursion failure, meaning that the
server is not forwarding queries for other domains to the appropriate
place, or is not forwarding queries at all.
One possible cause of recursion failures is that the server is configured with incorrect root hints. The root hints
are a DNS server’s list of root name server addresses, which it uses to
resolve names outside its domain. If the server cannot contact one of
the root name servers, it cannot discover the IP addresses of the
authoritative servers for the domain that contains the name it is trying
to resolve. The DNS server in Windows Server 2003 comes preconfigured
with root hints for the Internet root name servers, as shown in Figure 1.
Off the Record
The
addresses of the Internet root name servers rarely change, and it is
not likely that a Windows DNS server would be unable to contact even one
of these servers, unless someone modifies the root hints. It is more
common for a network connectivity problem to be affecting the server’s
communication with the root name servers. |
Incorrect
root hints are more likely to cause problems in a DNS namespace that is
isolated from the Internet and contains its own internal root. If this
is the case, the person who initially configured the DNS server probably
forgot to add the internal root name server to the list of root hints,
or typed the root name server’s address incorrectly. Correcting the root
hints in the DNS console should resolve the problem.
It is also
possible that the server is configured not to use recursion at all.
Windows Server 2003 DNS servers use recursion by default, but it is
possible to prevent the server from using recursion by selecting the
Disable Recursion check box under Server Options in the Advanced tab in
the server’s Properties dialog box. You can also prevent recursion when
configuring a Windows DNS server to use forwarders. When you display a
DNS server’s Properties dialog box, you can select the Do Not Use
Recursion For This Domain check box. This prevents the server from using
any recursion, should the forwarder be unable to resolve a name. If you
require the server to use recursion, be sure that these options are not
selected.
