Can you ping the target machine?
a) By IP address. Ping 10.1.0.100
b) By Hostname. Ping BigServer
c) By fully qualified domain name. Ping BigServer.guybay.com
Examine the replies for clues, for example is the reply BigServer or BigServer.domain.com.
Depending on the results from Ping, check the Default Gateway and Subnet Mask.
2) Do not neglect IPCONFIG
Collect information about default gateways and DNS servers with IPCONFIG’s switches, particularly the /all.
What you are particularly interested in is the DNS Server’s IP address. Should that field be empty or incorrect then adjust the IP address at the Network Icon, TCP/IP properties.
Remember that Ipconfig has 3 DNS specific switches. On more than one occasion /flushdns has saved me tearing my hair out. What happens is that you may have solved the problem, but the a dirty cache prevents confirmation. Ipconfig /registerdns can save a reboot, while /displaydns may give you extra information on what name resolution the client has achieved.
3) Time to look at the DNS server snap-in
At the DNS console, Click on View (Menu) and make sure that Advanced is ticked. This is rather like ‘Show All files’.
Precisely what to look for in the Snap-in, depends on the problem. If you are checking basic connectivity, then check you have a Host (A) record for the machine you are trying to contact. However, I would follow up PING with a check of the Monitor Tab on the DNS Server icon.
For basic Active Directory / DNS configuration check that the _msdcs records were created by DCPROMO. If not try restarting the Netlogon service.
If you have a more difficult problem, for example zone replication, then click on the Server Icon, Properties. (In the diagram Alan is the name of the server.)
One trap is to investigate the DNS server icon when you should be looking at the Forward Lookup Zone, domain name. (Also vica versa, you look at the domain properties instead of the DNS server icon.)
About half the solution to DNS problems require a restart of the DNS service, fortunately Microsoft supply a Restart option on the ‘All Tasks’ menu.
If the problem involves internet connectivity, then check the root hints
4) NSLookup
My conclusion for troubleshooting with NSLookup is avoid it. Instead, where ever possible, use the above DNS snap-in. At first I was in awe of NSLookup, then I mastered it, then I realized that it did not give me any more information than the DNS snap-in.
So, the killer use of NSLookup is if you do not have the DNS snap-in, for example you are troubleshooting from an XP machine.
The trap with NSLookup is that you forget to configure the PTR records, without the corresponding Reverse Lookup Zone, NSLookup will fail.
Instead of NSLookup I would use DNSLint
5) Hosts files
Reverting to hosts files may seem like taking a step backwards into the dark ages, but many is the time that this trust old technology has solved a problem.
The beauty of the hosts file is its simplicity and the fact that the client operating system reads the hosts file BEFORE it queries DNS. Be sure that you are editing the hosts file in the %systemroot%\system32\drivers\etc. (Not in the \i386 or dllcache folder)
Once you have opened the hosts file with notepad, experiment with hostnames and IP addresses for the server that you wish to connect. Once you have added the host entry try once more to contact with Ping.
Example of Hosts file entries
10.10.0.1 BigServer
or
10.10.0.1 BigServer.guybay.com
6) Event Viewer
In truth the Event Viewer should be the first place to look for clues, not the last! Mastering the Event Viewer is an art in itself. The point to remember is that DNS has its own Log. By all means check the system log or even the application log, but do investigate the DNS log.
Summary of Troubleshooting DNS
When Troubleshooting DNS server, always begin with the basics. Start with Ping, Ipconfig and the DNS snap-in. Also, remember the Event Viewer. One of my favourite troubleshooting utilities is Monitor Server on the DNS Server snap-in.
Advanced DNS Troubleshooting for Windows Server 2003
So you need to solve a DNS problem. The situation is that you have checked the basics and you still suspect that DNS is not working properly. Where next? That depends on your situation. Here are my favourite DNS tips.
Gather evidence by asking questions
1. Will ipconfig /flushdns magically cure the problem? Alternatively, restart the DNS service.
2. Is there one DNS client affected or many clients.
3. Can the very DNS server itself resolve addresses and queries?
4. Beware that the cause is nothing to do with DNS. I once ripped out a perfectly good DNS configuration because I overlooked testing the physical network.
5. A variation of this external cause theme is that a firewall could be blocking DNS ports 53.
6. Do you have correct IP address in the resource records for the very server itself.
7. Is the server Authoritative for the domain that you are querying?
8. Remember to add PTR records in the reverse lookup zone.
9. For Email delivery problems, are the MX records correct?
10. Is the problem related to the internet? How are the Root Hints configured?
11. If it’s a Web browsing problem, which sites are available.
12. Delegation. If you have subzones has delegation given the correct permissions?
Tests that you can make on DNS
The scenario: when you attempt to cure a DNS problem by changing a setting, nothing seems to happen. At least nothing happens until you either restart the DNS service or close then re-open the DNS Snap-in.
So remember to make liberal use of Refresh and also right click the server icon, All Tasks, Restart. Note there is also a Clear Cache setting, which is the equivalent of IPCONFIG /flushdns.
DNS Check list
DNS Server, properties Monitor (Tab). Test Simple and Recursive Queries. If the recursive query fails, check the Root Hints.
Match Host (A) record with PTR in Reverse Lookup Zone; failure could cause problems with internet resolution.
Are there any non-standard characters in any of your names? Be wary of underscores, and hostnames with only numbers.
Could unneeded CName records be masking or confusing Host (A) records? FTP and WWW CName aliases are fine, but for all other cases use CName sparingly.
MX records. It is good practice to create MX records to point to your own server.
Lame Delegations, check that all NS records point to servers that exist and are authoritative for that domain.
Replication problems
Increment the Serial Number to force replication. Navigate to the Forward Lookup Zone (not server icon), Domain name, Properties, SOA (Tab) serial number, Increment (Button).
If you are using Active Directory integrated zones, then you could force an instant replication by going to Active Directory Sites and Services, drill down through Default-first-name-site, servers, NTDS Settings, right click and Replicate Now.
At the Domain properties, Check Zone transfer (Tab). Make sure the setting Allows Transfer.
Registering Records in DNS
Check DHCP. First, a basic check that your Type 006 Option is set to the correct DNS server. Next find the DNS (tab) in DHCP, investigate Dynamic DNS Settings.
Check client TCP/IP properties, Advanced, DNS, Register this connection’s address in DNS. This is the equivalent of IPCONFIG /registerdns
Problems with Active Directory.
Check that the _msdcs folder exists and is populated with lots of records. If not try restarting the Netlogon services. While I am not a great fan of rebooting in Windows 2003, on this occasion I would try a reboot to see if that causes the _msdcs to be populated.
Troubleshooting Methods
Ask: ‘what has changed recently?’
What were the last settings to change? Has any hardware changed? If so reverse engines, revert to how it was and see if that cures the problem. Pattern recognition is a vital troubleshooting skill. Look for patterns, spot what is out of the ordinary, such as resource records that is different, or a spelling misNake in a forwarder name.
The Event Log
Microsoft have provided a clue by situating a copy of the DNS Event log right underneath the server icon. So take advantage of this invitation to search for error messages and lookup the Event ID in TechNet. It may worth a quick look in the system event log, perhaps your DNS problem is a symptom of a bigger problem and not the underlying cause.
Command Prompt
1. IPCONFIG /flushdns /registerdns /displaydns
2. PING
3. TraceRt (Trace route)
4. Route Print
5. NSLookup
6. DNSLint
7. DNSCmd
8. NetDiag and DCDiag
DNS Server Icon
1. Monitoring (Tab)
2. Root Hints (Tab) – Do you need them?
3. Event Viewer – DNS log
4. Debugging Logging (Tab)
Summary of Troubleshooting DNS
The secret of troubleshooting DNS is to follow a structured plan. Play the detective and ask questions. Write down changes that you have made. Make it a habit to collect a wide variety of utilities from Ping to DNSLint.
Not Satisfied ? Just search & get the result
Related posts:
