NSlookup Problem 2

[neutec]

Hello,
I running a Win2k domain and on the DC when I run nslookup it comes back with >localhost 127.0.0.1
but when I try the same on a client within the network I get
*** Can't find server name for address 192.168.100.2: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.100.2

192.168.100.2 is my DC. I have a host record for it. Any ideas what is wrong here?

Thanks

 

[GlenJohnson]

Nothing. On the client type nslookup computer to find and see what you get.

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[neutec]

When I try a nslookup ns1 I get

C:\Documents and Settings\jay>nslookup ns1
*** Can't find server name for address 192.168.100.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.100.2

Name: ns1.kellyville.net
Address: 192.168.100.2

It works but I still get the error, Cant find server

 

[hollebcons]

Hi,
Try doing reverse lookup, i.e. in nslookup try resolving 192.168.100.2
If it is not resolved as ns1.kellyville.net that means that your zone is not properly defined.
Vladimir Mikhelson

 

[neutec]

Here is what I get:

C:\Documents and Settings\jay>nslookup 192.168.100.2
*** Can't find server name for address 192.168.100.2: Non-existent domain
*** Default servers are not available
Server: UnKnown
Address: 192.168.100.2

*** UnKnown can't find 192.168.100.2: Non-existent domain

I did not have a reverse zone setup so I added it. But the results are the same.

Thanks for your help guys.

 

[ricpinto]

Ok download netdiag.exe

http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/netdiag-o.asp

install it then make sure "remote registry service" is started then from the command prompt run netdiag/fix.

 

[GlenJohnson]

Silly question, are you running interactivelly?

C:\>nslookup
*** Can't find server name for address 192.168.2.1: Non-existent domain
*** Default servers are not available
Default Server: UnKnown
Address: 192.168.2.1

> nslookup 192.168.100.2
Server: [192.168.100.2]
Address: 192.168.100.2

DNS request timed out.
timeout was 2 seconds.
*** Request to 192.168.100.2 timed-out
>

The > means your running interactively. If you go
C:\nslookup 192.168.100.2 it will fail everytime. Try going C:\nslookup and then hit enter. You will then get the >. Type nslookup 192.168.100.2 from that and see what happens. I know this sounds pretty basic, but I've been fooled by some of the simple stuff. Good luck.

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[neutec]

ricpinto you the man (or maybe woman. That fixed it. Im not sure still what was wrong. When I ran netdiag.exe without the /fix switch everything passed. As soon as I ran it with /fix nslookup began working on the clients.
Thanks again for everyones help.

 

[GlenJohnson]

Glen A. Johnson
Johnson Computer Consulting

http://www.johnsoncomputers.us

"I only know that I know nothing."
Socrates (47-399 BC); Greek philosopher

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884

 

[ricpinto]

Thanks for the * but for the record, I'm a MAN . Don't ask me what's wrong. What I notice is that when DNS forward zone has no entry like _msdcs, _sites, _tcp, _udp folders my NSLOOKUP will not work and a lot of funny DNS error on my event viewer. When I haven't find out the solution for the netdiag/fix, I keep reinstalling a new server until DNS _msdcs, _tcp etc folders appears before I will put it in production. Just like that just reinstall again then suddenly those folders appears .

 

[compgirlfhredi]

Because host names are encoded in UTF-8 format, they do not necessarily have only 1 byte per character. ASCII characters are 1 byte each, but the size of extended characters is more than 1 byte

 

[compgirlfhredi]

A successful Nslookup response looks like this:

Server: <Name of DNS server>
Address: <IP address of DNS server>
<Response data>

Nslookup might also return one of several errors. The following message means that the resolver did not locate a PTR resource record (containing the host name) for the server IP address. Nslookup can still query the DNS server, and the DNS server can still answer queries.

DNS request timed out.
Timeout was <x> seconds.
*** Can't find server name for address <IP Address>: Timed out
*** Default servers are not available
Default Server: Unknown
Address: <IP address of DNS server>

The following message means that a request timed out. This might happen, for example, if the DNS service was not running on the DNS server that is authoritative for the name.

*** Request to <Server> timed-out

The following message means that the server is not receiving requests on UDP port 53.

*** <Server> can't find <Name or IP address queried for>: No response from server

The following message means that this DNS server was not able to find the name or IP address in the authoritative domain. The authoritative domain might be on that DNS server or on another DNS server that this DNS server is able to reach.

*** <Server> can't find <Name or IP address queried for>: Non-existent domain

The following message generally means that the DNS server is running, but is not working properly. For example, it might include a corrupted packet, or the zone in which you are querying for a record might be paused. However, this message can also be returned if the client queries for a host in a domain for which the DNS server is not authoritative and the DNS server cannot contact its root servers, or is not connected to the Internet, or has no root hints.

*** <Server> can't find <Name or IP address queried for>: Server failed.

 

[neutec]

compgirlfhredi I ned to give you a star because you know way too much about NSLOOKUP.

Thanks for the infomation

 

[compgirlfhredi]

Use the following process to verify that your DNS server is started and can answer queries.
· Make sure that your server has basic network connectivity
· Make sure that the server can answer both simple and recursive queries from the Monitoring tab in the DNS console.
· From a client, use Nslookup to look up a domain name and the name of a host in the domain.
· On the server, run netdiag to make sure the server is working properly and that the resource records Netlogon needs are registered on a DNS server.
· Make sure that the server can reach a root server by typing the following:
nslookup
server <IP address of server>
set querytype=NS
· Make sure that there is an A and PTR resource record configured for the server.
Verifying That the Forward Lookup Zone Is Properly Configured
After you create a forward lookup zone, you can use Nslookup to make sure it is properly configured and to test its integrity to host Active Directory. To start Nslookup, type the following
Nslookup
server <IP address of server on which you created zone>
set querytype=any
Nslookup starts. If the resolver cannot locate a PTR resource record for the server, you see an error message, but you are still able to perform the tests in this section.
To verify the zone is responding correctly, simulate a zone transfer by typing the following:
ls -d <domain name>
If the server is configured to restrict zone transfers, you might see an error message in Event Viewer. Otherwise, you see a list of all the records in the domain.
Next, query for the SOA record by typing the following and pressing ENTER:
<domain name>
If your server is configured correctly, you see an SOA record. The SOA record includes a &quot;primary name server&quot; field. To verify that the primary name server has registered an NS record, type the following:
set type=ns
<domain name>
If your server is configured correctly, you see an NS record for the name server.
Make sure that the authoritative name server listed in the NS record can be contacted to request queries by typing the following:
server <server name or IP address>
Next, query the server for any name for which it is authoritative.
If these tests are successful, the NS record points to the correct hostname, and the hostname has the correct IP address associated with it.

 

[ricpinto]

I like you compgirlfhredi, yours is very impormative. Even a newbie can understand very well. Now maybe you can help us on why sometimes the srv records folder ( _msdcs, _sites, _tcp, _udp ) does not appear during installation of DNS and if you reinstall with exactly the same step then it will appear. Thanks

 

[compgirlfhredi]

It is assumed that a basic installation of DNS has already occurred, (including the creation of at least one forward and one reverse lookup zone); thats when you discover that the required four sub-folders of the forward lookup zone have not been created. These are the “_msdcs”, “_sites”, “_tcp”, and “_udp” sub-folders.

The presence of these folders indicates the correct creation of the SRV records, and is critical to the correct functioning of Active Directory services. Indeed, as many of us have discovered, the success of many Windows 2000 functions rests on these DNS and Active Directory services. Here is how to fix them...

1) In the DNS console, begin by right clicking on the forward lookup zone, select “Properties”, and then insure that “Allow Dynamic Updates” is set to “Yes”. Do the same for the reverse lookup zone.

2) Exit (close) the DNS console. In the “Properties” page for the LAN connection, double click TCP/IP. Insure that the primary DNS server is set to your own (static) IP address. Click the Advanced button, and select the DNS tab. Find the check box near the bottom labeled “Register this connection’s addresses in DNS ” and insure that it is checked. Click “O.K.” to exit out of this series of dialogs.

3) Go to the command prompt. Type “ipconfig /registerdns” The OS will respond with a message indicating that this connection’s configuration will be registered with the DNS service, and any error messages can be found in the “Event Log” in 15 minutes.

4) While still at the command prompt, type “net stop netlogon”. Wait for this to complete, then type “net start netlogon”.

5) Re-start a DNS console. Expand the forward lookup zone to check for the presence of the four sub-folders mentioned above. If they have now appeared, where they could not be found before, congratulate yourself on a job well done.


*note- follow these steps in order!

 

[compgirlfhredi]

Get a list of all the IP Addresses as well as aliases assigned within a Domain.

You can grab that information if the DNS server allows zone transfers.
The zone transfer is the method a secondary DNS server uses to update its information from the primary DNS server. DNS servers within a domain are organized using a master-slave method where the slaves get updated DNS information from the master DNS. One should configure the master DNS server to allow zone transfers only from secondary (slave) DNS servers but this is often not implemented.

You do not have to have DNS to request a zone transfer. You can issue a zone transfer request using the nslookup client. To dump the DNS records from your current domain, lets says, its wayne.net:

Type nslookup at the commandline (NT example). This starts nslookup in interactive mode. It will respond with the name and ip address of your default DNS server:

Default Server: dns01.wayne.net
Address: 10.10.10.1
>


To get a list of commands available, type set all. For the more important set options:

set d2 : puts nslookup in debug mode, so you can examine query and response packets between the resolver and server

set domain=<domain name> : tells the resolver which domain name to append to queries not FQDN

set timeout=<timeoutdurationinseconds> : for slow links

set type=<recordtype> : which type of records to search for ( A, PTR, SRV, or ALL)

You can get help at the nslookup command prompt by typing:

> help

To dump all available records, assuming zone transfers are enabled, issue the following commands:

> set type=any
> ls -d wayne.net > dns.wayne.net
> exit

The ls -d wayne.net command requested all records for the domain be dumped in a file named &quot;dns.wayne.net&quot;. If dns1 is not authoritative for the domain, you can change which DNS server you wish to dump records using the command:

> server 10.10.10.2

Default Server: dns02.wayne.net
Address: 10.10.10.2 >

If successful, the dump file will have lines such as:

> ls -d wayne.net
[dns1.wayne.net]
wayne.net. SOA dns04.wayne.net wayne.dns04.wayne.net. (3301 10800 3600 604800 86400)
wayne.net. NS dns04.wayne.net
wayne.net. NS dns02.wayne.net
wayne.net. NS dns01.wayne.net
wayne.net. NS dns05.wayne.net
wayne.net. MX 10 email.wayne.net
rsmithpc TXT &quot;smith, robert payments 214-389-xxxx&quot;

rsmithpc A 10.10.10.21
wmaplespc TXT &quot;Waynes PC&quot;

wmaplespc A 10.10.10.10
wayne CNAME wmaplespc.wayne.net

You can see from the bits above, that there are multiple dns servers, that there is a email pop3 server, what my ip address is, ...


The ls -d command, emulates a zone transfer. You can also get a listing by using the ls -t to get a list of the members of a domain.

 

[boltblue]

Has anyone encountered this internet connection issue? There are 2 sites connected through a VPN via different ISP/DSL provider. Both LAN's are using Netopia R910 router.The 2 LAN's work perfectly until a virus popped-up or one of the site seems hacked.The following are my observations on 1 site.
1) when all 30 PC's are connected they couldn't access the internet.
2) DNS is provided by Windows 2000 server.NSLOOKup can not see internet domains.
3) I isolated the issue by connecting 1 workstation only, the server and the router to 1 switch/hub then BINGO I'am able to connect to the internet.
4)If I connect all the 30 PC's then again the problem of not being able to connect to the internet occurs. of course NSLOOKUP can't see any domain including my DNS server.
5) I had disinfected all PC's with welchia worm and even used the welchia virus tool remover from symantec.
6) Obviously it's a DNS issue. Is it a collision issue?

Can anyone shed light on this so I can get those PC's connected to the internet?

Thank you very much for your time.

Boltblue

 

[ricpinto]

compgirlfhredi:

Thanks, I'll do your suggestions when I can duplicate the error again and yes I will congratulate myself when it's successful.

Boltblue:

Maybe you did further testing to conclude it's DNS problem because if I'm in your situation I will be thinking of a physical network connection problem at once. How far did you troubleshoot besides the above testing. Is the PC used in the isolating case is part of the original 30 PCs? What's the result for both the PC and server ipconfig/all? If there's a result can you ping gateway ip address or can you ping server name from the PC?

 

[boltblue]

Ricpinto (ricdoor)

Based on my homework and exhaustive persistence to resolve the issue. I found out that the welchia worm is the culprit. When the worm is active, it will make your DNS run crazy and consumes a lot of network bandwidth and makes your router runs crazy too.
You need to update your windows 2000 pro to SP4, apply MS KB823980, update your anti-virus defintions, then run FixWelch.exe. Don't forget to run it also on your win2k server.


Boltblue