DNS name resolution failure
is one of the common causes of Internet access problems. On a network
running Windows Server 2003 servers, the inability to resolve DNS names
can bring client activities to a standstill because Active Directory
relies on DNS and is responsible for controlling all client access to
Windows server resources. When a client’s attempts to resolve DNS names
fail, there are usually two possible causes: either the client is
incorrectly configured, or the DNS server itself is inaccessible or not
functioning properly.
Troubleshooting Client Configuration Problems
When a client reports a
failure to access a TCP/IP resource, such as a “Name Not Found” error
message, the first order of business is to determine whether the
computer has any TCP/IP connectivity at all. Once you have determined
that the computer is connected to the network and that it can access
TCP/IP resources, the usual method for isolating a name resolution
problem is to try accessing a server using its IP address instead of its
DNS name. If the computer can access the server using the IP address,
you know that the problem is related to the name resolution process.
The next order of
business is to check the client computer’s TCP/IP configuration
parameters. Assuming that the client is running Windows 2000 or Windows
XP, display a Command Prompt window, type ipconfig /all at the prompt, and press ENTER.
The resulting display contains all the computer’s TCP/IP settings,
including the IP addresses of the DNS servers it is configured to use.
Check to see that the
IP addresses listed under DNS Servers in the Ipconfig.exe display are
correct for a computer on the client’s network. If they are not correct,
you can modify them using Network Connections in Control Panel. If the
IP addresses of the DNS servers are correct, use the Ping.exe tool at
the command prompt to determine whether the client computer can contact
them. You do this by using the following syntax, where ipaddress is the address of the DNS server:
If
the ping test fails, you know that either the DNS server is not running
at all or a network connectivity problem is preventing the client from
accessing the DNS server. If you have already checked the client
computer’s general network connectivity, there might be a problem with
the router or other connection device that provides access to the
network on which the DNS server is located. If this is the case, follow
the protocol established at your organization for troubleshooting a
network connectivity problem. This protocol might require you to
escalate the incident to another technician or to begin the
troubleshooting process yourself. In either case, if the client’s
computer can access the network and is configured with the correct DNS
server addresses, you can be sure the problem lies elsewhere in the
network.
Troubleshooting DNS Server Problems
If a client computer
is able to access the network and you have ruled out other network
connectivity problems, the cause of the name resolution failures lies in
the DNS server itself. A variety of conditions can prevent DNS servers
from fulfilling their functions, as described in the following sections.
Nonfunctioning DNS Servers
If a client is unable
to ping a DNS server and there is no client configuration or network
connectivity problem, the DNS server itself might not be functioning or
might be suffering from its own configuration or connectivity problem.
Assuming the server is turned on and the operating system is running as
it should, you should begin by checking the server’s own TCP/IP client
configuration parameters.
|
Windows Server 2003
DNS servers should have static IP addresses. If the server is configured
to obtain its IP address from DHCP, make sure that the DHCP server is
manually allocating the address so that it never changes, and that the
DNS server is actually using the IP address the DNS clients are
configured to use. You can use the same ipconfig /all command to view the DNS server’s IP address and other TCP/IP settings, whether or not they are assigned by DHCP.
|
If
clients are able to ping the DNS server but are not receiving replies
to name resolution requests, the problem could be that the DNS Server
service is not running. Display the Services console, and check to see
that its status is Started. In nearly all cases, the Startup Type
selector for the DNS Server service should be set to Automatic. If the
Startup Type selector is set to Manual, it is likely that the server
restarted and no one manually started the DNS Server service. If the
Startup Type selector for the DNS Server service is Automatic and the
service is not running, either someone stopped it deliberately or a
problem caused it to stop. Check the logs in the Event Viewer console
for any indication of a problem, and check with your colleagues to see
whether someone is working on the server and has stopped it for a
reason.
If you can find no reason
for the DNS Server service to have stopped, you can try to start it
again. Then test it carefully to see whether it is functioning properly.
Tip
To
test the functionality of a Windows Server 2003 DNS server, display the
server’s Properties dialog box in the DNS console and then click the
Monitoring tab. Choose whether you want to perform a simple (iterative)
query or a recursive query test, and then click Test Now. Windows Server
2003 also includes a tool called Nslookup.exe, which you can use to
test the functionality of a specific DNS server from any location on the
network. |
Troubleshooting Incorrect Name Resolutions
In some cases,
client computers are able to complete the DNS name resolution process,
but the DNS server supplies them with outdated or incorrect information.
If the clients are attempting to resolve names for which the DNS server
is the authoritative source, it is possible that the DNS server has bad
information in its resource records. This could be attributable to any
of the following causes:
Incorrect resource records
If your DNS servers rely on administrators to manually create and
modify resource records, the possibility of typographical errors always
exists. If this is the case, the only solution is to manually check and
correct the resource records on the server.
Dynamic updates failed to occur
If you have configured your DNS servers to use dynamic updates and
those updates have not occurred for any reason, the server’s resource
records could contain incorrect or outdated IP addresses. In this event,
you can correct the resource records manually, or you can trigger a new
dynamic update by traveling to the computer whose resource record is
wrong and typing ipconfig /registerdns at a command prompt. This causes
the DNS client on the computer to re-register its IP address with the
DNS server. If dynamic updates still fail to occur, check to see whether
the server supports them and is configured to accept them.
Zone transfers failed to occur
If the DNS server is incorrectly resolving names from a secondary zone,
it is possible that a zone transfer has failed to occur, leaving
outdated information in the secondary zone database file. Try to
manually trigger a zone transfer by right-clicking the secondary zone
and choosing Transfer From Master. If the zone transfer still does not
occur, the problem might be due to incompatible DNS server
implementations, such as different compression formats or unsupported
resource record types. If this is the case, you might have to update the
secondary zone’s resource records manually, until you can update one or
both servers to compatible DNS software implementations.
If
the DNS server supplying incorrect information is not the authority for
the names it is resolving, it is possible that the server’s cache
contains incorrect or outdated information. The best solution for this
problem is to clear the cache, which you do in Windows Server 2003 by
clicking the server’s icon in the DNS console and, from the Action menu,
selecting Clear Cache.
Caution
DNS
servers supplying incorrect information, whether from their own zones
or from the cache, might be doing so because an unauthorized user has
planted the incorrect information or polluted the cache. |
Troubleshooting Outside Name Resolution Failures
In some cases, you
might discover that a DNS server can successfully resolve names for
which it is the authority but fails to resolve names in other domains.
This problem is typically due to a recursion failure, meaning that the
server either is not forwarding queries for other domains to the
appropriate place or is not forwarding queries at all.
One possible cause of recursion failures is that the server is configured with incorrect root hints. Root hints
are a DNS server’s list of root name server addresses, which it uses to
resolve names outside its domain. If the server cannot contact one of
the root name servers, it cannot discover the IP addresses of the
authoritative servers for the domain that contains the name it is trying
to resolve. The DNS server in Windows Server 2003 comes preconfigured
with root hints for the Internet root name servers, as shown in Figure 1.
