I have an issue in a windows domain where from workstations I can only
resolve to simple hostnames, but not to the fully qualified hostname. For
example I can ping to machine1 but not to machine1.domain.local . I have 2
Win2k3 DC’s running DNS and WINS. On each one of these, I can ping either
name. I’ve checked this behavior on 3 workstations ,and it is the same on
all. Adapter info on the workstations look correct, DNS,WINS, DNS suffixes
all look correct.

In the last few weeks we have added a trust relationship with another domain
across a static VPN. This may have been when this situation started, but I
am not sure. The admin at the other location set up the trust and we have
looked at this together, but have not found anything unusual. I do see in
the event log at random intervals, events: 6001, 3150, 6522 with messages
about zone transfers between the domains and DNS servers. Not working much
with multiple domains is a zone transfer operation what we should be seeing?

Reviewing the DNS for either domains, the only strange thing I’ve seen is
that I have hostnames listed more than once with, each entry having a
different IP address. I assumed some of these are old records from expired
DHCP leases. I have set DNS scavenge old records on all domains, started this
from the DNS console. On this I get an event id: 2502 – “The DNS server has
completed a scavenging cycle but no nodes were visited. “

I hope someone can with this issue.

Thanks in advance
LThibx

Read inline please.

In news:06FD33CE-6191-4009-BF09-268429455C1A@microsoft.com,
LThibx <lthibx@discussions.microsoft.com> typed:
> I have an issue in a windows domain where from workstations I can only
> resolve to simple hostnames, but not to the fully qualified hostname.
> For example I can ping to machine1 but not to machine1.domain.local .
> I have 2 Win2k3 DC's running DNS and WINS. On each one of these, I
> can ping either name. I've checked this behavior on 3 workstations
> ,and it is the same on all. Adapter info on the workstations look
> correct, DNS,WINS, DNS suffixes all look correct.

I'm trying to make some sense out of how this could even be possible. Unless
when you use ping it is not getting the name machine1 from DNS in the first
place, it could be using NetBIOS resolution from WINS or NetBIOS broadcasts.
Ping is not the proper tool for testing DNS resolution, nslookup is the
built in tool for testing DNS.
Use nslookup -d2 machine1, if it returns the correct IP address, look
through the entire results to see what the suffix was that nslookup appended
to find machine1.

Have you checked the DNS database to see if machine1 is even in the list of
records in the zone domain.local?
Make sure you have the local DNS only listed in TCP/IP properties.


>
> In the last few weeks we have added a trust relationship with another
> domain across a static VPN. This may have been when this situation
> started, but I am not sure. The admin at the other location set up
> the trust and we have looked at this together, but have not found
> anything unusual. I do see in the event log at random intervals,
> events: 6001, 3150, 6522 with messages about zone transfers between
> the domains and DNS servers. Not working much with multiple domains
> is a zone transfer operation what we should be seeing?

You should be seeing zone transfer events if you have set up secondary
zones. If the secondary zones are for primary zones that are getting DDNS
updates, you might see a lot of zone transfers. Which is why I use a Sub
zone or conditional forwarder for trusted domains.

>
> Reviewing the DNS for either domains, the only strange thing I've
> seen is that I have hostnames listed more than once with, each entry
> having a different IP address. I assumed some of these are old
> records from expired DHCP leases. I have set DNS scavenge old records
> on all domains, started this from the DNS console. On this I get an
> event id: 2502 - "The DNS server has completed a scavenging cycle but
> no nodes were visited. "

Reverse lookup zones are notorious for having multiple entries for the same
IP address. This is because by default, the DNS client does not release its
lease on shutdown, if it boots up and gets a different IP address, its old
PTR is left in place. Any new machine that gets the IP address, can't update
a PTR created by another machine. If you are using Win2k3 DHCP, you can give
the DHCP server credentials for a dedicated user account, and add Advanced
Windows 2000 DHCP option 002 (Release lease on shutdown) to this. But
it won't for leases given to laptops that are usually just disconnected
from the network.

How to configure DNS dynamic updates in Windows Server 2003:
http://support.microsoft.com/default...b;en-us;816592


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

--
Kevin,

Thanks very much for your quick response.

I ran the nslookup and it returned the correct results, no errors, correct
IP address and correct domain suffix appended. (I can post this if
necessary). The machines in my network do show up in DNS. My DHCP server is
my SonicWall router. My DNS addresses come from there.
I have them set as the address for my primary DC/DNS server and DNS for my
ISP. I use this setup so that users can still access the internet should
either or both of my W2k3 servers be down (hardly ever). My current server’s
DNS forwarder to the DNS on the other domain (this was changed recently by
the admin setting up the trust).

I don’t think there is any problem in regards to the hostname / multiple IP
issue in the FLZ. Reviewing again, most of these are notebooks that have
both wired and wireless connections, or a desktop or two, that have moved
physical locations over time. A few stray records in RLZ, but I believe this
is a non situation.

I first noticed this issue about not resolving FQHNs on my personal
notebook, which is not part of this domain. I have an email account in my
Outlook setup that I had set the SMTP server to smtp.domain.local (smtp setup
as a hostname in DNS), so I could send email using the PDC’s SMTP server.
This has been setup this way for years now. About two weeks ago, I noticed
this no longer worked and I had to change my Outlook setup to the IP address
of the PDC in order to send email. I have also seen this on other domain
machines where I have applications that depend on SMTP to send messages. In a
recent setup I could not use the smtp.domain.local hostname, I had to set the
application to use the server’s IP address. So this is an example that not
only does this issue surface in pinging FQHNs, but also the resolvement from
client applications. Again, in the two weeks the only change is the trust
relationship setup, that’s why this makes me think it has something to do
with that change.

At this point I am able to work around this issue, but I know the situation
is not correct.

Thanks again for your assistance.


LThibx



"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:06FD33CE-6191-4009-BF09-268429455C1A@microsoft.com,
> LThibx <lthibx@discussions.microsoft.com> typed:
> > I have an issue in a windows domain where from workstations I can only
> > resolve to simple hostnames, but not to the fully qualified hostname.
> > For example I can ping to machine1 but not to machine1.domain.local .
> > I have 2 Win2k3 DC's running DNS and WINS. On each one of these, I
> > can ping either name. I've checked this behavior on 3 workstations
> > ,and it is the same on all. Adapter info on the workstations look
> > correct, DNS,WINS, DNS suffixes all look correct.
>
> I'm trying to make some sense out of how this could even be possible. Unless
> when you use ping it is not getting the name machine1 from DNS in the first
> place, it could be using NetBIOS resolution from WINS or NetBIOS broadcasts.
> Ping is not the proper tool for testing DNS resolution, nslookup is the
> built in tool for testing DNS.
> Use nslookup -d2 machine1, if it returns the correct IP address, look
> through the entire results to see what the suffix was that nslookup appended
> to find machine1.
>
> Have you checked the DNS database to see if machine1 is even in the list of
> records in the zone domain.local?
> Make sure you have the local DNS only listed in TCP/IP properties.
>
>
> >
> > In the last few weeks we have added a trust relationship with another
> > domain across a static VPN. This may have been when this situation
> > started, but I am not sure. The admin at the other location set up
> > the trust and we have looked at this together, but have not found
> > anything unusual. I do see in the event log at random intervals,
> > events: 6001, 3150, 6522 with messages about zone transfers between
> > the domains and DNS servers. Not working much with multiple domains
> > is a zone transfer operation what we should be seeing?
>
> You should be seeing zone transfer events if you have set up secondary
> zones. If the secondary zones are for primary zones that are getting DDNS
> updates, you might see a lot of zone transfers. Which is why I use a Sub
> zone or conditional forwarder for trusted domains.
>
> >
> > Reviewing the DNS for either domains, the only strange thing I've
> > seen is that I have hostnames listed more than once with, each entry
> > having a different IP address. I assumed some of these are old
> > records from expired DHCP leases. I have set DNS scavenge old records
> > on all domains, started this from the DNS console. On this I get an
> > event id: 2502 - "The DNS server has completed a scavenging cycle but
> > no nodes were visited. "
>
> Reverse lookup zones are notorious for having multiple entries for the same
> IP address. This is because by default, the DNS client does not release its
> lease on shutdown, if it boots up and gets a different IP address, its old
> PTR is left in place. Any new machine that gets the IP address, can't update
> a PTR created by another machine. If you are using Win2k3 DHCP, you can give
> the DHCP server credentials for a dedicated user account, and add Advanced
> Windows 2000 DHCP option 002 (Release lease on shutdown) to this. But
> it won't for leases given to laptops that are usually just disconnected
> from the network.
>
> How to configure DNS dynamic updates in Windows Server 2003:
> http://support.microsoft.com/default...b;en-us;816592
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
>
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>
>

Read inline please.

In news:15708571-6C9C-4F9E-AA42-DBF8B421E2F1@microsoft.com,
LThibx <lthibx@discussions.microsoft.com> typed:
> I have them set as the address for my primary DC/DNS server and DNS for my
> > ISP. I use this setup so that users can still access the internet
> should
> either or both of my W2k3 servers be down (hardly ever).

You absolutely must remove the ISP DNS server, you cannot use it in any
position.
You have to understand how the DNS client works, if the internal DNS does
not answer within one second, the client will switch to the Alternate DNS,
if it answers, (Non-existent domain is an answer) the DNS client service
will make it the preferred DNS for impending queries until the TCP/IP stack
is reset or 15 minutes.
Do you think your ISP's DNS will resolve machine1.domain.local?
No it won't, but it will answer non-existent domain, and the client will
continue to use it for the preferred DNS.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s

===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================