Information Technology Reference
In-Depth Information
Before you can begin troubleshooting DNS queries efficiently, you need a clear picture in
your mind of the DNS lookup process. Earlier in the chapter, an example was given but didn't
factor in variables such as the Hosts file, cache, and forwarders. Taking these factors into
account, a DNS lookup involves the following steps, starting with the DNS client:
1. Check the local DNS cache, which contains the contents of the Hosts file.
2. Query the DNS server with a recursive lookup.
If the address is resolved in Step 1, it's returned to the requesting application, and the process
is completed. After Step 2 has been initiated, the query is in the hands of the DNS server being
queried, and the following steps occur on this server:
3. Check local zone data.
4. Check locally cached data.
5. Query root server or configured forwarders.
Remember that Step 3 can include primary zones, secondary zones, and stub zones as well
as delegated zones. At Step 5, the recursive query process continues until the name is resolved or
a failed message is returned. At this point, however, the lookup process is largely out of the local
administrator's hands.
When troubleshooting a query, you want to eliminate the easy things first, which usually
means verifying the client configuration. To verify DNS configuration, use these Ipconfig
options:
• /all—Displays IP addresses of the configured DNS servers as well as the DNS suffix search
list.
• /displaydns—Displays the local DNS cache, which also has the contents of the Hosts file.
• /flushdns—Deletes the local DNS cache. Sometimes the local cache is big, and spotting a
problem could be difficult. Deleting the cache is harmless and can save you from wading
through dozens of cached entries.
After these steps, double-check the Hosts file to make sure you didn't miss something when
you displayed the local cache.
If everything checks out on the client, your job just got tougher. You'll probably want to pro-
ceed with analyzing the DNS server the client uses, including examining the following:
•
Locally cached data
—Stale records can return incorrect results. If you suspect records are
stale, delete the cache or the suspect domains in the cache.
•
DNS Server log
—Use Event Viewer to view the DNS Server log, or use DNS Manager to
view the DNS Events node under the Global Logs node. Both applications record the same
information. Look for warning or error messages indicating service failures or zone trans-
fer or replication failures.
•
Verify Active Directory replication
—You can use Dnslint to verify that the correct resource
records exist for Active Directory replication. The dnslint /ad /s localhost /v command gen-
erates a report in HTML format and opens the report in Internet Explorer. Warnings and
errors are color-coded in the report.
•
Verify zone transfers
—Nslookup can request records from an entire zone. On a server
hosting secondary zones, use Nslookup in interactive mode by typing nslookup and press-
ing Enter. Change the server to the primary DNS server for the zone with the server
server-
name
command, and then use ls -d
domain
(substituting the name of the zone you want to
verify for
domain
). If zone transfers aren't working, you get a “query refused” message.
Otherwise, the zone data is displayed. Also, verify the settings in the Zone Transfer tab on
the primary server to make sure the secondary server is in the server list or that any server
can request zone transfers.
•
Verify zone delegations
—Dnslint can be used for this task, too. Use the dnslint /d
delegated-
zone
/s
IP_of_authoritative_server
command to produce a report to verify the delegation.
Search WWH ::
Custom Search