Lesson 3: Monitoring and Troubleshooting DNS for Active Directory Directory Service

This lesson explains the monitoring options available for DNS servers. It also describes problems you may encounter that relate to configuring DNS for Active Directory and possible solutions to these problems.

After this lesson, you will be able to

  • Monitor DNS server
  • Troubleshoot DNS configuration for Active Directory

Estimated lesson time: 10 minutes

Monitoring DNS Servers

Windows 2000 Server includes options for monitoring DNS servers:

  • Default logging of DNS server event messages to the DNS server log
  • Additional debug options for trace logging to a text file on the DNS server computer

DNS Server Event Logging

For Windows 2000 Server, DNS server event messages are kept separate from events raised by other applications and services in the DNS server log, which can be viewed using Event Viewer. The DNS server log contains basic predetermined events logged by the DNS server service, such as when the DNS server starts and stops.

You can also use Event Viewer to view and monitor client-related DNS events. These events appear in the system log and are written by the DNS client service at any computers running Windows 2000 (all versions).

Debug Options

The DNS console allows you to set additional logging options to create a temporary trace log as a text-based file of DNS server activity. The file created and used for this feature, DNS.LOG, is stored in the systemroot\System32\DNS folder. For Windows 2000 DNS servers, the debug logging options described in Table 18.2 are supported for use.

Table 18.2 DNS Server Debug Logging Options

Logging optionDescription
QueryLogs queries received by the DNS server service from clients
NotifyLogs notification messages received by the DNS server service from other servers
UpdateLogs dynamic updates received by the DNS server service from other computers
QuestionsLogs the contents of the question section for each DNS query message processed by the DNS server service
AnswersLogs the contents of the answer section for each DNS query message processed by the DNS server service
SendLogs the number of DNS query messages sent by the DNS server service
ReceiveLogs the number of DNS query messages received by the DNS server service
UDPLogs the number of DNS requests received by the DNS server service over a UDP port
TCPLogs the number of DNS requests received by the DNS server service over a TCP port
Full PacketsLogs the number of full packets written and sent by the DNS server service
Write ThroughLogs the number of packets written through by the DNS server service and back to the zone

By default, all debug logging options are disabled. When selectively enabled, the DNS server service can perform additional trace-level logging of selected types of events or messages for general troubleshooting and debugging of the server.

Debug logging can be resource-intensive, affecting overall server performance and consuming disk space. Therefore, it should only be used temporarily when more detailed information about server performance is needed.

Follow these steps to set DNS Server debug options:

  1. In the DNS console tree, right-click the name server, and then click Properties.
  2. On the Logging tab, select the debug options you want to log, and then click OK.

DNS Troubleshooting Scenarios

Table 18.3 describes some zone problems you may encounter and possible solutions to these problems.

Table 18.3 Troubleshooting Scenarios for Zone Problems

Symptom: A problem related to zone transfers
The DNS server service is stopped or the zone is paused.Verify that the master (source) and secondary (destination) DNS servers involved in completing transfer of the zone are both started and that the zone is not paused at either server.
The DNS servers used during a transfer do not have network connectivity with each other.Eliminate the possibility of a basic network connectivity problem between the two servers. Using the Ping command, ping each DNS server by its IP address from its remote counterpart. Both ping tests should succeed. If not, investigate and resolve intermediate network connectivity issues.
The serial number is the same at both the source and destination servers. Because the value is the same at both servers, there is no zone transfer between the servers.Using the DNS console, perform the following tasks: On the Start of Authority (SOA) tab, increase the value of the serial number for the zone at the master server (source) to a number greater than the value at the applicable secondary server (destination). Initiate zone transfer at the secondary server.
The master server (source) and its targeted secondary server (destination) are having interoperability-related problems.Investigate possible causes for any problems related to interoperability between Windows 2000 DNS servers and other DNS servers running different implementations, such as an older version of the Berkeley Internet Name Domain (BIND) distribution.
The zone has resource records or other data that cannot be interpreted by the DNS server.Verify that the zone does not contain incompatible data, such as unsupported resource record types or data errors. Also, verify that the server has not been configured in advance to prevent loading a zone when bad data is found and investigate its method for checking names. These settings can be configured using the DNS console.
Authoritative zone data is incorrect.If a zone transfer continues to fail, ensure that the zone does not contain nonstandard data. To determine if erroneous zone data is a likely source for a failed zone transfer, look in the DNS server event log for messages.
Symptom: Zone delegation appears to be broken
Zone delegations are not configured correctly.Review how zone delegations are used and revise your zone configurations as needed.

Table 18.4 describes some problems you may encounter with dynamic updates and possible solutions to these problems.

Table 18.4 Troubleshooting Scenarios for Dynamic Updates

Symptom: The client is not performing dynamic updates
The client (or its Dynamic Host Configuration Protocol [DHCP] server) does not support the use of the DNS dynamic update protocol.Verify that your clients or servers support the DNS dynamic update protocol using the options for dynamic update support provided in Windows 2000. In order for client computers to be registered and updated dynamically with a DNS server, either, you must have installed or upgraded client computers to Windows 2000 or you must have installed and be using a Windows 2000 DHCP server on your network to lease client computers.
The client was not able to register and update with the DNS server because of missing or incomplete DNS configuration.Verify that the client is fully and correctly configured for DNS, and update its configuration as needed. To update the DNS configuration for a client, either configure a primary DNS suffix at the client computer for static TCP/IP clients or configure a connection-specific DNS suffix for use at one of the installed network connections at the client computer.
The DNS client attempted to update its information with the DNS server but failed because of a problem related to the server.If a client can reach its preferred and alternate DNS servers as configured, it is likely that the cause of its failed updates can be found elsewhere. At Windows 2000 client computers, use Event Viewer to check the System log for any event messages that explain why attempts by the client to dynamically update its host (A) or pointer (PTR) resource records failed.
The DNS server does not support dynamic updates.Verify that the DNS server used by the client can support the DNS dynamic update protocol, as described in RFC 2136. For Windows DNS servers, only Windows 2000 DNS servers support dynamic updates. The DNS server provided with Windows NT Server 4.0 does not.
The DNS server supports dynamic updates but is not configured to accept them.Verify that the primary zone where clients require updates is configured to allow dynamic updates. For Windows 2000 DNS servers, the default for a new primary zone is to not accept dynamic updates. At the DNS server that loads the applicable primary zone, modify zone properties to allow updates.
The zone database is not available.Verify that the zone exists. Verify that the zone is available for update. For a standard primary zone, verify that the zone file exists at the server and that the zone is not paused. Secondary zones do not support dynamic updates. For Active Directory—integrated zones, verify that the DNS server is running as a domain controller and has access to the Active Directory database where zone data is stored.

Lesson Summary

In this lesson you learned about the monitoring options available for DNS servers. You also examined some DNS configuration problems you may encounter and possible solutions to these problems.

MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
Year: 2004
Pages: 244

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net