Nslookup "ls" Command Generates "***Can't List Domain" Error Message

ID: Q243849

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows NT Server, Enterprise Edition version 4.0

SYMPTOMS

When you use the ls command with the Nslookup tool, you may receive the following error message:

***Can't list domain name: Query refused


WORKAROUND

To work around this problem, type the TCP/IP address of the local Domain Name System (DNS) server in the notify list. The Nslookup ls command then runs successfully. However, DNS logs warning event 7062 once in the Event log:

DNS Server encountered a packet addressed to itself -- IP address w.x.y.z.
The DNS server should never be sending a packet to itself. This situation usually indicates a configuration error.
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
Q218814 DNS Server Logs Event 7062: 'DNS Server Encountered a Packet...'


RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp
The English-language version of this fix should have the following file attributes or later: 

   Date      Time    Version      Size    File name     Platform
   -------------------------------------------------------------
   11/05/99  04:42p               178,448 Dns.exe       x86
   11/05/99  04:41p               299,280 Dns.exe       Alpha


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

The error message described above occurs under the following circumstances:

  • You run the Nslookup ls command locally on your DNS server to list a local domain.


  • The Only Allow Access from Secondaries Included on Notify List option is enabled on your DNS server's zone, and the DNS server's local TCP/IP address is not entered in the notify list.


In this case, DNS assumes that a query of a non-authorized DNS server is received and the error message is returned.

The hotfix allows the Nslookup ls command to return successfully without adding the local TCP/IP address to the notify list. However, the following messages are logged in the Event log:
6000 (Informational) DNS_EVENT_ZONEXFR_START
DNS Server initiating transfer of zone %1 to DNS server at %2.

6001 (Informational) DNS_EVENT_ZONEXFR_SUCCESSFUL
DNS Server transfer of zone %1 to DNS server at %2, successfully completed.
NOTE: If you use the hotfix and unnecessarily add the local TCP/IP address to the DNS server's notify list, warning 7062 is still logged in the Event log once for every zone to which this applies. When you restart the DNS server, you also receive the warning once for every zone that has the server's local address in its notify list.

Additional query words:

Keywords : kberrmsg kbtool
Version : winnt:4.0
Platform : winnt
Issue type : kbbug


Last Reviewed: November 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.