Windows 2000 DNS

Troubleshooting Tools

Windows 2000 provides many tools that can help you diagnose and solve problems with DNS. This section discusses the following tools:

Nslookup You can use Nslookup to perform DNS queries and to examine the contents of zone files on local and remote servers.

Ipconfig You can use Ipconfig to view DNS client settings, display and flush the resolver cache, and force a dynamic update client to register its DNS records.

Event Viewer You can use Event Viewer to view DNS client and server error messages.

DNS Log You can configure the DNS server to monitor certain events and log them in the DNS log for your examination.

Network Redirector Command You can stop DNS client caching and flush the cache by using the network redirector commands net start and net stop.

Monitoring in the DNS Console You can perform test queries by using options on the Monitoring tab in the DNS console.

You can examine the packets that the DNS servers on your network send and receive by using Network Monitor. For more information about Network Monitor, see "Monitoring Network Performance" in the Microsoft® Windows® 2000 Server Resource Kit Server Operations Guide.

You can also use the Netdiag tool to quickly identify problems with your DNS configuration. For more information about Netdiag, see "TCP/IP Troubleshooting" in this book.

Nslookup

Nslookup is a standard command-line tool provided in most DNS server implementations, including Windows 2000. Nslookup offers the ability to perform query testing of DNS servers and obtain detailed responses at the command prompt. This information can be useful for diagnosing and solving name resolution problems, for verifying that resource records are added or updated correctly in a zone, and for debugging other server-related problems. This section describes how to perform troubleshooting tasks and lists and explains Nslookup error messages.

For information about the exact syntax of Nslookup, see Windows 2000 Server Help, or in Nslookup, type help at the command prompt.

Performing Simple Tasks with Nslookup

This section describes how to perform the following simple troubleshooting tasks:

Use Nslookup in non-interactive mode to look up a single piece of data
Enter interactive mode and use the debug feature
Perform the following tasks from within interactive mode:
- Set options for your query
- Look up a name
- Look up records in a zone
- Perform zone transfers
- Exit Nslookup

Note

When you are entering queries, it is generally a good idea to enter FQDNs, so you can control what name is submitted to the server. However, if you want to know which suffixes are added to unqualified names before they are submitted to the server, you can enter Nslookup in debug mode and then enter an unqualified name.

To use Nslookup in non-interactive mode

Type the following and then press ENTER:
nslookup <name> <server>

where name is the owner of the record you are looking for, and server is the server you want to query.

With interactive mode, you can look up more than one piece of data. Starting Nslookup with the command-line parameter -d2 puts Nslookup in interactive mode with verbose debugging enabled. Verbose debugging enables you to examine the query and response packets between the resolver and the server.

To start Nslookup in interactive mode

Type the following and then press ENTER:
nslookup [-d2]

To exit interactive mode

At the Nslookup prompt, type:
exit

In interactive mode, you can use the set command to configure how the resolver will carry out queries. Table 6.14 shows a few of the options available with set:

Table 6.14 Command-Line Options Available With Set

Option	Purpose
set all	Shows all the options available with the set option.
set d2	Puts Nslookup in debug mode, so you can examine the query and response packets between the resolver and the sever.
set domain=<domain name>	Tells the resolver what domain name to append for unqualified queries.
set timeout=<time-out>	Tells the resolver what time-out to use. This option is useful for slow links where queries frequently time-out and the wait time must be lengthened.
set type=<record type> – Or – set querytype=<record type> – Or – set q=<record type>	Tells the resolver what type of resource records to search for (for example, A, PTR, or SRV). If you want the resolver to query for all types of resource records, type set type=all.

You can look up a single name.

To look up names from interactive mode

Type the following:
<name> [server]

where name is the owner name for the record you are looking for, and server is the server that you want to query.

You can use the wildcard character (*) in your query. For example, if you want to look for all resource records that have "K" as the first letter, you can type the following:

K*

You can view the contents of a domain.

To view the contents of a domain

Type the following:
set type=<record type>

ls -t <domain name>

where record type is the type of record (use any to view all resource records) and domain name is the name of the domain you want to view.

By adding the -d switch, you can simulate and test a zone transfer. This can help you determine whether or not the server you are querying allows zone transfers to your computer.

To simulate a zone transfer

Type the following:
ls -d <domain name>

Nslookup provides help from the Nslookup prompt.

To get help from interactive mode

At the Nslookup command prompt, type help or ?.

Nslookup Errors

A successful Nslookup response looks like this:

Server: <Name of DNS server>

Address: <IP address of DNS server>

<Response data>

Nslookup might also return one of several errors. The following message means that the resolver did not locate a PTR resource record (containing the host name) for the server IP address. Nslookup can still query the DNS server, and the DNS server can still answer queries. For more information about using Nslookup to verify your DNS configuration, see "Verifying Your Basic DNS Configuration" later in this chapter.

DNS request timed out.

Timeout was <x> seconds.

*** Can't find server name for address <IP Address>: Timed out

*** Default servers are not available

Default Server: Unknown

Address: <IP address of DNS server>

The following message means that a request timed out. This might happen, for example, if the DNS service was not running on the DNS server that is authoritative for the name.

*** Request to <Server> timed-out

The following message means that the server is not receiving requests on UDP port 53. For more information about troubleshooting server problems, see "Checking the DNS Server for Problems" later in this chapter.

*** <Server> can't find <Name or IP address queried for>: No response from server

The following message means that this DNS server was not able to find the name or IP address in the authoritative domain. The authoritative domain might be on that DNS server or on another DNS server that this DNS server is able to reach.

*** <Server> can't find <Name or IP address queried for>: Non-existent domain

The following message generally means that the DNS server is running, but is not working properly. For example, it might include a corrupted packet, or the zone in which you are querying for a record might be paused. However, this message can also be returned if the client queries for a host in a domain for which the DNS server is not authoritative and the DNS server cannot contact its root servers, or is not connected to the Internet, or has no root hints.

*** <Server> can't find <Name or IP address queried for>: Server failed.

Using IPConfig

You can use the command-line tool Ipconfig to view your DNS client settings, to view and reset cached information used locally for resolving DNS name queries, and to register the resource records for a dynamic update client.

If you use Ipconfig with no parameters, it displays DNS information for each adapter, including the domain name and DNS servers used for that adapter.

Table 6.15 shows some command-line options available with Ipconfig.

Table 6.15 Ipconfig Command-Line Examples

Command	Action
ipconfig /all	Displays additional information about DNS, including the FQDN and the DNS suffix search list.
ipconfig /flushdns	Flushes and resets the DNS resolver cache. For more information about this option, see "Viewing and Displaying the Cache" earlier in this chapter.
ipconfig /displaydns	Displays the contents of the DNS resolver cache. For more information about this option, see "Viewing and Displaying the Cache" earlier in this chapter.
ipconfig /registerdns	Refreshes all DHCP leases and registers any related DNS names. This option is available only on Windows 2000–based computers that run the DHCP Client service. For more information about this option, see "Dynamic Update and Secure Dynamic Update" earlier in this chapter.
ipconfig /release [adapter]	Releases all DHCP leases.
ipconfig /renew [adapter]	Refreshes all DHCP leases and dynamically updates DNS names. This option is available only on systems that are running the DHCP Client service.

Event Viewer

The Event Viewer logs errors with the Windows 2000 operating system and services such as the DNS server. If you are having problems with DNS, you can check Event Viewer for DNS-related events.

To open the event viewer

Click Start, point to Programs, point to Administrative Tools, and then click Event Viewer.
To view messages about the DNS server, click DNS Server.

– Or –

To view messages about the DNS client, click System Log.

For more information about Event Viewer, see Windows 2000 Help.

DNS Log

You can configure the DNS server to create a log file that records the following types of events:

Queries
Notification messages from other servers
Dynamic updates
Content of the question section for DNS query message
Content of the answer section for DNS query messages
Number of queries this server sends
Number of queries this server has received
Number of DNS requests received over a UDP port
Number of DNS requests received over a TCP port
Number of full packets sent by the server
Number of packets written through by the server and back to the zone

The DNS log appears in % SystemRoot%\System32\dns\Dns.log. Because the log is in RTF format, you must use WordPad to view it.

You can change the directory and file name in which the DNS log appears by adding the following entry to the registry with the REG_SZ data type:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS
\Parameters\LogFilePath

Set the value of LogFilePath equal to the file path and file name where you want to locate the DNS log.

By default, the maximum file size of Dns.log is 4 MB. If you want to change the size, add the following entry to the registry with the REG_DWORD data type:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS
\Parameters\LogFileMaxSize

Set the value of LogFileMaxSize equal to the desired file size in bytes. The minimum size is 64 Kb.

Once the log file reaches the maximum size, Windows 2000 writes over the beginning of the file. If you make the value higher, data persists for a longer time, but the log file consumes more disk space. If you make the value smaller, the log file uses less disk space, but the data persists for a shorter time.

Caution

Do not leave DNS logging during normal operation because it consumes both processing and hard disk resources. Enable it only when diagnosing and solving DNS problems.

To configure the server to log DNS events

In the DNS console, click the box next to the server, right-click the server, and then click Properties.
Click the Logging tab, and then select the options you want to log.

Stopping and Flushing the Cache

In addition to flushing the cache by using Ipconfig, you can stop and flush the cache by stopping and starting the client.

To stop the client

At the command prompt, type the following:
net stop "dns client"

To start the client

At the command prompt, type the following:
net start "dns client"

Monitoring in the DNS Console

You can use the DNS console to perform a test query to determine whether or not your server is working properly.

To perform test queries from within the DNS console

In the DNS console, double-click the server name to expand the server information.
Right-click the server, and then click Properties.
Click the Monitoring tab.
Select the tests you want to perform, and then click Test Now.

If the simple query fails, check whether the local server contains the zone 1.0.0.127.in-addr.arpa. If the recursive query fails, check whether your root hints are correct and whether your root servers are running. For more information about simple queries and recursive queries, see "Introduction to DNS" in this book.

For more information about troubleshooting recursion problems, see "Checking for Recursion Problems" later in this chapter.