DNS Server Troubleshooting for Linux and Home windows

Identify decision is a vital a part of fashionable networks. Identify decision companies cope with names which might be simpler for individuals to recollect, IP addresses which might be tougher to recollect.

Identify decision makes use of an deal with (A) file to resolve names with IPv4 addresses and a quad-A (AAAA) file to affiliate names with IPv6 addresses.

an A and AAAA file

Finish customers depend on title decision to browse the web site. Pc technicians can use names to map community printers or drives, and system directors can remotely connect with servers or VMs by way of names.

Step one in troubleshooting title decision is to grasp it. The primary article on this collection defines title decision and offers examples of options such because the hosts file and DNS. The second article addresses title decision points from a consumer perspective utilizing instruments resembling ping, nslookup, host, and dig.

This text discusses troubleshooting DNS companies on the server. Particularly, this contains checking the service standing and first configuration information on each Linux and Home windows DNS servers.

Troubleshoot Linux-Primarily based DNS

Troubleshooting title decision on Linux servers begins with the fundamentals. First, is the service put in and working? Subsequent, are the zone information correct, and do they comprise the useful resource information wanted to resolve community hosts?

The title decision service for Linux is Berkeley Web Identify Area (BIND), which is at the moment at model 9.

1. Examine if BIND is put in

Make sure that BIND is put in and working when troubleshooting the title decision server. Use the next command to verify that BIND9 is put in:

$ named -v

The output ought to point out that BIND9 is put in and show the model quantity. If it’s not put in, therefore the title decision queries on this server are failing.

On Pink Hat, Fedora, and related distributions, sort the next to put in BIND9:

$ sudo dnf set up -y bind bind-utils

On Ubuntu, Debian, and related distributions, sort the next:

$ sudo apt set up bind9 bind9-utils bind9-dnsutils

Whether or not directors want to put in varied further utilities is dependent upon how they wish to use the title decision server.

2. Make sure that BIND is working

Assuming that BIND is put in, the subsequent step is to make sure that the service is working. Use systemctl command with the next syntax:

$ sudo systemctl standing bind9

admin can use systemctl begin, pause, restart, allow And shut command to handle the service.

Do not forget to set the firewall to permit port 53/udp for queries and 53/tcp for zone transfers.

3. Examine Zone Configuration

The first listing that shops the BIND9 configuration information is often /and so on/bind And /var/cache/bind, The primary service configuration information are title.conf, title.conf.default-zones, title.conf.native And title.conf.choices, These information outline how the title decision service performs its duties.

Word that the precise listing and file names, in addition to the placement, could fluctuate relying on the distribution. This isn’t an unusual incidence on Linux methods. it may be helpful Grape /e.t.c And /var directories containing strings Nominated,

Screenshot example of /etc/named.conf file
An instance of a /and so on/named.conf file

Zone information comprise precise useful resource information that relate an IP deal with to a selected hostname. Zone information are generally discovered /var/cache/bind, Normal useful resource information, resembling the beginning of authorization (SOA) and title server (NS) information, are saved right here, together with A and pointer (PTR) information used for title decision queries. If the server resolves queries for a number of zones, every zone may have its personal file.

Screenshot of the named.localhost file
Nominated. localhost file. Word the SOA, NS, A, and AAAA useful resource information.

Examine the zone file configuration with the next command, the place zonename The DNS zone title the administrator is troubleshooting is:

$ sudo named-checkzone zonename.com db.zonename.com

name-checkzone The utility checks the syntax of the zone file. This examine offers a possibility to check and troubleshoot current zone information and confirm the configuration of recent ones earlier than loading them into BIND9.

The consequence ought to point out that the zone is responding accurately by offering the exit code 0, If examine returns exit code 1, Examine the zone file contents for errors. Directors could face the next errors:

  • There may be an incorrect area title.
  • Zone information could comprise incorrect A and PTR useful resource information.
  • The file could comprise typographical errors.

Remark: Directors could discover it helpful to troubleshoot consumer methods utilizing instruments resembling Digg, Host, and NSlookup to accurately determine sure points.

Troubleshoot Home windows-Primarily based DNS

Microsoft Lively Listing Area Companies (AD DS) integrates a number of companies to offer safety and ease of administration. The primary of those is the DNS AD Built-in Zone. This function permits replication of the DNS database with the AD database – a extra complete replication design. The second service is Dynamic Host Configuration Protocol (DHCP) – dynamic updates owned by A and PTR information. DHCP registers the consumer’s hostname and IP deal with with DNS after leasing an IP deal with configuration, guaranteeing that the DNS zone is stuffed with correct info. Since these three companies work collectively, it usually is smart to colocate them on the identical server.

Any title decision troubleshooting basically contains AD DS and DHCP as nicely. Maintain this in thoughts when reviewing Occasion Viewer messages or making an attempt to slender down the scope of title decision points.

There are a number of console and Home windows PowerShell cmdlets out there for DNS troubleshooting.

1. Confirm that DNS is put in

First, confirm that DNS is put in on the server by checking Server Supervisor or Server Companies to console. Add a DNS function, if crucial, and configure the server as a part of an AD area.

Screenshot of Server Manager to access DNS console
Entry the DNS console from the Instruments menu in Server Supervisor.

Any service, together with DNS, is out there in Companies console inside device Server Supervisor menu. Directors can examine the standing of the service and restart it from this console.

Screenshot of the Services console for accessing the DNS service settings
Entry the DNS service settings from the Companies console.

2. Examine Zone

open dns supervisor Console to show and handle current areas. Directors can even create new zones right here, in addition to handle configurations resembling zone replication, safety settings, and forwarding.

Screenshot of DNS Manager Console
The DNS Supervisor console shows the present zones.

3. Use PowerShell to Troubleshoot Configurations

So long as directors bear in mind the suitable cmdlets and parameters, command-line environments, resembling PowerShell, will be environment friendly and usually sooner than navigating the GUI. Clearly, the first benefit of command line interfaces is scripting. Directors can even generate their very own title decision troubleshooting scripts.

A number of cmdlets help with DNS troubleshooting and reporting. That is notably helpful for displaying information from the zone, verifying that title decision by the DNS server is feasible for the queried title.

Listed below are some examples of utilizing PowerShell to troubleshoot configuration or get info.

Clear the DNS resolver cache with the next cmdlet:

> Clear-DnsServerCache

Use the next cmdlet to retrieve the useful resource file from the server, verifying that the file exists:

> Get-DnsServerResourceRecord -ComputerName DC1 -ZoneName myzone.native

Get a file from the required DNS server by appending -RR Kind A Parameters:

> Get-DnsServerResourceRecord -ComputerName DC1 -ZoneName myzone.native -RRType A
Screenshot of the Get-DnsServerResourceRecord cmdlet
The Get-DnsServerResourceRecord cmdlet shows zone info and useful resource information.

4. Examine DNS Configuration

From Server Supervisor, go to device menu, and choose DNS to open dns supervisor to console. Directors can develop nodes to show any DNS zones that the server is conscious of. Listed below are some areas to examine relying on the troubleshooting state of affairs:

  • Verify that the proper areas are listed.
  • Search for any typographical errors within the static useful resource information.
  • Confirm that the proper A and PTR useful resource information exist.
  • Verify that the firewall permits DNS site visitors.

Admins can even use the DNS console to examine properties of zones, resembling scavenging and forwarders. These settings have an effect on how DNS handles title decision queries.

Scavenging helps to scrub up DNS information. In an AD atmosphere, Home windows shoppers or DHCP servers dynamically create A and PTR useful resource information. Left unattended, the variety of information continues to develop with out deleting previous information, which is why property resembling growing older and scavenging can be found with DNS.

Outdated age identifies a useful resource file of a specified age. These information are labeled stale, and they’re topic to scavenging (removing) after one other specified time interval. Make it possible for scavenging is enabled on a DNS server within the zone to maintain the zone a manageable measurement.

Screenshot of how to configure aging and scavenging to eliminate old resource records
Configure growing older and scavenging to get rid of previous useful resource information.

Forwarding sends unresolved queries to a different server. This configuration isolates inner DNS servers, doubtlessly positioned alongside AD area controllers (DCs), from having direct Web entry. As a substitute, a named DNS server referred to as a . known as forwarder Lives within the community’s Web-facing screened subnet, or DMZ. Inner DNS servers ahead queries to the forwarder for exterior Web assets.

Screenshot of how to configure forwarders to allow DNS to send queries
Configure a number of forwarders to permit DNS to ship queries on to particular DNS servers.

One other setting to examine is conditional forwarding. DNS conditional forwarding permits directors to affiliate particular domains with recognized DNS servers. When a DNS server receives a question associated to that area title, the question is forwarded on to the listed DNS servers with out being resolved by way of a number of different servers. Make it possible for all domains recognized are right and that the right DNS server IP addresses are offered.

5. Reload Area

Subsequent, attempt to reload the zone. Directors can even restart the DNS service. Nonetheless, bear in mind that this additionally restarts AD DS and should have an effect on consumer methods. It’s assumed that there are at the least two AD DCs on website to attenuate the results of 1 DC being unavailable at a time.

6. Examine the Occasion Viewer Log

Subsequent, look at the Occasion Viewer DNS logs. Directors could have to search for AD DS occasions and presumably DHCP occasions, not simply DNS entries. Search for entries that point out issues beginning DNS. Extra importantly, examine each DNS and AD DS for replication errors.

Screenshot of Event Viewer for DNS messages and AD and DHCP entries
Occasion Viewer shows DNS messages and related AD and DHCP entries.

Home windows offers a number of DNS service interfaces. Admin can handle service by way of Companies console, though most DNS troubleshooting will in all probability be in dns supervisor to console. This console permits zone administration, displaying useful resource information and modifying service settings, resembling cleansing and forwarding. AD Built-in Zones enhance the safety and efficiency of DNS zone replication and allow tighter integration between DNS and DHCP. So, do not forget to examine AD replication and DHCP settings when troubleshooting DNS points.


DNS servers present probably the most essential companies on the community. Identify decision permits customers to work with names which might be straightforward to recollect. Underneath the hood, methods affiliate these names with the IP addresses required for TCP/IP. Many companies depend on DNS, together with e mail, net looking, file sharing, printer sharing, and AD.

Start troubleshooting by ensuring the service is put in, working and accessible. Confirm that the fields required to retailer useful resource information exist and are configured accurately. Lastly, confirm that the useful resource information for the queried locations exist and are correct.

Supply hyperlink