DNS Issues with servers

jefftech · 2025-07-16T18:16:40.877Z

We have some DNS issues in our environment. I’m shaky on network, but I’ve tried a few things, but I’m coming up empty.

Mind you this happens with other servers, but I spun up a server to break so I can resolve this issue.

I can RDP to the server with IP address. I can C share to the server with the IP address. I can ping via the IP and the DNS name. If I do a nslookup for the server, I get the correct IP.

I can’t navigate to the server via the server name. Either shortened or the FQDN. I did create an A record on our DNS Server and I did create a PTR with that record as well.

I’ve tried to update the DNS on the server by manually adding our DCs to the DNS records. I did the usual flush and register of the DNS on both the server and my workstation.

To add to the mess, we had a DC crash about a week before I started. We currently have an on-prem DC as well as a cloud DC. The Cloud DC is the main DC. DNS is setup on the on-prem DC. The cloud DC was created before I started.

Any advice on this one?

Jay-Updegrove · 2025-07-16T18:36:01.499Z

Just as a sanity check, doublecheck your DHCP for that entry, make sure it matches the DNS entry.

Rod-IT · 2025-07-16T19:22:47.691Z

jefftech:

I’ve tried to update the DNS on the server by manually adding our DCs to the DNS records.

Can you elaborate on what this means?

jefftech:

I did create an A record on our DNS Server and I did create a PTR with that record as well.

You shouldn’t need to do this if you did this

jefftech:

I did the usual flush and register of the DNS

Flushing removes local cached data, register adds the machine forward and reverse DNS records to your DNS servers, but only if the zone exists and the server is in the domain.

You’d have to do it manually if the machine is not domain joined.

Both your server and your client should use ONLY your DCs for DNS, if anything else is there, please remove it and add just your DCs.

If you can resolve the machine using nslookup, and when you ping, DNS is typically good, but do confirm your DNS servers are only the DCs first.

jefftech · 2025-07-16T19:43:02.805Z

What I meant was by modifying the DNS settings via the IPv4 within Network Settings.

We have the DCs and three other servers. Two of them were just setup this week.

Rod-IT · 2025-07-16T20:13:38.009Z

jefftech:

We have the DCs and three other servers

Why would you need other servers, what do they point to?

For internal machines they should only ever use the DCs for DNS.

jefftech · 2025-07-16T20:23:37.731Z

I’m sorry I thought you were asking about servers in general.

We have two DCs at the moment.

PatrickFarrell · 2025-07-16T20:41:48.108Z

Going to start off with a quick health check on how you are set up currently:

Active Directory DNS Refresher Windows

It’s DNS. It’s always DNS. No, DNS is fine, it’s not DNS, trust me. It was DNS. I’m posting because in the last few weeks we’ve had a few posts that turned out to be misconfigurations with DNS in a domain environment. Things like Domain controllers pointing at themself first for DNS, or having a public DNS server on the NIC of the Domain Controller or the clients. Hopefully this will help some people get out in front of potential issues. The general rules for DNS in an AD E…

matt7863 · 2025-07-16T20:45:14.778Z

It’s probably not a dns issue. as you can resolve the new server correctly in dns that shows it is working.

It is more likely to be a kerberos/AD issue.
Is the server domain joined?
do any servers work with \servername\ ? like the DCs? a general server? a workstation?

jefftech · 2025-07-16T21:05:10.287Z

The servers are domain joined.

I can \ip address\c$ to the server. It doesn’t work if I use the name.

Rod-IT · 2025-07-16T21:18:25.322Z

ping -a IP-of-server.

Do you get a different IP?

somedude2 · 2025-07-16T21:40:42.531Z

When you ran nslookup on the client machine, what did it say it was using for a nameserver?
It --should-- be using the DC, but if you have DHCP screwed up, it may be asking some other machine to resolve things. (Make sure some goober didn’t set clients to use static resolver or some such silliness also, tho policy should be disallowing that)

does nslookup actualy work on the DC itself? eg, does it know it’s own name?
(without errors, and without saying things like 'non authoritative answer)

Jay-Updegrove · 2025-07-16T21:49:25.962Z

I mentioned DHCP earlier, too, but didn’t get a response.

naveenkatikam · 2025-07-17T04:46:35.958Z

Try pathping with name and IP address yo u can find in which path the packets are flowing.

use a single DNS(First try on prem and then cloud DNS) in you IP configuration and try once.

jefftech · 2025-07-17T17:10:30.819Z

I think I might have an idea on what’s going on. We had a DC that went down before I started.

Our DNS records are still pointing to that DC. I also think that is where DHCP had been setup. I can’t get the old DC to boot into the OS anymore. I’m waiting to hear back from our MSP to see if they have backups, so I can grab the DHCP policies before I demote the old DC.

I could also be way off as well.

shnool · 2025-07-17T17:31:43.714Z

The server the disappeared might also have held FSMO roles, and if it failed ungracefully those roles might still have be held by it. Beyond the fact that in particular the PDC role might be on that gone server, having a new server online that is a DC might not really show up correctly especially if other servers and workstations are all attempting to talk to the now dead server.

Remove the entries for the server that is gone in DNS, and especially for the service records therein. Then you might want to do a force FSMO role move of any of the roles that were still assigned to the now gone server.

You may be digging out rogue entries with ADSI edit for a while if this is the case.

PatrickFarrell · 2025-07-18T00:47:48.210Z

jefftech:

I think I might have an idea on what’s going on. We had a DC that went down before I started.

Our DNS records are still pointing to that DC. I also think that is where DHCP had been setup. I can’t get the old DC to boot into the OS anymore. I’m waiting to hear back from our MSP to see if they have backups, so I can grab the DHCP policies before I demote the old DC.

I could also be way off as well.

Avoid restoring a DC if possible. It’s a recipe for problems. If your DCs were replicating properly, it’s best to remove the old one from AD, seize the FSMO roles to the remaining server and spin up a new DC.

adrian_ych · 2025-07-18T03:36:03.637Z

jefftech:

The cloud DC was created before I started.

Are there any DCs on prem ??

The issue can be if your machines can access DNS in the cloud and if the server can also do the same ?

jefftech:

We have the DCs and three other servers. Two of them were just setup this week.

Did you set the proper round robin for the DCs, set the DNS IPs to DCs for servers and client machines (DHCP)

matt7863 · 2025-07-18T17:45:48.591Z

jefftech:

Our DNS records are still pointing to that DC

What does this mean? records for what? do you just mean that the dns records for the domain name include the old broken DC and current other DCs?

jefftech:

before I demote the old DC

You cannot demote a server that is not booting - it needs to be succesfuly be operating as a DC to demote. You must manually remove from domain (seizing roles if applicable etc).

jefftech · 2025-07-18T18:01:50.230Z

We have one DC in the cloud and one on-prem.

I didn’t set anything up. This was all done before I started. So I’m trying to pick up the pieces with what I have.

Currently when I do a nslookup for my domain. I can see the DNS pointing to our two existing DCs as well as the DC that is no longer working.

jefftech · 2025-07-18T18:05:02.059Z

When I do a nslookup for my domain. I currently see the DNS for my two existing DCs and the DC that is no longer working.

I was going to delete the DC from AD. I’m currently waiting to verify the backup situation. But the FSMO roles have been seized.