Home > Articles > Microsoft > MCSE

  • Print
  • + Share This
This chapter is from the book

Monitoring and Troubleshooting DNS for AD

As with any network service, most likely there will be times when some sort of problem occurs. Windows 2000 provides some tools to monitor and troubleshoot DNS, so there are steps you can take when the DNS service is not behaving as expected.

Figure 3.3 shows the monitoring options in Windows 2000. To reach this window, follow these steps:

  1. Right-click the DNS server you want to monitor in the DNS MMC snap-in and then click Properties.

  2. Once there, click the Monitoring tab. The options and their descriptions are as follows:

    • Simple query—As the name implies, a simple forward lookup query is passed to the server for resolution. The results are either pass or fail, and the time and date are stamped in the Test Results box at the bottom of the window.

    • Recursive query—This is a more complex query where the server queries other servers until it can resolve the query or until it runs out of options and fails. With a recursive query, the name server cannot simply refer the client query to another name server.

    • Perform automatic testing—This option tells the server to run the tests you chose at the interval you've specified. This is helpful in troubleshooting intermittent server problems.

Figure 3.3Figure 3.3 Windows 2000 enables an administrator to monitor the DNS service.

DNS Logging

In addition to monitoring, you can also enable logging of selected DNS events. When you install the DNS server service, Windows 2000 adds a log for DNS into the Event Viewer. If you enable logging, you can view the results there.

You configure logging through the Logging property sheet in the DNS server's properties, which is right next to the Monitoring tab previously discussed. Enable logging only for debugging/troubleshooting purposes, because the act of logging will have a negative impact on server performance and hard disk space. The Logging property sheet is shown in Figure 3.4. DNS log files are stored as dns.log in the \winnt\system32\dns folder.

Figure 3.4Figure 3.4 Logging is a useful troubleshooting tool when a DNS server is not responding as expected.


NSLOOKUP is the primary command-line tool for troubleshooting DNS. In addition, it makes a handy security tool for tracing hackers back to their source. If you have the TCP/IP protocol installed, this basic TCP/IP tool is already on your system.

Resolving Host Names from IP Addresses

Remember that if you want NSLOOKUP to be able to resolve host names from IP addresses, you must have already configured a reverse lookup zone. NSLOOKUP has two modes: noninteractive and interactive. In noninteractive mode, you simply enter a command such as this:

If NSLOOKUP is successful, it returns the host name associated with the IP address in question. There are a number of options for NSLOOKUP in noninteractive mode, accessible by typing nslookup /? at a command prompt. One of the more common options is -server, which allows you to specify a name server to test other than the current primary DNS server configured on the client.

You enter interactive mode just by typing nslookup at a command prompt and pressing Enter. To leave interactive mode, type exit at a prompt. Typically, you'll use interactive mode when you want more than a single piece of information returned or are running multiple queries, one after another.

Verifying Resource Records

You can also use NSLOOKUP to verify the existence of resource records for troubleshooting purposes. For instance, if when workstations log in to a domain you get errors saying that a DC cannot be found, you could use NSLOOKUP to verify that the SRV and A records exist in DNS for the domain controllers. Figure 3.5 shows an example of using NSLOOKUP for this purpose.

Figure 3.5Figure 3.5 You can troubleshoot DNS by verifying resource records with NSLOOKUP.

To view the registered SRV records for the inside-corner.com domain, enter NSLOOKUP interactive mode by typing nslookup from a command prompt and pressing Enter. Then type the following:


The syntax for this command is found on the NSLOOKUP help screen, which is accessed by typing ? and pressing Enter from the NSLOOKUP console.

This command, as written, lists all records (ls) of type (-t) SRV (service) for inside-corner.com (the domain in question). The output shows you whether the domain controllers are properly registered.


You should understand how to troubleshoot name-resolution scenarios.

  • + Share This
  • 🔖 Save To Your Account