I have a problem with fresh installed AD/DNS server.
I have one domain controller that works as it should, without any issues.
Tried to install second DC at the second office. I've installed Active Directory role, executed dcpromo – everything went smoothly. But the DNS server on that new server doesn't work. When I tried to execute nslookup command, it says "DNS request timed out. timed out was 2 seconds."
And I don't have any ideas why.
I've checked:
– DNS server service is running;
– it received info about zones from AD;
– DNS server is listening on all ip addresses (netstat confirms it);
– DNS has a reverse lookup zone with the ptr record for the new server;
– I don't see any DNS-related errors in the Event Viewer;
– firewall is completely off for a tests.
ipconfig from the server. 192.168.250.125 – LAN address, 10.0.9.103 – VPN
tunnel, 192.168.0.11 – main DC
C:\Users\myuser>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : EX-DC2
Primary Dns Suffix . . . . . . . : MyDomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MyDomain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
Physical Address. . . . . . . . . : 00-0C-29-C6-AF-56
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.250.125(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.250.1
DNS Servers . . . . . . . . . . . : 192.168.250.125
192.168.0.11
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter OpenVPN:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-8A-C9-A1-FE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.9.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 24, 2018 3:17:18 AM
Lease Expires . . . . . . . . . . : Thursday, January 24, 2019 3:17:17 AM
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.0.9.254
DNS Servers . . . . . . . . . . . : 192.168.250.125
192.168.0.11
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.mydomain.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\myuser>
nslookup:
C:\Users\myuser>nslookup ex-dc
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.250.125
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
C:\Users\myuser>
I've tried to configure 192.168.0.11 (main DC) as the first DNS, 192.168.250.125 and 127.0.0.1 as the second and third. In that case:
C:\Users\myuser> nslookup
Default Server: ex-dc.mydomain.com
Address: 192.168.0.11
> server 192.168.250.125
Default Server: ex-dc2.mydomain.com
Address: 192.168.250.125
> ex-dc
Server: ex-dc2.mydomain.com
Address: 192.168.250.125
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ex-dc2.mydomain.com timed-out
>
Best Answer
Have you checked which interfaces it's listening on? Open DNS->Right click on server and look at the interfaces tab. With additional adapters (OpenVPN), you may need to set the option to "Only the following IP addresses" and choose 192.168.250.125. If you change that, restart the DNS service and try nslookup again.