JSI Tip 8263. How do I troubleshoot Windows Server 2003 Domain Name System Dynamic Update problems for Windows XP clients?

NOTE: See How to configure DNS dynamic update in Windows Server 2003.

The process includes:

  • Windows XP queries DNS to find the authoritative name server for the domain name.
  • The name server local to the client discovers the authoritative name server, returning the SOA (Start Of Authority) record and IP addresses of the name servers that are authoritative for the zone.
  • Windows XP sends a dynamic update request to the the DNS server that is authoritative for the zone. The request may include any non-conflicting prerequisites, which must be met for the update to complete:
    • The resource record set must exist.
    • The resource record set must NOT exist.
    • The name is in use.
    • The name is NOT in use.
  • If the prerequisites have been met, the update is performed.
  • The client receives a reply, indicating success or failure.

Updates may fail because:

  • The DNS server is not configured to accept dynamic updates for the zone. To fix this problem:
    • Open the DNS snap-in from the Administrative Tools.
    • Expand the server which is authoritative for the zone.
    • Expand Forward Lookup Zones or Reverse Lookup Zones.
    • Right-click the zone you need to configure and press Properties.
    • Select the General tab.
    • In the Dynamic updates drop-down list, select Nosecure and secure and press OK.
  • The DNS server may be configured to accept only secure dynamic updates.
  • The authoritative DNS server does NOT respond, either because it is down, or the because the local name server has an incorrect SOA record:
    • Open a CMD.EXE window.
    • Type nslookup and press Enter.
    • Type set query=SOA and press Enter.
    • Type the TargetZone and Press Enter, like JSIINC.COM. You should see something like:
      • Server: ComputerName.JSIINC.COM
      • Address: nnn.nnn.nnn.nnn
      A Non-authoritative answer might return:
      •          primary name server = ComputerName.JSIINC.COM
      •          responsible mail addr = xxxx
      •          serial = 3365
      •          refresh = 900 (15 mins)
      •          retry = 600 (10 mins)
      •          expire = 86400 (1 day)
      •          default TTL = 3600 (1 hour)
      • ComputerName.JSIINC.COM          internet address = nnn.nnn.nnn.nnn
    • Type Exit and press Enter.
  • Is the response accurate?
    • Is the SOA data accurate?
    • Is the authoritative DNS server in the SOA record correct?
    • Is the IP address correct?
  • The server is not accepting updates because the target zone is being transferred:
    • Open the DNS snap-in from the Administrative Tools.
    • Expand the server which is authoritative for the zone.
    • Expand Forward Lookup Zones or Reverse Lookup Zones.
    • Right-click the zone you need to configure and press Properties.
    • Select the Zone Transfers tab.
    • Clear the Allow zone transfers box and press OK.


  • Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish