U-Tools: Unique Tools for Windows System Administrators
U-Move Help

Reviewing Client DNS Settings

U-Move will display for your review the Internet addresses that the new computer will use to contact your Directory Name Service (DNS).

Important: Make sure that your DNS server is located at the displayed Internet address. The DNS server must be reachable from the new domain controller.

The new domain controller will use DNS to connect back to itself. If DNS is incorrectly configured, the domain controller will not be able 'see' itself, causing loopback errors that will prevent the DC from connecting to its own local AD database.

How to Test DNS

Use the console commands ping and nslookup to verify that the DNS server is visible on the network and can resolve the DNS records for the domain.

Local DNS Server

If the IPv4 Client DNS setting is local (127.0.0.1), make sure that the IPv6 Client DNS setting is also local (::1) and vice versa. U-Move will warn you if the settings are not the same.

Enable automatic DNS updates

If you are moving AD to the cloud or other network with a different network address, make sure that you configure your DNS server to enable secure automatic DNS updates (it is enabled by default). This will permit the new domain controller to register its Internet addresses with the DNS server when it is booted.

The DNS Server database is always copied

When cloning AD, U-Move will always copy the DNS database. This is because the database is typically stored inside of Active Directory itself (integrated DNS zone), so it must be included.

Active Directory will use replication to replicate the DNS records in the DNS database. This means that if you restore AD from a backup snapshot, and another DC in the same domain has a newer copy of the DNS zone, the newer copy will take precedence. The reloaded DC will replace its out-of-date copy of the DNS zone with the more recent copy from other DC. Old records will be pruned and new records added as required to bring them into sync.

At the same time, the newly booted DC will register its own fresh Internet addresses with the DNS server (local or remote), which will then replicate that data to all the other DCs that host the AD-integrated DNS zone, just like any other data object in Active Directory.

If there is no other domain controller on the network to update the newly restored DNS zone (or if it is not AD-integrated), the local DNS database might contain the stale or incorrect Internet addresses. If the DNS zone does not enable automatic DNS updates, or if you failed to check the box Register this connection's addresses in DNS, this might cause connectivity problems if the local domain controller's Internet does not match the AD snapshot.


How to fix bad DNS Server records

If connectivity problems persist, you will need to manually locate the bad network records and fix them or delete them.

Stale or bad network records can be found in any of these locations:

  • DNS A or PTR records.
  • DNS SRV records. Look for the domain name as well as the computer name.
  • WINS records. Look for the domain name as well as the computer name.
  • The file \Windows\system32\drivers\etc\hosts or the file lmhosts.

See Troubleshooting AD Errors.

After you delete the stale network records, if you do not want to wait 5-10 minutes for automatic DNS re-registration, you can force the DC to immediately register its Internet address(es) with the DNS server. Open an administrative console and type the following commands:

ipconfig /flushdns
ipconfig /registerdns
nltest /dsregdns

The ipconfig command will tell the computer to send ("register") its DNS A and PTR records to the DNS server. The nltest command will register the SRV records. The SRV records are used to locate domain controllers.

Ipconfig and Nltest are built-in utilities. On Windows Server 2003 Nltest is part of the Windows 2003 Support Tools, located on the Windows Server 2003 CD/DVD.

For more information

For more information see Internet Address, Copying Internet Addresses, and Configuring DNS.