FWIW my 1000+ domains are AD integrated. So I guess background loading - or not - isn't the problem I'm seeing.
I haven't researched this error yet but every couple weeks there's a batch of 15-20 of these in the DNS event log, calling out different authoritative zones each time. Event ID 4004, source DNS The DNS server was unable to complete directory service enumeration of zone 17-plus.com. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. The group of 4004's are always preceded by one or two event 4015's, which are: "The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error." The event data is 51 00 00 00 or 52 00 00 00. But again, I don't put much stock that the above are meaningful to the DNS shutdowns because I'm pretty sure they were happening before the DNS shutdowns began, and the timing of those events isn't anywhere near the reboots that are followed by a spontaneous DNS server shutdown. Carl From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, March 09, 2010 6:20 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots AD Integrated is the key, I think. Background loading applies to standard primary/secondary zones. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Tim Evans [mailto:[email protected]] Sent: Tuesday, March 09, 2010 3:59 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots FWIW, I load the entire domain list from http://www.malwaredomains.com/ into my AD integrated DNS without any problems. over 18000 domains are currently included. I've got a 2003 native domain/forest too. DC's include WS08R2, WS08, & WS03 SP2. I have not seen anything like this here. ...Tim From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, March 09, 2010 11:53 AM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots It appears that background zone loading is a feature of 2008 and later... maybe I just need to hurry up the upgrade to 2008. Carl From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, March 09, 2010 2:44 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots Oh! Yes, now that you say that.. I bet what's happening is that it's timing out. There is a flag (and I'm sorry that I don't remember the details) that says "do the initial zone load in the background". You probably need to set that. That should be enough to biggle with. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, March 09, 2010 2:40 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots "Debug logging" will log DNS packets to a text file. I guess the last DNS packet received before the shutdown could tell me something if it was shutting down randomly at any time. But the fact that the service stays running forever after restarting suggests that bad DNS packets on the wire aren't likely causing this. So if bad DNS traffic is the problem, the only explanation would be a DNS query from the DC to itself. DC DOS's its own DNS server service? One thing I may have that is less common is a lot of DNS authoritative zones for well known bad (malware hosting) domain names. There's over 1000 of 'em. I have to say I'm not up for an extended debugging journey on this one, just wondering if this behavior triggered any memories for anyone. Carl From: Brian Desmond [mailto:[email protected]] Sent: Tuesday, March 09, 2010 1:53 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots It should be able to kick out more info to a text file. The scenario you mention of branch DCs not having connectivity is completely normal. Thanks, Brian Desmond <mailto:[email protected]> [email protected] c - 312.731.3132 From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, March 09, 2010 12:46 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots Good idea, but the DNS Server's event logging option has been on "all events" all this time. That must be the default, I don't recall ever changing it. Carl From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, March 09, 2010 1:39 PM To: NT System Admin Issues Subject: RE: DNS Server service shuts down shortly after the DC boots This would seem to indicate to me that while the DNS Server service was initiated, it never actually finished initializing. Aren't there some logging options on the DNS server property tab? I'd probably ratchet those up to max for a while and see if they helped gather more info. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Carl Houseman [mailto:[email protected]] Sent: Tuesday, March 09, 2010 1:22 PM To: NT System Admin Issues Subject: DNS Server service shuts down shortly after the DC boots Curious thing, started a few months ago after I moved the FSMO roles from this DC to another one. This DC frequently boots "in a vacuum" - no other DC's can be contacted, so it takes a long time sniffing around before it finally starts Active Directory and its own DNS Server service. A few minutes after that, the DNS Server service shuts down. There's nothing in the System or Application event log to explain it, and the DNS Server event log records simply that " The DNS server has shutdown." (event ID 3). The recovery options are set to restart the service, but that doesn't happen because the service appears to have been shut down on purpose. But no human (for sure) and 99.9% sure no software is issuing the command. Another interesting thing from the event logs, under System, when I start the service there's an event 7036 logged "The DNS Server has entered the running state". But I see NO event 7036 for DNS at the time of booting. Obviously, it must be started, else the DNS event log wouldn't record that it had shut down! And I see no 7036 events for it stopping either. When this happens, I can manually start the DNS Server service and all is well until the next boot, which may or may not have the problem. I think it's happening about 50% of the time. I've scripted a solution to recover from the problem, but I'm just curious if anyone has noticed something similar. I'm guessing the instances of branch offices booting their DC without network connectivity back to the FSMO holder at HQ is fairly rare, but not unheard of. And this is Windows 2003 SP2, native 2003 domain/forest. Almost left that off, yikes! TIA, Carl ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
