To verify DNS registration for domain controllers using the nslookup command

1. At a command prompt, type:

   nslookup

2. After the previous command completes, at the nslookup (">") prompt type:

   set q=rr_type

   where rr_type is the resource record (RR) type to apply as a filter for subsequent lookups.

   For example, in this instance, because you want to limit subsequent name queries to filter and return only service location (SRV) RRs that use a specified name, type:

   set q=srv.

3. After the previous command completes, type:

   _ldap._tcp.dc._msdcs.Active_Directory_domain_name

   where Active_Directory_domain_name is the DNS name configured for use with your Active Directory domain and any of its associated domain controllers.

   For example, if the DNS domain name of your Active Directory domain is example.microsoft.com, type:

   _ldap._tcp.dc._msdcs.example.microsoft.com.

4. Review the output of the previous SRV query and determine if further action is needed based on whether the previous query succeeded or failed:
   • If the query succeeded, review the registered SRV RRs returned in the query to determine if all domain controllers for your Active Directory domain are included and registered using valid IP addresses.
   • If the query failed, continue troubleshooting dynamic update or DNS server related issues to determine the exact cause of the problem.

   For more information, see Notes and Related Topics.

 Note

• To open a command prompt, click Start, point to Programs, point to Accessories, and then click Command Prompt.
• In some cases, when performing the above procedure, you might see several time-outs reported. This happens when reverse lookup is not configured for DNS servers servicing the same DNS domain as your Active Directory domain.
• The following is an example of command-line output for an Nslookup session, used to verify service location (SRV) resource records that are registered by Windows 2000 domain controllers. In this example, the two domain controllers are dc1 and dc2 and are registered for the "example.microsoft.com" domain.

  
  C:\>nslookup
  Default Server:  dc1.example.microsoft.com
  Address:  10.0.0.14
  > set type=srv
  > _ldap._tcp.dc._msdcs.example.microsoft.com
  Server:  dc1.example.microsoft.com
  Address:  10.0.0.14
  _ldap._tcp.dc._msdcs.example.microsoft.com   SRV service location:
            priority       = 0
            weight         = 0
            port           = 389
            svr hostname   = dc1.example.microsoft.com
  _ldap._tcp.dc._msdcs.example.microsoft.com   SRV service location:
            priority       = 0
            weight         = 0
            port           = 389
            svr hostname   = dc2.example.microsoft.com
  dc1.example.microsoft.com     internet address = 10.0.0.14
  dc2.example.microsoft.com     internet address = 10.0.0.15
  

• The nslookup command is a standard command-line utility provided in most DNS service implementations, including Windows 2000. It offers the ability to perform query testing of DNS servers and obtain detailed responses as the command output. This information is useful in troubleshooting name resolution problems, verifying that resource records (RRs) are added or updated correctly in a zone, and debugging other server-related problems.
• Verify that resource records used to register services and critical hosts, such as domain controllers, are correctly added to zones.

  In some cases, you might need to manually add or verify registration of the service location (SRV) resource records used to support Windows 2000 domain controllers.

  To add the SRV resource records that have been created for a domain controller, open and view the Netlogon.dns file, created by the Active Directory Installation wizard when a server computer is promoted to a domain controller. It can be found at:

  systemroot\System32\Config\Netlogon.dns

• The resource records used in this file are listed in RFC-compliant text-file format. When verifying these records, look for the following records:

  _ldap._tcp.Active_Directory_domain_name IN SRV 0 0 389 ldap_server_name
  _ldap._tcp.dc._msdcs.Active_Directory_domain_name IN SRV 0 0 389 domain_controller_name

  In some cases, you might need to modify the Lightweight Directory Access Protocol (LDAP) server name if you are using a non-domain controller as an LDAP server for your network.

• The Net Logon service on each Windows 2000 domain controller registers, as appropriate, a number of different DNS resource records with DNS servers. To learn more about these records and how Net Logon updates DNS, obtain additional technical information on Windows 2000 DNS available from the Microsoft Web site. For more information, see Related Topics.

Troubleshoot DNS servers

Nslookup subcommands

Nslookup Notes

Nslookup

Online product support