dpcsit
asked on
DNS problems with server
What do we need to do to fix this?
Ran a DCDIAG /V
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.175.243.248 (dc1.dpcs.org.)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Delegation to the domain _msdcs.dpcs.org. is operational
Summary of DNS test results:
Ran a DCDIAG /V
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.175.243.248 (dc1.dpcs.org.)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Delegation to the domain _msdcs.dpcs.org. is operational
Summary of DNS test results:
grandebob
Have all of your servers DNS servers point to your local DNS, not your ISP's DNS servers.
yeah, where are the DNS servers in your network, and are all your servers pointing to your internal DNS? Also, instead of using 127.0.0.1, use the actual IP address of the DNS server.
ASKER
The DNS server is the DC, it is a very small network.
Is it pointing to localhost or the actual IP address of the server? Are you forwarding dns queries to an external dns server? Do you have any errors in system or dns event logs?
In the properties of your DC's network adapter, does it have its own IP listed as the primary DNS server? Does your DNS server have a zone for whatever the DNS name of your active Directory domain is?
ASKER
Under properties for TCP/IP for the active adapter it shows the ip of the DC/DNS server itself so it is pointing to itself on the adapter. The second adapter is pointing to 127.0.0.1 but it is disabled.
Can you post a screen shot of your DNS Server configuration?
ASKER
How can I best do that for you? Through dnsmgmt or is there something at a cmd prompt I can run?
I am now seeing some errors in the DNS Event Logs 6702
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
For more information, see Help and Support Center at
I am now seeing some errors in the DNS Event Logs 6702
DNS server has updated its own host (A) records. In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update. An error was encountered during this update, the record data is the error code.
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact. (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner. It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
For more information, see Help and Support Center at
Do a screenshot of DNS manager.
ASKER
Ok
screen.JPG
screen.JPG
So your internal domain name is the same as your external? Is this the server that's doing DNS for external queries? I see 72.167.183.96 for the website and ns41.domaincontrol.com for your primary external DNS.
So is this your only server? If so, then you could enable a specific forward for name resolution to external domains. It would appear that this has not been set.
Are you having specific problems with DNS, or do you just want to have a clean DCDIAG?
So is this your only server? If so, then you could enable a specific forward for name resolution to external domains. It would appear that this has not been set.
Are you having specific problems with DNS, or do you just want to have a clean DCDIAG?
I would make sure that your DNS server thinks it is the authoritative Name Server for your domain. If it is set as a secondary, it will attempt to retrieve DNS information for your domain from the internet, and will attempt to pass all local IP address updates to the internet.
I would recreate your domain on your DNS server, and be sure to use AD Integrated, and say that it is the primary server in charge of that domain.
Then run IPconifg /register DNS on all domain controllers.
Reboot any client having DNS resolution problems.
Then add any internet records needed (www.dpcs.com = real internet IP of your site)
I would recreate your domain on your DNS server, and be sure to use AD Integrated, and say that it is the primary server in charge of that domain.
Then run IPconifg /register DNS on all domain controllers.
Reboot any client having DNS resolution problems.
Then add any internet records needed (www.dpcs.com = real internet IP of your site)
ASKER
"So your internal domain name is the same as your external?"
Yes
"So is this your only server?"
No it is the DC and the DNS and DHCP functions of the network, we have a file server an exchange server and an application server for the HR department. There is also one unix box that is another application server. But the DC should have all the AD rolls on it. I did not being this domain up, I am only the current gardener! ;) As for DNS issues, not that I can tell, but the dcdaig and the freeware spiceworks network monitor I downloaded says there are dns issues but I can resolve names from Ips fine both inside and outside the local network.
"I would make sure that your DNS server thinks it is the authoritative Name Server for your domain."
I would assume it is since it handles the rolls for AD, but is there a command to verify that?
Yes
"So is this your only server?"
No it is the DC and the DNS and DHCP functions of the network, we have a file server an exchange server and an application server for the HR department. There is also one unix box that is another application server. But the DC should have all the AD rolls on it. I did not being this domain up, I am only the current gardener! ;) As for DNS issues, not that I can tell, but the dcdaig and the freeware spiceworks network monitor I downloaded says there are dns issues but I can resolve names from Ips fine both inside and outside the local network.
"I would make sure that your DNS server thinks it is the authoritative Name Server for your domain."
I would assume it is since it handles the rolls for AD, but is there a command to verify that?
If you go into your dpcs.com zone in DNS Managment, you should see a record that is "Start of Authority or SOA"
If that isn't your DC/DNS server, then it is not the Authoritative DNS server for that domain.
If that isn't your DC/DNS server, then it is not the Authoritative DNS server for that domain.
ASKER
Here is the SOA
soa.JPG
soa.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We had someone come in and configure a server and mirror the DC1 server and now my dcdiag says the following:
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
Preferred Time Server Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
KDC Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
......................... dpcs.org failed test
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
Preferred Time Server Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
KDC Name: \\dc1.dpcs.org
Locator Flags: 0xe00003fc
......................... dpcs.org failed test
ASKER
The original problem for this ticket is gone now, so I will close it and open on the last item