Newly configure Branch Office DC DNS on Server 2008 R2 has DNS Errors

You should only point to internal DNS servers in your TCP\IP settings which is usually your Domain Controllers. You should not use 127.0.0.1 this can cause issues but the recommendation tool recommends this just in case the tech is not experienced.

You should point DCs to themselves first then other DCs second for DNS.

preferred address should be the other DNS server, and the alternate is the local IP address.

If I point the Preferred DNS to other DNS server and secondary to itself, the is error is resovled:

DNS: DNS servers on Local Area Connection should include the loop back address, but not as the first entry.

However, I still have all the other errors which seem to be more important.

Doesn't matter that is for system admins that don't understand the proper way to setup.

Post dcdiag

Dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DNSSERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: SITE\DNSSERVER
      Starting test: Connectivity
         ......................... DNSSERVER passed test Connectivity
 
Doing primary tests
   
   Testing server: SITE\DNSSERVER
   
      Starting test: DNS
         
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DNSSERVER passed test DNS
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : home
   
   Running enterprise tests on : home.domain.com
      Starting test: DNS
         Test results for domain controllers:
           
            DC: DNSSERVER.home.domain.com
            Domain: home.domain.com
             
                 
               TEST: Basic (Basc)
                  Warning: The Active Directory zone on this DC/DNS server was
                  not found (probably a misconfiguration)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone home.domain.com
         
         Summary of test results for DNS servers used by the above domain
         controllers:
         
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12              
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
               DNSSERVER                        PASS WARN PASS n/a  WARN PASS n/a  
         ......................... home.domain.com passed test DNS

Post ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DNSSERVER
   Primary Dns Suffix  . . . . . . . : home.domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.domain.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-18-8B-37-3A-57
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.15.10.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.15.10.1
   DNS Servers . . . . . . . . . . . : 10.15.10.10
                                       192.9.100.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1F154F54-BB44-4537-B645-3FD130BF7EEF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

On this DC it states that DNSSERVER.home.domain.com Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration). Do you have DNS installed on this server? Do you see DNS zones?

What IP address is this 192.9.100.10

DNS is installed and I can see zones.  192.9.100.10 is HQ DNS server.  10.15.10.10 is Branch office DC/DNS server.

What zones do you have listed?

Forward Lookup Zones:

Reverse Lookup Zones:

10.15.10-in-addr.arpa  <-branch
100.9.192-in-addr.arpa <-hq
+ all other zones in my network

Is your msdcs folder grayed out? If it is do you have a msdcs.domain.com zone?

Do you have A records in your DNS zone for both DCs?

The msdcs folder resides under "home" folder.  It is not greyed out.  I have A records under "home", DomainDnsZones and ForestDnsZones for all DC's.

Can you take a screenshot please and post

i'd prefer not to for security.  What specificially would you like to see?

I want to see the structure.

Capture.PNG

Capture.PNG

You are missing the msdcs folder for the primary domain. What is your current domains?

The FQDN is home.domain.com

So, your root domain is home.domain.com?

Technically domain.com would be my root domain and home.domain.com would be my child domain.  All of my servers/clients fall under the child domain home.domain.com.  I am not sure why it is like this.  I did not initially create this domain and no see no point for it.  My preference would be for clients/servers to be under domain.com, but am not sure what is involved to make the change at this point.

That is why you are getting errors because the forest root really isn't the forest root

Since I am not an expert in this area...is this easily resolveable?  Are you able to help?  Should I work with M$?

My forest is home.domain.com and the domain shown below that is home.domain.com

The errors really state that you don't have a forest root for DNS but you really do but not setup correctly. You can create a forest root DNS server with just the domain.com.

How do I accomplish this?

Go into DNS create Zone called domain.com

The domain.com zone already exists.  I assume you would say delete it, but what potential problems am I looking at?

Take a screenshot of AD post

Capture.PNG

Appreciate your help.  Now I must make a decision of whether to ignore or rename.