Solved

Newly configure Branch Office DC DNS on Server 2008 R2 has DNS Errors

Posted on 2011-02-10
32
1,159 Views
Last Modified: 2012-06-21
After running the Best Practices Analyzer on the DNS Role, I receiving the following Errors:

DNS: DNS servers on Local Area Connection should include the loop back address, but not as the first entry.
DNS: The DNS server xx.xx.xx.xx on Local Area Connection must resolve names in the forest root domain name zone.
DNS: The DNS server yy.yy.yy.yy on Local Area Connection must resolve names in the forest root domain name zone.
DNS: Zone_msdcs.home.domain.com is an Active Directory integrated DNS Zone and must be available.
DNS: Zone home.domain.com is an Active Directory integrated DNS Zone and must be available.

What should my preferred DNS Server IP address be?  I entered the IP address of the local DC and DNS server itself.
What should the alternate DNS Server IP Address be?  I entered the IP address the primary DNS server in the main office.

Can someone please help me clear up my DNS issues?
0
Comment
Question by:ohmErnie
  • 16
  • 15
32 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34866052
You should only point to internal DNS servers in your TCP\IP settings which is usually your Domain Controllers. You should not use 127.0.0.1 this can cause issues but the recommendation tool recommends this just in case the tech is not experienced.

You should point DCs to themselves first then other DCs second for DNS.
0
 
LVL 6

Expert Comment

by:ashunnag
ID: 34866075
preferred address should be the other DNS server, and the alternate is the local IP address.
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34889567
If I point the Preferred DNS to other DNS server and secondary to itself, the is error is resovled:

DNS: DNS servers on Local Area Connection should include the loop back address, but not as the first entry.

However, I still have all the other errors which seem to be more important.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34890676
Doesn't matter that is for system admins that don't understand the proper way to setup.

Post dcdiag

Dcdiag /test:dns
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34891098
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DNSSERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: SITE\DNSSERVER
      Starting test: Connectivity
         ......................... DNSSERVER passed test Connectivity
 
Doing primary tests
   
   Testing server: SITE\DNSSERVER
   
      Starting test: DNS
         
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DNSSERVER passed test DNS
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : home
   
   Running enterprise tests on : home.domain.com
      Starting test: DNS
         Test results for domain controllers:
           
            DC: DNSSERVER.home.domain.com
            Domain: home.domain.com
             
                 
               TEST: Basic (Basc)
                  Warning: The Active Directory zone on this DC/DNS server was
                  not found (probably a misconfiguration)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone home.domain.com
         
         Summary of test results for DNS servers used by the above domain
         controllers:
         
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12              
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
               DNSSERVER                        PASS WARN PASS n/a  WARN PASS n/a  
         ......................... home.domain.com passed test DNS
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34891652
Post ipconfig /all
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34891682

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DNSSERVER
   Primary Dns Suffix  . . . . . . . : home.domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.domain.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-18-8B-37-3A-57
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.15.10.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.15.10.1
   DNS Servers . . . . . . . . . . . : 10.15.10.10
                                       192.9.100.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1F154F54-BB44-4537-B645-3FD130BF7EEF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34891750
On this DC it states that DNSSERVER.home.domain.com Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration). Do you have DNS installed on this server? Do you see DNS zones?

What IP address is this 192.9.100.10
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34891866
DNS is installed and I can see zones.  192.9.100.10 is HQ DNS server.  10.15.10.10 is Branch office DC/DNS server.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34891912
What zones do you have listed?
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34892054
Forward Lookup Zones:
domain.com
home

Reverse Lookup Zones:

10.15.10-in-addr.arpa  <-branch
100.9.192-in-addr.arpa <-hq
+ all other zones in my network
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34892832
Is your msdcs folder grayed out? If it is do you have a msdcs.domain.com zone?

Do you have A records in your DNS zone for both DCs?
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34897206
The msdcs folder resides under "home" folder.  It is not greyed out.  I have A records under "home", DomainDnsZones and ForestDnsZones for all DC's.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34897621
Can you take a screenshot please and post
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34897707
i'd prefer not to for security.  What specificially would you like to see?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34898751
I want to see the structure.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:ohmErnie
ID: 34899148
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34900246
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34901981
You are missing the msdcs folder for the primary domain. What is your current domains?
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34906974
The FQDN is home.domain.com
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34907882
So, your root domain is home.domain.com?
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34908062
Technically domain.com would be my root domain and home.domain.com would be my child domain.  All of my servers/clients fall under the child domain home.domain.com.  I am not sure why it is like this.  I did not initially create this domain and no see no point for it.  My preference would be for clients/servers to be under domain.com, but am not sure what is involved to make the change at this point.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34908107
That is why you are getting errors because the forest root really isn't the forest root
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34908169
Since I am not an expert in this area...is this easily resolveable?  Are you able to help?  Should I work with M$?

My forest is home.domain.com and the domain shown below that is home.domain.com
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34908431
The errors really state that you don't have a forest root for DNS but you really do but not setup correctly. You can create a forest root DNS server with just the domain.com.
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34908594
How do I accomplish this?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34908845
Go into DNS create Zone called domain.com
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34908876
The domain.com zone already exists.  I assume you would say delete it, but what potential problems am I looking at?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34909163
Take a screenshot of AD post
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 34909211
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34909261
Well this is what you can do is ignore  the errors you are getting in best practice. Or you can rename domain

http://it.toolbox.com/blogs/techscrawl/server-2008-domain-rename-28069
0
 
LVL 1

Author Closing Comment

by:ohmErnie
ID: 34909525
Appreciate your help.  Now I must make a decision of whether to ignore or rename.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now