[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1181
  • Last Modified:

Newly configure Branch Office DC DNS on Server 2008 R2 has DNS Errors

After running the Best Practices Analyzer on the DNS Role, I receiving the following Errors:

DNS: DNS servers on Local Area Connection should include the loop back address, but not as the first entry.
DNS: The DNS server xx.xx.xx.xx on Local Area Connection must resolve names in the forest root domain name zone.
DNS: The DNS server yy.yy.yy.yy on Local Area Connection must resolve names in the forest root domain name zone.
DNS: Zone_msdcs.home.domain.com is an Active Directory integrated DNS Zone and must be available.
DNS: Zone home.domain.com is an Active Directory integrated DNS Zone and must be available.

What should my preferred DNS Server IP address be?  I entered the IP address of the local DC and DNS server itself.
What should the alternate DNS Server IP Address be?  I entered the IP address the primary DNS server in the main office.

Can someone please help me clear up my DNS issues?
0
ohmErnie
Asked:
ohmErnie
  • 16
  • 15
1 Solution
 
Darius GhassemCommented:
You should only point to internal DNS servers in your TCP\IP settings which is usually your Domain Controllers. You should not use 127.0.0.1 this can cause issues but the recommendation tool recommends this just in case the tech is not experienced.

You should point DCs to themselves first then other DCs second for DNS.
0
 
ashunnagCommented:
preferred address should be the other DNS server, and the alternate is the local IP address.
0
 
ohmErnieAuthor Commented:
If I point the Preferred DNS to other DNS server and secondary to itself, the is error is resovled:

DNS: DNS servers on Local Area Connection should include the loop back address, but not as the first entry.

However, I still have all the other errors which seem to be more important.
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Darius GhassemCommented:
Doesn't matter that is for system admins that don't understand the proper way to setup.

Post dcdiag

Dcdiag /test:dns
0
 
ohmErnieAuthor Commented:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = DNSSERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: SITE\DNSSERVER
      Starting test: Connectivity
         ......................... DNSSERVER passed test Connectivity
 
Doing primary tests
   
   Testing server: SITE\DNSSERVER
   
      Starting test: DNS
         
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... DNSSERVER passed test DNS
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : home
   
   Running enterprise tests on : home.domain.com
      Starting test: DNS
         Test results for domain controllers:
           
            DC: DNSSERVER.home.domain.com
            Domain: home.domain.com
             
                 
               TEST: Basic (Basc)
                  Warning: The Active Directory zone on this DC/DNS server was
                  not found (probably a misconfiguration)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record in zone home.domain.com
         
         Summary of test results for DNS servers used by the above domain
         controllers:
         
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12              
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
            DNS server: 2001:500:3::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
               DNSSERVER                        PASS WARN PASS n/a  WARN PASS n/a  
         ......................... home.domain.com passed test DNS
0
 
Darius GhassemCommented:
Post ipconfig /all
0
 
ohmErnieAuthor Commented:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : DNSSERVER
   Primary Dns Suffix  . . . . . . . : home.domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home.domain.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 00-18-8B-37-3A-57
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.15.10.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.15.10.1
   DNS Servers . . . . . . . . . . . : 10.15.10.10
                                       192.9.100.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1F154F54-BB44-4537-B645-3FD130BF7EEF}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 
Darius GhassemCommented:
On this DC it states that DNSSERVER.home.domain.com Warning: The Active Directory zone on this DC/DNS server was not found (probably a misconfiguration). Do you have DNS installed on this server? Do you see DNS zones?

What IP address is this 192.9.100.10
0
 
ohmErnieAuthor Commented:
DNS is installed and I can see zones.  192.9.100.10 is HQ DNS server.  10.15.10.10 is Branch office DC/DNS server.
0
 
Darius GhassemCommented:
What zones do you have listed?
0
 
ohmErnieAuthor Commented:
Forward Lookup Zones:
domain.com
home

Reverse Lookup Zones:

10.15.10-in-addr.arpa  <-branch
100.9.192-in-addr.arpa <-hq
+ all other zones in my network
0
 
Darius GhassemCommented:
Is your msdcs folder grayed out? If it is do you have a msdcs.domain.com zone?

Do you have A records in your DNS zone for both DCs?
0
 
ohmErnieAuthor Commented:
The msdcs folder resides under "home" folder.  It is not greyed out.  I have A records under "home", DomainDnsZones and ForestDnsZones for all DC's.
0
 
Darius GhassemCommented:
Can you take a screenshot please and post
0
 
ohmErnieAuthor Commented:
i'd prefer not to for security.  What specificially would you like to see?
0
 
Darius GhassemCommented:
I want to see the structure.
0
 
ohmErnieAuthor Commented:
0
 
ohmErnieAuthor Commented:
0
 
Darius GhassemCommented:
You are missing the msdcs folder for the primary domain. What is your current domains?
0
 
ohmErnieAuthor Commented:
The FQDN is home.domain.com
0
 
Darius GhassemCommented:
So, your root domain is home.domain.com?
0
 
ohmErnieAuthor Commented:
Technically domain.com would be my root domain and home.domain.com would be my child domain.  All of my servers/clients fall under the child domain home.domain.com.  I am not sure why it is like this.  I did not initially create this domain and no see no point for it.  My preference would be for clients/servers to be under domain.com, but am not sure what is involved to make the change at this point.
0
 
Darius GhassemCommented:
That is why you are getting errors because the forest root really isn't the forest root
0
 
ohmErnieAuthor Commented:
Since I am not an expert in this area...is this easily resolveable?  Are you able to help?  Should I work with M$?

My forest is home.domain.com and the domain shown below that is home.domain.com
0
 
Darius GhassemCommented:
The errors really state that you don't have a forest root for DNS but you really do but not setup correctly. You can create a forest root DNS server with just the domain.com.
0
 
ohmErnieAuthor Commented:
How do I accomplish this?
0
 
Darius GhassemCommented:
Go into DNS create Zone called domain.com
0
 
ohmErnieAuthor Commented:
The domain.com zone already exists.  I assume you would say delete it, but what potential problems am I looking at?
0
 
Darius GhassemCommented:
Take a screenshot of AD post
0
 
ohmErnieAuthor Commented:
0
 
Darius GhassemCommented:
Well this is what you can do is ignore  the errors you are getting in best practice. Or you can rename domain

http://it.toolbox.com/blogs/techscrawl/server-2008-domain-rename-28069
0
 
ohmErnieAuthor Commented:
Appreciate your help.  Now I must make a decision of whether to ignore or rename.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 16
  • 15
Tackle projects and never again get stuck behind a technical roadblock.
Join Now