Solved

DNS errors on new 2008R2 DNS server

Posted on 2011-02-17
21
1,016 Views
Last Modified: 2012-05-11
I have recently added a new 2008 AD server to our Domain.  I've also made this server a DNS server.  The server is not on the same site as the FSMO server.  Everything seems to be working ok but I get 2 errors when I scan the role.

Below are the two error messages:

Issue:
The DNS server 10.10.10.1 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.

Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.

Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.




Issue:
The DNS server 192.168.0.127 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.

Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.

Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.


Any ideas?
0
Comment
Question by:wannabecraig
  • 11
  • 6
  • 3
  • +1
21 Comments
 
LVL 3

Expert Comment

by:zipp83
ID: 34915575
open DNS manger - properties of dns server - interface - chack the only the network you use is chacked .
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34915589
Yeah, only the interface I use is there and it's the only one checked.
0
 
LVL 3

Expert Comment

by:zipp83
ID: 34915618
you are use IPV6 ?
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 1

Author Comment

by:wannabecraig
ID: 34915643
It was installed, and I think it's an issue because when I ping the loopback I get a response:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms

But I have unchecked IPv6 in the network settings and it's still the same.
0
 
LVL 3

Expert Comment

by:zipp83
ID: 34916055
try to unchack the use of ipv6 from your network adpter
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34916155
I have done that, no difference.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34916226
Try to disable IPv6 in registry using MS article (set 0x20 or 0x10)
http://support.microsoft.com/kb/929852

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34916412
I have performed the steps in the article and it is not responding as an IP4 address.
However the error messages are still in the DNS analyzer.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34918222
Go into your Network Connections make sure IPv4 is listed first in binding order

http://thebackroomtech.com/2009/01/15/howto-edit-network-card-bindings-in-windows-server-2008/

Reboot
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34924565
The IP4 protocol is first on both bindings lists.
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34924578
3 things that may be important.

I renamed the computer while it was a DC.
It's a VMware server.
There used to be other computers on the network with the same address as this computer
but have been deleted few months ago.  however until I removed them they were still in the DNS>
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34925896
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34926864
^^
That is the method I used.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34927311
Post dcdiag /test:dns
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34927397
C:\>dcdiag /Test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = win2008r2-dc-h365
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Site\WIN2008R2-DC-H3
      Starting test: Connectivity
         ......................... WIN2008R2-DC-H3 passed test Connectivity

Doing primary tests

   Testing server: Site\WIN2008R2-DC-H3

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... WIN2008R2-DC-H3 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain

   Running enterprise tests on : domain.ie
      Starting test: DNS
         Test results for domain controllers:

            DC: win2008r2-dc-h365.domain.ie
            Domain: domain.ie


               TEST: Forwarders/Root hints (Forw)
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.228.79.201
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain.ie
               win2008r2-dc-h365            PASS PASS FAIL PASS PASS PASS n/a

         ......................... domain.ie failed test DNS

C:\>
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34927429
Everything looks good except you need to add DNS Forwarders

http://technet.microsoft.com/en-us/library/cc773370(WS.10).aspx
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34927698
Might it be an issue with the firewall?  Which post does DNS use?
When I open all traffic from that server it work, when I just have port 53 (TCP & UDP) and 80 open it fails.

I dont really want to open all TCP or UDP traffic
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34927790
DNS uses 53 TCP and UDP

http://support.microsoft.com/kb/323380
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34927856
Hi, I had it locked down to source port 53 too, which it doesn't broadcast from.
Have any source port open the locked down to destination port 53 and it's fine.
However the original issue above with the server scan reporting problems is still there.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34928025
What server scan?
0
 
LVL 1

Author Comment

by:wannabecraig
ID: 34941732
In Server 2008, in the role section, the DNS modlue gives an option to perform a scan of the DNS role. This i where I get the error.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question