DNS errors on new 2008R2 DNS server
I have recently added a new 2008 AD server to our Domain. I've also made this server a DNS server. The server is not on the same site as the FSMO server. Everything seems to be working ok but I get 2 errors when I scan the role.
Below are the two error messages:
Issue:
The DNS server 10.10.10.1 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.
Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.
Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.
Issue:
The DNS server 192.168.0.127 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.
Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.
Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.
Any ideas?
Below are the two error messages:
Issue:
The DNS server 10.10.10.1 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.
Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.
Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.
Issue:
The DNS server 192.168.0.127 on Intel(R) PRO/1000 MT Network Connection did not successfully resolve the name of the address (A/AAAA) record for this computer.
Impact:
Other domain controllers might not be able to resolve this computer’s name. The computer might not be able to connect to network resources.
Resolution:
Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections to configure DNS servers that are able to resolve names for your enterprise.
Any ideas?
zipp83
open DNS manger - properties of dns server - interface - chack the only the network you use is chacked .
ASKER
Yeah, only the interface I use is there and it's the only one checked.
you are use IPV6 ?
ASKER
It was installed, and I think it's an issue because when I ping the loopback I get a response:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
But I have unchecked IPv6 in the network settings and it's still the same.
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
But I have unchecked IPv6 in the network settings and it's still the same.
try to unchack the use of ipv6 from your network adpter
ASKER
I have done that, no difference.
Try to disable IPv6 in registry using MS article (set 0x20 or 0x10)
http://support.microsoft.com/kb/929852
Regards,
Krzysztof
http://support.microsoft.com/kb/929852
Regards,
Krzysztof
ASKER
I have performed the steps in the article and it is not responding as an IP4 address.
However the error messages are still in the DNS analyzer.
However the error messages are still in the DNS analyzer.
Go into your Network Connections make sure IPv4 is listed first in binding order
http://thebackroomtech.com/2009/01/15/howto-edit-network-card-bindings-in-windows-server-2008/
Reboot
http://thebackroomtech.com/2009/01/15/howto-edit-network-card-bindings-in-windows-server-2008/
Reboot
ASKER
The IP4 protocol is first on both bindings lists.
ASKER
3 things that may be important.
I renamed the computer while it was a DC.
It's a VMware server.
There used to be other computers on the network with the same address as this computer
but have been deleted few months ago. however until I removed them they were still in the DNS>
I renamed the computer while it was a DC.
It's a VMware server.
There used to be other computers on the network with the same address as this computer
but have been deleted few months ago. however until I removed them they were still in the DNS>
How did you rename this DC?
http://www.petri.co.il/rename-windows-server-2008-domain-controllers.htm
http://www.petri.co.il/rename-windows-server-2008-domain-controllers.htm
ASKER
^^
That is the method I used.
That is the method I used.
Post dcdiag /test:dns
ASKER
C:\>dcdiag /Test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = win2008r2-dc-h365
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Site\WIN2008R2-DC-H3
Starting test: Connectivity
......................... WIN2008R2-DC-H3 passed test Connectivity
Doing primary tests
Testing server: Site\WIN2008R2-DC-H3
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WIN2008R2-DC-H3 passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.ie
Starting test: DNS
Test results for domain controllers:
DC: win2008r2-dc-h365.domain.i
Domain: domain.ie
TEST: Forwarders/Root hints (Forw)
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: domain.ie
win2008r2-dc-h365 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.ie failed test DNS
C:\>
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = win2008r2-dc-h365
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Site\WIN2008R2-DC-H3
Starting test: Connectivity
......................... WIN2008R2-DC-H3 passed test Connectivity
Doing primary tests
Testing server: Site\WIN2008R2-DC-H3
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WIN2008R2-DC-H3 passed test DNS
Running partition tests on : DomainDnsZones
Running partition tests on : ForestDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.ie
Starting test: DNS
Test results for domain controllers:
DC: win2008r2-dc-h365.domain.i
Domain: domain.ie
TEST: Forwarders/Root hints (Forw)
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: domain.ie
win2008r2-dc-h365 PASS PASS FAIL PASS PASS PASS n/a
......................... domain.ie failed test DNS
C:\>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Might it be an issue with the firewall? Which post does DNS use?
When I open all traffic from that server it work, when I just have port 53 (TCP & UDP) and 80 open it fails.
I dont really want to open all TCP or UDP traffic
When I open all traffic from that server it work, when I just have port 53 (TCP & UDP) and 80 open it fails.
I dont really want to open all TCP or UDP traffic
ASKER
Hi, I had it locked down to source port 53 too, which it doesn't broadcast from.
Have any source port open the locked down to destination port 53 and it's fine.
However the original issue above with the server scan reporting problems is still there.
Have any source port open the locked down to destination port 53 and it's fine.
However the original issue above with the server scan reporting problems is still there.
What server scan?
ASKER
In Server 2008, in the role section, the DNS modlue gives an option to perform a scan of the DNS role. This i where I get the error.