• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Help with DNS server DCDIAG errors

All, I ran some tests on my DNS server and got some errors that I could use some help putting into english or maybe a suggest to help fix
I am going to attach the code.  The Ip addresses the report says it cant resolve are my ISP's DNS servers.  Internet and everything is working,
except I keep getting some random delays on emails being sent.  Multiple domains and doesnt hapen all the time.  Mostly when I have carbon copies running
is when I get most of the delays.
dcdiagtestio05032011.txt
0
afreemancube
Asked:
afreemancube
  • 6
  • 5
  • 5
  • +4
3 Solutions
 
JBond2010Commented:
Open the command prompt and type DCdiag /fix and press enter. Then run DCdiag again and examine the output and please post the result of both.


Regards,

JBond2010
0
 
ewkellyCommented:
Looks like the servers your dns is forwarding to are rejecting you or they are off line.
Try changing your dns forwarders.
The Google Public DNS IP addresses are as follows:
 
 8.8.8.8
 8.8.4.4

0
 
OsmozeCommented:
and dont forget to "net stop netlogon" and "net start netlogon" to apply changes  after DCDIAG /fix
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
snusgubbenCommented:
Are 216.136.95.2 and 64.132.94.250 your ISP DNS? Looks like you have configured them on the NIC on the DC.

You should never have public DNS on the NIC. Only internal (if that is the case)
0
 
burnersCommented:
You should NOT be using DNS forwarders. Configure your server as a root server. Delete the DNS forwarders Delete the forwarders from the DNS server and make sure you have root hints, (basically just make sure the root hints tab isnt blank).
0
 
afreemancubeAuthor Commented:
Wow, great comments.  Let me start up top.

1.  I ran the dcdiag test, and passed all the tests.  Then I restarted and ran the dcdiag again, looks like same failures.  Attaching the file that has both tests.

2.  Yes, 216.136.95.2 and the other is my ISP's DNS.  I do have them on my DNS server NIC, but as secondary DNS.  I have the first DNS pointing to itself.  Then I have a www record with 216.136.95.2 on it.

3.  Burners, not sure sure about what you mean on the DNS forwarders.

Lastly, if I remove the ISPs ip addresses from the NICs, I guess that will resolve that error?
DNSfix-and-second-TEST.txt
0
 
burnersCommented:
Open DNS and right click on your Server name and select properties

Go to the Root Hints tab and make sure its not empty
Go to the forwarders tab and delete anything in there, it should be empty unless for very specific reasons which dont meet your situation.

Now edit your Local Interface NIC properties and changed the DNS servers to 127.0.0.1 and leave the second field empty unless you have another INTERNAL DNS server
0
 
burnersCommented:
OH and edit your DHCP server settings in DHCP so the DNS servers in order are
#1 the INTERNAL Address of your main DHCP / DNS server
# any other INTERNAL DNS servers or just leave it blank
0
 
burnersCommented:
All the workstations on your network should ONLY point to your main DNS server and any other INTERNAL servers you have.
From there your DNS server uses the ROOT HINTS to resolve the addresses.
0
 
JBond2010Commented:
The preferred DNS is for the primary DNS Server on your LAN, so this would be the IP address of a Domain Controller that is performing DNS resolution requests. Alternate DNS Server is when you have a second Server also running the DNS Role and is there for Fault Tolerance and Redundancy. So, should the preferred DNS Server crash you have the Alternate DNS Server in place.

You should never use the Public DNS Server IP addresses of your ISP for internal DNS Resolution. Check the DHCP Scope Options and make sure to remove the ISP Public DNS Server IP address.

When you have this done, then open DNS Management Console and right click on server node name and select clear cache.

Then open the command prompt and type ipconfig /flushdsn and press enter, then type ipconfig /registerdns. Verify if you are using Root Hints or Forwarders.

If you want you can use Forwarders to forward external name resolution requests to your ISP and this is where you would add the Public DNS IP Address of your ISP and then your ISP would be handling your external queries. Or you can use Root Hints.
0
 
ChiefITCommented:
LOL: This is an occasion where almost every expert on the thread is correct.

Please read this for DNS familiarity:
http://www.experts-exchange.com/Networking/Protocols/DNS/A_323-DNS-Troubleshooting-made-easy.html

You have multiple problems (all addressed by the experts above): So, let's consolidate the issues>>
1) you have an outside server listed on the NIC as a preferred or alternate DNS server.
2) your ISP may be rejecting DNS as a forwarding sever, so you might change your DNS forwarders to 8.8.8.8 and 8.8.4.4 (google).
3) You will probably want to go into DHCP scope options and make sure you don't have listed any outside DNS servers. DHCP will pass down preferred and alternate DNS servers to DHCP clients.
5) As stated above NO OUTSIDE DNS servers should be listed on ANY NICs. They are found on your DNS forwarders. To get to DNS forwarder's tab:
---1. Open the DNS snap-in.
---2. In the console tree, click the applicable Domain Name System (DNS) server.
 DNS/applicable DNS server
---3. On the Action menu, click Properties.
---4. On the Forwarders tab, click Edit.

>>Please do not accredit me for this solution because I am only agreeing with the techs that gave you the answers.

0
 
afreemancubeAuthor Commented:
AGAIN, all great comments.  I will list steps I took below...

1.  Removed external DNS from my NIC of my DNS server.
2.  I added externald DNS (TWTELECOM) DNS and the 8.8.8.8 (Google?) to my forwarder in DNS Properties
3.  Verfied that I had a bunch of ip addresses in root servers.
4.  Verified that DHCP DNS is pointing to my internal DNS server Only.
5.  Ran DCDIAG /Fix and complted successfully!!
6.  Ran DCDIAG /test:DNS and complted SUCCESSFULLY!!!!  I am attaching the text file of the report.

Can you review it make sure it all looks good?  Well done all of you. Not sure how or who gets the points.  I did all the steps I believe.
DNSfix-and-third-TEST.txt
0
 
ewkellyCommented:
Looks great, thanks for getting back to us.
0
 
burnersCommented:
2.  I added externald DNS (TWTELECOM) DNS and the 8.8.8.8 (Google?) to my forwarder in DNS Properties

INCORRECT, you shouldn't have anything in your DNS forwarders. IT SHOULD BE EMPTY.

The server uses the root hints to do lookups.
0
 
afreemancubeAuthor Commented:
Burners, it was able to pass the tests.  would having forwarders and root hints mess anything up?  How does it work?  If a request goes to the DNS server, does it look at the forwarder first or the root hint?  Is there somewhere that I designate which to hit first?  Also, there are a lot of root hints listed.  Is there any particular that I need or dont need?  Also, what is the difference of having  127.0.0.1 as my primary dns server rather then the IP address of the internal server?  Is the 127.0.0.1 what points to the hints?
0
 
JBond2010Commented:
@ burner, this is incorrect what your saying. You have a choice of how you want DNS to handle external requests. You can use either Root Hints or Forwarding.
0
 
JBond2010Commented:
The preferred DNS is for the primary DNS Server on your LAN, so this would be the IP address of a Domain Controller that is performing DNS resolution requests. Alternate DNS Server is when you have a second Server also running the DNS Role and is there for Fault Tolerance and Redundancy. So, should the preferred DNS Server crash you have the Alternate DNS Server in place.

You should never use the Public DNS Server IP addresses of your ISP for internal DNS Resolution. Check the DHCP Scope Options and make sure to remove the ISP Public DNS Server IP address.

When you have this done, then open DNS Management Console and right click on server node name and select clear cache.

Then open the command prompt and type ipconfig /flushdsn and press enter, then type ipconfig /registerdns. Verify if you are using Root Hints or Forwarders.

If you want you can use Forwarders to forward external name resolution requests to your ISP and this is where you would add the Public DNS IP Address of your ISP and then your ISP would be handling your external queries. Or you can use Root Hints.
   

0
 
ewkellyCommented:
I agree with JBond2010:
0
 
burnersCommented:
IM just stating best practices, you should keep all of the Root hints, using the Root Hints will speed up Lookups because its going right to the root hints vs. going to your ISP then to their DNS servers then to the Root Hints.

Its all about reducing hops.

Using 127.0.0.1 or the Internal address in DNS makes no difference, 127.0.0.1 just means loopback address.
0
 
afreemancubeAuthor Commented:
Understood.  Im all about best practice and you guys have been right so far.

Thanks!!
0
 
afreemancubeAuthor Commented:
Well done everyone and very quickly resolved.  I do appreciate the assistance.
0
 
JBond2010Commented:
@ afreemancube, your welcome:)
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 6
  • 5
  • 5
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now