Solved

DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Posted on 2011-09-21
6
8,178 Views
Last Modified: 2012-06-22
Hello,

I'm getting these errors when I perform Best Pratice Analyser.

Title:
DNS: DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Severity:
Error

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry.

Impact:
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

Resolution:
Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.


I tried Resolution and added Loopback address as secondary server. Still same error.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121980

Title:
DNS: More than one forwarding server should be configured.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
There is only one forwarder configured on the DNS server.

Impact:
The forwarder 4.2.2.2 is a single point of failure.

Resolution:
Configure additional forwarders on the DNS server.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188788

Title:
DNS: Root hint server 198.32.64.12 must respond to NS queries for the root zone.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The root hint server 198.32.64.12 is not responding.

Impact:
The DNS server might be unable to resolve external host names.

Resolution:
Validate network connectivity to root hint servers. Remove 198.32.64.12 from the list if it is unresponsive.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188803
0
Comment
Question by:nimdatx
6 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576083
The reason "Best Practices" suggest that you should have a loopback address as one of your DNS servers is because just in case your Domain Controller's IP is used by another machine, and becomes an IP conflict.  In this case, your host's IP will cease, and as a result DNS will stop working.

Ideally, your Adapter should list 127.0.0.1 as the second DNS server.  If your network interface does become broken, at least your domain controller can still resolve names.  Naturally, it can't talk to anything else which kind of makes it useless, but hey, it's "best practice" :)

Does your TCP/IP on your Network Adapter looks similar to the following?  (Note Alternate DNS Server).

 TCP IP settings
0
 
LVL 1

Author Comment

by:nimdatx
ID: 36576460
Yes. On my DNS/DC Network Adapter it has Alternate DNS Server: 127.0.0.1
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576860
Then I'm afraid I do not know why it is erroneously telling you to do something you've already done :)

I'd just ignore that particular part of the report.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 250 total points
ID: 36576986
Hm, just a random thought - do you have more than 1 network adapter?  If so, is it your first network adapter that has these settings?

And one more, completely bizarre question - is your primary network adapter called "Local Area Connection" or is it something else?  What if you rename it to "Local Area Connection" ?

Just clutching at straws here :)
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 250 total points
ID: 36577268
Even if BPA says, personally I recommend you that just remove the loopback IP entry from NIC, Its reserved only for LOOPBACK processing.

Also if you place loopback IP then DCDIAG test will fail with error: DNS GUID could not be resolve, Its our duty to make sure that server retains the same IP.
or

You have only option that ignore that part in report if you want to continue with same settings.

NOTE: If you have more than one NIC then just disable the other adapters.
0
 

Expert Comment

by:APHComputersLtd
ID: 37738643
The scans checks the NIC / s and if IPv6 is installed it will check that as well.

If you do not have IPv6 DNS rolled out in your environment, simply change the option within IPV6 Properties to "Obtain DNS Server Address Automatically". Then run the scan again.

Also as mentioned  by: abhijitwaikar.....Remove the loopback address.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question