Solved

DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Posted on 2011-09-21
6
8,352 Views
Last Modified: 2012-06-22
Hello,

I'm getting these errors when I perform Best Pratice Analyser.

Title:
DNS: DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Severity:
Error

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry.

Impact:
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

Resolution:
Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.


I tried Resolution and added Loopback address as secondary server. Still same error.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121980

Title:
DNS: More than one forwarding server should be configured.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
There is only one forwarder configured on the DNS server.

Impact:
The forwarder 4.2.2.2 is a single point of failure.

Resolution:
Configure additional forwarders on the DNS server.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188788

Title:
DNS: Root hint server 198.32.64.12 must respond to NS queries for the root zone.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The root hint server 198.32.64.12 is not responding.

Impact:
The DNS server might be unable to resolve external host names.

Resolution:
Validate network connectivity to root hint servers. Remove 198.32.64.12 from the list if it is unresponsive.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188803
0
Comment
Question by:nimdatx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576083
The reason "Best Practices" suggest that you should have a loopback address as one of your DNS servers is because just in case your Domain Controller's IP is used by another machine, and becomes an IP conflict.  In this case, your host's IP will cease, and as a result DNS will stop working.

Ideally, your Adapter should list 127.0.0.1 as the second DNS server.  If your network interface does become broken, at least your domain controller can still resolve names.  Naturally, it can't talk to anything else which kind of makes it useless, but hey, it's "best practice" :)

Does your TCP/IP on your Network Adapter looks similar to the following?  (Note Alternate DNS Server).

 TCP IP settings
0
 
LVL 1

Author Comment

by:nimdatx
ID: 36576460
Yes. On my DNS/DC Network Adapter it has Alternate DNS Server: 127.0.0.1
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576860
Then I'm afraid I do not know why it is erroneously telling you to do something you've already done :)

I'd just ignore that particular part of the report.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 250 total points
ID: 36576986
Hm, just a random thought - do you have more than 1 network adapter?  If so, is it your first network adapter that has these settings?

And one more, completely bizarre question - is your primary network adapter called "Local Area Connection" or is it something else?  What if you rename it to "Local Area Connection" ?

Just clutching at straws here :)
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 250 total points
ID: 36577268
Even if BPA says, personally I recommend you that just remove the loopback IP entry from NIC, Its reserved only for LOOPBACK processing.

Also if you place loopback IP then DCDIAG test will fail with error: DNS GUID could not be resolve, Its our duty to make sure that server retains the same IP.
or

You have only option that ignore that part in report if you want to continue with same settings.

NOTE: If you have more than one NIC then just disable the other adapters.
0
 

Expert Comment

by:APHComputersLtd
ID: 37738643
The scans checks the NIC / s and if IPv6 is installed it will check that as well.

If you do not have IPv6 DNS rolled out in your environment, simply change the option within IPV6 Properties to "Obtain DNS Server Address Automatically". Then run the scan again.

Also as mentioned  by: abhijitwaikar.....Remove the loopback address.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question