Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Posted on 2011-09-21
6
Medium Priority
?
8,498 Views
Last Modified: 2012-06-22
Hello,

I'm getting these errors when I perform Best Pratice Analyser.

Title:
DNS: DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Severity:
Error

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry.

Impact:
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

Resolution:
Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.


I tried Resolution and added Loopback address as secondary server. Still same error.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121980

Title:
DNS: More than one forwarding server should be configured.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
There is only one forwarder configured on the DNS server.

Impact:
The forwarder 4.2.2.2 is a single point of failure.

Resolution:
Configure additional forwarders on the DNS server.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188788

Title:
DNS: Root hint server 198.32.64.12 must respond to NS queries for the root zone.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The root hint server 198.32.64.12 is not responding.

Impact:
The DNS server might be unable to resolve external host names.

Resolution:
Validate network connectivity to root hint servers. Remove 198.32.64.12 from the list if it is unresponsive.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188803
0
Comment
Question by:nimdatx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576083
The reason "Best Practices" suggest that you should have a loopback address as one of your DNS servers is because just in case your Domain Controller's IP is used by another machine, and becomes an IP conflict.  In this case, your host's IP will cease, and as a result DNS will stop working.

Ideally, your Adapter should list 127.0.0.1 as the second DNS server.  If your network interface does become broken, at least your domain controller can still resolve names.  Naturally, it can't talk to anything else which kind of makes it useless, but hey, it's "best practice" :)

Does your TCP/IP on your Network Adapter looks similar to the following?  (Note Alternate DNS Server).

 TCP IP settings
0
 
LVL 1

Author Comment

by:nimdatx
ID: 36576460
Yes. On my DNS/DC Network Adapter it has Alternate DNS Server: 127.0.0.1
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576860
Then I'm afraid I do not know why it is erroneously telling you to do something you've already done :)

I'd just ignore that particular part of the report.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 1000 total points
ID: 36576986
Hm, just a random thought - do you have more than 1 network adapter?  If so, is it your first network adapter that has these settings?

And one more, completely bizarre question - is your primary network adapter called "Local Area Connection" or is it something else?  What if you rename it to "Local Area Connection" ?

Just clutching at straws here :)
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 1000 total points
ID: 36577268
Even if BPA says, personally I recommend you that just remove the loopback IP entry from NIC, Its reserved only for LOOPBACK processing.

Also if you place loopback IP then DCDIAG test will fail with error: DNS GUID could not be resolve, Its our duty to make sure that server retains the same IP.
or

You have only option that ignore that part in report if you want to continue with same settings.

NOTE: If you have more than one NIC then just disable the other adapters.
0
 

Expert Comment

by:APHComputersLtd
ID: 37738643
The scans checks the NIC / s and if IPv6 is installed it will check that as well.

If you do not have IPv6 DNS rolled out in your environment, simply change the option within IPV6 Properties to "Obtain DNS Server Address Automatically". Then run the scan again.

Also as mentioned  by: abhijitwaikar.....Remove the loopback address.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question