Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Posted on 2011-09-21
6
Medium Priority
?
8,671 Views
Last Modified: 2012-06-22
Hello,

I'm getting these errors when I perform Best Pratice Analyser.

Title:
DNS: DNS servers on Local Area Connection should include the loopback address, but not as the first entry.

Severity:
Error

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The network adapter Local Area Connection does not list the loopback IP address as a DNS server, or it is configured as the first entry.

Impact:
If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.

Resolution:
Configure adapter settings to add the loopback IP address to the list of DNS servers on all active interfaces, but not as the first server in the list.


I tried Resolution and added Loopback address as secondary server. Still same error.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=121980

Title:
DNS: More than one forwarding server should be configured.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
There is only one forwarder configured on the DNS server.

Impact:
The forwarder 4.2.2.2 is a single point of failure.

Resolution:
Configure additional forwarders on the DNS server.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188788

Title:
DNS: Root hint server 198.32.64.12 must respond to NS queries for the root zone.

Severity:
Warning

Date:
9/21/2011 1:48:37 PM

Category:
Configuration

Issue:
The root hint server 198.32.64.12 is not responding.

Impact:
The DNS server might be unable to resolve external host names.

Resolution:
Validate network connectivity to root hint servers. Remove 198.32.64.12 from the list if it is unresponsive.

More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=188803
0
Comment
Question by:Jaime Campos
6 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576083
The reason "Best Practices" suggest that you should have a loopback address as one of your DNS servers is because just in case your Domain Controller's IP is used by another machine, and becomes an IP conflict.  In this case, your host's IP will cease, and as a result DNS will stop working.

Ideally, your Adapter should list 127.0.0.1 as the second DNS server.  If your network interface does become broken, at least your domain controller can still resolve names.  Naturally, it can't talk to anything else which kind of makes it useless, but hey, it's "best practice" :)

Does your TCP/IP on your Network Adapter looks similar to the following?  (Note Alternate DNS Server).

 TCP IP settings
0
 
LVL 1

Author Comment

by:Jaime Campos
ID: 36576460
Yes. On my DNS/DC Network Adapter it has Alternate DNS Server: 127.0.0.1
0
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36576860
Then I'm afraid I do not know why it is erroneously telling you to do something you've already done :)

I'd just ignore that particular part of the report.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 9

Accepted Solution

by:
Lester_Clayton earned 1000 total points
ID: 36576986
Hm, just a random thought - do you have more than 1 network adapter?  If so, is it your first network adapter that has these settings?

And one more, completely bizarre question - is your primary network adapter called "Local Area Connection" or is it something else?  What if you rename it to "Local Area Connection" ?

Just clutching at straws here :)
0
 
LVL 10

Assisted Solution

by:abhijitwaikar
abhijitwaikar earned 1000 total points
ID: 36577268
Even if BPA says, personally I recommend you that just remove the loopback IP entry from NIC, Its reserved only for LOOPBACK processing.

Also if you place loopback IP then DCDIAG test will fail with error: DNS GUID could not be resolve, Its our duty to make sure that server retains the same IP.
or

You have only option that ignore that part in report if you want to continue with same settings.

NOTE: If you have more than one NIC then just disable the other adapters.
0
 

Expert Comment

by:APHComputersLtd
ID: 37738643
The scans checks the NIC / s and if IPv6 is installed it will check that as well.

If you do not have IPv6 DNS rolled out in your environment, simply change the option within IPV6 Properties to "Obtain DNS Server Address Automatically". Then run the scan again.

Also as mentioned  by: abhijitwaikar.....Remove the loopback address.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question