Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Test windows 2008 DNS instalation test

Posted on 2011-10-20
16
Medium Priority
?
274 Views
Last Modified: 2012-05-12
On new windows 2008r2 domain with AD integrated DNS i cant ping any external host names nor root hints.
I think its a networking issue, some kind of  firewall issue.Before that I need to make sure DNS installation and DC was installed properly.
Can any one guide me though how to check this.
0
Comment
Question by:Malli Boppe
  • 11
  • 5
16 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37003848
Check your event logs, you can use dcdiag with the /dns switch   http://technet.microsoft.com/en-us/library/cc776854(WS.10).aspx

nslookup can also be used, to help troubleshoot.

You could also use wireshark or network monitor to check out traffic on the wire.  

Thanks

Mike
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37003882
I tried nslookup and doesn't resolve any external host names.
Any documents on how to monitor the traffic through network monitor and  wireshark
Also DCdiag came up with the below errors

               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.228.79.201
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37003961
this the complete log


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = domaindc12

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\domainDC12

      Starting test: Connectivity

         ......................... domainDC12 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\domainDC12

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... domainDC12 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : domain

   
   Running enterprise tests on : domain

      Starting test: DNS

         Test results for domain controllers:

           
            DC: domaindc12.domain

            Domain: domain

           

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Both root hints and forwarders are not configured or

                  broken. Please make sure at least one of them works.

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 128.63.2.53 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53              
            DNS server: 128.8.10.90 (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90              
            DNS server: 192.112.36.4 (g.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4              
            DNS server: 192.203.230.10 (e.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10              
            DNS server: 192.228.79.201 (b.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201              
            DNS server: 192.33.4.12 (c.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12              
            DNS server: 192.36.148.17 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17              
            DNS server: 192.5.5.241 (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241              
            DNS server: 192.58.128.30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30              
            DNS server: 193.0.14.129 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129              
            DNS server: 198.41.0.4 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4              
            DNS server: 199.7.83.42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42              
            DNS server: 202.12.27.33 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33              
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain

               domaindc12                     PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... domain failed test DNS

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 37004091
Do you have root hints listed?  You can create a DNS filter in wireshark   http://wiki.wireshark.org/DNS 

Looks like you don't have reverse zones created but that should not affect internet access.

Thanks

Mike
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37004130
Please check the attached screen shot.
Capture.PNG
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37004158
What DNS servers do you have listed on that box?(ipconfig /all)
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37004165
Belos is the ipconfig and rout print information


Windows IP Configuration

   Host Name . . . . . . . . . . . . : domainDC11
   Primary Dns Suffix  . . . . . . . : domain.ORG.AU
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.ORG.AU

Ethernet adapter t2-fe:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
   Physical Address. . . . . . . . . : 00-50-56-88-4B-8B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.81.38.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.128
   Default Gateway . . . . . . . . . : 10.81.38.1
   DNS Servers . . . . . . . . . . . : 10.81.38.7
                                       10.81.38.6
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter t2-tbr:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-50-56-88-44-9F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.86.144.69(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AA2D93AE-341F-42F7-A988-9110D3AE1B38}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BAA05A7D-C14E-478B-AD75-1E5F54E88175}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes



Route print info

===========================================================================
Interface List
 10...00 50 56 88 4b 8b ......vmxnet3 Ethernet Adapter
 11...00 50 56 88 44 9f ......vmxnet3 Ethernet Adapter #2
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.81.38.1       10.81.38.7    261
       10.81.38.0  255.255.255.128         On-link        10.81.38.7    261
       10.81.38.7  255.255.255.255         On-link        10.81.38.7    261
     10.81.38.127  255.255.255.255         On-link        10.81.38.7    261
      10.86.130.0    255.255.255.0     10.86.144.65     10.86.144.69      6
     10.86.144.64  255.255.255.224         On-link      10.86.144.69    261
     10.86.144.69  255.255.255.255         On-link      10.86.144.69    261
     10.86.144.95  255.255.255.255         On-link      10.86.144.69    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.86.144.69    261
        224.0.0.0        240.0.0.0         On-link        10.81.38.7    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.86.144.69    261
  255.255.255.255  255.255.255.255         On-link        10.81.38.7    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      10.86.130.0    255.255.255.0     10.86.144.65       1
          0.0.0.0          0.0.0.0       10.81.38.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37004167
Are you running two NICs on your DC?  
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37004174
Yes we are running 2 NICs on both the DC's
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37004212
That is generally not recommended, follow the steps here    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

What is the second one for?
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37004325
I did as described in the article still no luck.I have disbaled the 2nd nic and rebooted the DC and still the same.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37004588
could this be a firewall issue.I will try wirshark to night
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37005730
I did portquery
 

=============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 1723 -p TCP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 1723 (pptp service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 1723 -p TCP exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 53 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 53 (domain service): LISTENING
 
UDP port 53 (domain service): LISTENING
 portqry.exe -n 127.0.0.1 -e 53 -p BOTH exits with return code 0x00000000.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 67 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 67 (unknown service): NOT LISTENING
 
UDP port 67 (bootps service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 67 -p BOTH exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 137 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 137 (netbios-ns service): NOT LISTENING
 
UDP port 137 (netbios-ns service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 137 -p BOTH exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 161-162 -p UDP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
UDP port 161 (snmp service): LISTENING or FILTERED
 
community name for query:
 
 public
 
Sending SNMP query to UDP port 161...
 
UDP port 161 (snmp service): FILTERED
 
UDP port 162 (snmptrap service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 161-162 -p UDP exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 1745 -p UDP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
UDP port 1745 (remote-winsock service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 1745 -p UDP exits with return code 0x00000001.
 
 
 
Also when I do a tracert
 
 
 
Tracing route to 74.125.31.106 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  10.81.33.65
   2    <1 ms    <1 ms    <1 ms  10.81.50.27
   3  10.81.50.27  reports: Destination host unreachable.
 
 
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 37010243
Also the with portquery when I ran tests for 3389.It cameup with the message saying listening. But when I tried to RDP to a public IP server for another client. RDP failed.
0
 
LVL 23

Accepted Solution

by:
Malli Boppe earned 0 total points
ID: 37060342
In the end it came out to be a networking issue
0
 
LVL 23

Author Closing Comment

by:Malli Boppe
ID: 37087345
Solved myself
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question