Test windows 2008 DNS instalation test

On new windows 2008r2 domain with AD integrated DNS i cant ping any external host names nor root hints.
I think its a networking issue, some kind of  firewall issue.Before that I need to make sure DNS installation and DC was installed properly.
Can any one guide me though how to check this.
LVL 23
Malli BoppeAsked:
Who is Participating?
 
Malli BoppeAuthor Commented:
In the end it came out to be a networking issue
0
 
Mike KlineCommented:
Check your event logs, you can use dcdiag with the /dns switch   http://technet.microsoft.com/en-us/library/cc776854(WS.10).aspx

nslookup can also be used, to help troubleshoot.

You could also use wireshark or network monitor to check out traffic on the wire.  

Thanks

Mike
0
 
Malli BoppeAuthor Commented:
I tried nslookup and doesn't resolve any external host names.
Any documents on how to monitor the traffic through network monitor and  wireshark
Also DCdiag came up with the below errors

               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.228.79.201
            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Malli BoppeAuthor Commented:
this the complete log


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = domaindc12

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\domainDC12

      Starting test: Connectivity

         ......................... domainDC12 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\domainDC12

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... domainDC12 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : domain

   
   Running enterprise tests on : domain

      Starting test: DNS

         Test results for domain controllers:

           
            DC: domaindc12.domain

            Domain: domain

           

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Both root hints and forwarders are not configured or

                  broken. Please make sure at least one of them works.

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 128.63.2.53 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53              
            DNS server: 128.8.10.90 (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90              
            DNS server: 192.112.36.4 (g.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4              
            DNS server: 192.203.230.10 (e.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10              
            DNS server: 192.228.79.201 (b.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201              
            DNS server: 192.33.4.12 (c.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12              
            DNS server: 192.36.148.17 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17              
            DNS server: 192.5.5.241 (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241              
            DNS server: 192.58.128.30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30              
            DNS server: 193.0.14.129 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129              
            DNS server: 198.41.0.4 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4              
            DNS server: 199.7.83.42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42              
            DNS server: 202.12.27.33 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33              
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain

               domaindc12                     PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... domain failed test DNS

0
 
Mike KlineCommented:
Do you have root hints listed?  You can create a DNS filter in wireshark   http://wiki.wireshark.org/DNS 

Looks like you don't have reverse zones created but that should not affect internet access.

Thanks

Mike
0
 
Malli BoppeAuthor Commented:
Please check the attached screen shot.
Capture.PNG
0
 
Mike KlineCommented:
What DNS servers do you have listed on that box?(ipconfig /all)
0
 
Malli BoppeAuthor Commented:
Belos is the ipconfig and rout print information


Windows IP Configuration

   Host Name . . . . . . . . . . . . : domainDC11
   Primary Dns Suffix  . . . . . . . : domain.ORG.AU
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.ORG.AU

Ethernet adapter t2-fe:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
   Physical Address. . . . . . . . . : 00-50-56-88-4B-8B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.81.38.7(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.128
   Default Gateway . . . . . . . . . : 10.81.38.1
   DNS Servers . . . . . . . . . . . : 10.81.38.7
                                       10.81.38.6
                                       127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter t2-tbr:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter #2
   Physical Address. . . . . . . . . : 00-50-56-88-44-9F
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.86.144.69(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 127.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{AA2D93AE-341F-42F7-A988-9110D3AE1B38}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BAA05A7D-C14E-478B-AD75-1E5F54E88175}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes



Route print info

===========================================================================
Interface List
 10...00 50 56 88 4b 8b ......vmxnet3 Ethernet Adapter
 11...00 50 56 88 44 9f ......vmxnet3 Ethernet Adapter #2
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.81.38.1       10.81.38.7    261
       10.81.38.0  255.255.255.128         On-link        10.81.38.7    261
       10.81.38.7  255.255.255.255         On-link        10.81.38.7    261
     10.81.38.127  255.255.255.255         On-link        10.81.38.7    261
      10.86.130.0    255.255.255.0     10.86.144.65     10.86.144.69      6
     10.86.144.64  255.255.255.224         On-link      10.86.144.69    261
     10.86.144.69  255.255.255.255         On-link      10.86.144.69    261
     10.86.144.95  255.255.255.255         On-link      10.86.144.69    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.86.144.69    261
        224.0.0.0        240.0.0.0         On-link        10.81.38.7    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.86.144.69    261
  255.255.255.255  255.255.255.255         On-link        10.81.38.7    261
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      10.86.130.0    255.255.255.0     10.86.144.65       1
          0.0.0.0          0.0.0.0       10.81.38.1  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
0
 
Mike KlineCommented:
Are you running two NICs on your DC?  
0
 
Malli BoppeAuthor Commented:
Yes we are running 2 NICs on both the DC's
0
 
Mike KlineCommented:
That is generally not recommended, follow the steps here    http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

What is the second one for?
0
 
Malli BoppeAuthor Commented:
I did as described in the article still no luck.I have disbaled the 2nd nic and rebooted the DC and still the same.
0
 
Malli BoppeAuthor Commented:
could this be a firewall issue.I will try wirshark to night
0
 
Malli BoppeAuthor Commented:
I did portquery
 

=============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 1723 -p TCP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 1723 (pptp service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 1723 -p TCP exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 53 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 53 (domain service): LISTENING
 
UDP port 53 (domain service): LISTENING
 portqry.exe -n 127.0.0.1 -e 53 -p BOTH exits with return code 0x00000000.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 67 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 67 (unknown service): NOT LISTENING
 
UDP port 67 (bootps service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 67 -p BOTH exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 137 -p BOTH ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
TCP port 137 (netbios-ns service): NOT LISTENING
 
UDP port 137 (netbios-ns service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 137 -p BOTH exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 161-162 -p UDP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
UDP port 161 (snmp service): LISTENING or FILTERED
 
community name for query:
 
 public
 
Sending SNMP query to UDP port 161...
 
UDP port 161 (snmp service): FILTERED
 
UDP port 162 (snmptrap service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 161-162 -p UDP exits with return code 0x00000001.
 =============================================
 
 Starting portqry.exe -n 127.0.0.1 -e 1745 -p UDP ...
 

Querying target system called:
 
 127.0.0.1
 
Attempting to resolve IP address to a name...
 

IP address resolved to domainDC11.domain.ORG.AU
 
querying...
 
UDP port 1745 (remote-winsock service): NOT LISTENING
 portqry.exe -n 127.0.0.1 -e 1745 -p UDP exits with return code 0x00000001.
 
 
 
Also when I do a tracert
 
 
 
Tracing route to 74.125.31.106 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  10.81.33.65
   2    <1 ms    <1 ms    <1 ms  10.81.50.27
   3  10.81.50.27  reports: Destination host unreachable.
 
 
0
 
Malli BoppeAuthor Commented:
Also the with portquery when I ran tests for 3389.It cameup with the message saying listening. But when I tried to RDP to a public IP server for another client. RDP failed.
0
 
Malli BoppeAuthor Commented:
Solved myself
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.