[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

DNS Best Practices Analyzer error

Posted on 2013-05-29
5
Medium Priority
?
4,876 Views
Last Modified: 2017-04-25
Hi Experts,

I have installed two Windows Server 2012 DCs in a new forest, single domain. Both are configured as DNS servers (AD-integrated).

On one of the servers, the DNS BPA reports the following:


Warning     DNS: Zone TrustAnchors secondary server 192.168.1.123 should respond to queries for the zone.
The secondary DNS server 192.168.1.123 does not respond to queries for the zone TrustAnchors.

Error     DNS: Zone TrustAnchors secondary servers must respond to queries for the zone.
None of the secondary servers configured for zone TrustAnchors are responding.


Can anyone tell me what this error means and how we can resolve it?

DNS appears to be working perfectly fine on both servers but I would like a clean BPA result.

Thanks,
James
0
Comment
Question by:failed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Expert Comment

by:Ben Hart
ID: 39204355
0
 
LVL 19

Expert Comment

by:Kash
ID: 39204358
looks like you have some configuration issues >>> http://technet.microsoft.com/en-us/library/ff807384%28v=ws.10%29.aspx

go to zone transfers tab on both the server mainly the primary one and make sure the IP address of the secondary server is right to start with and troubleshoot accordingly
0
 

Author Comment

by:failed
ID: 39204400
Hi ubadmin,

I went through that article but it did not resolve my problem.

Hi innocentdevil,

I don't have any IP addresses in Zone Transfers therefore that article does not help I'm afraid. These are AD-integrated DNS servers and therefore do not require permission to transfer zones as far as I am aware.
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 2000 total points
ID: 39205233
Are you using DNSSEC in any way?  If not, the TrustAnchors zone isn't used for anything, and the BPA result can be ignored.
0
 

Author Comment

by:failed
ID: 39206951
Hi DrDave242,

We are not using DNSSEC, and what you've said there supports what I've read during my research in to the issue, so I'm going to ignore it since DNS appears to be working normally.

Cheers,
James
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question