jackbenson
asked on
DNS Server Errors - Zone TrustAnchors secondard, Name Servers, Forwarders
Hi,
I am getting a lot of errors/warnings in the Server 2012 Best Practice Tool for my DNS server.
I have 2 sites:
Local Network: 192.168.16.0
-- DC/DNS Server1 (win 2012): 192.168.16.11 / fc;1234:5678:9abc::11
-- DC/DNS Server2 (win 2012): 192.168.16.21 / fc;1234:5678:9abc::21
Azure: 10.4.2.0
-- DC/DNS Server3 (win 2012): 10.4.2.5
The errors/warnings i am getting (and there alot):
Errors:
(1) Zone TrustAnchors secondard servers must respond to queries for the zone
(2) At least one name server in the list of root hiints must respond to queries for the root zone.
(3) At Least one DNS server on the list of forwarders must respond to DNS queries
Warnings:
Zone TrustAnchones secondard server 192.168.16.21 should respond to queries for the zone
Zone TrustAnchones secondard server 10.4.2.5 should respond to queries for the zone
(plus i have this for the following IP addresses: fc00:1234:5678:9abc:a42d:8 f0:d407:c5 72, fc00:1234:5678:9abc:3827:7 4d2:8c82:c 2ca, fc00:1234:5678:9abc:a157:e c04:1a5f:8 b90, fc00:1234:5678:9abc::6, fc00:1234:5678:9abc:3b32:c 635:33e3:5 2f2, fc00:1234:5678:9abc::11, fc00:1234:5678:9abc::17, fc00:1234:5678:9abc::21, fc00:1234:5678:9abc:d0d0:3 9d9:1db2:5 1b5 )
Root hint server 192.33.4.12 must respond to NS queries for the root zone
(i have this for every route hint)
Forwarding server 8.8.4.4 should respond to DNS queries.
(Also the same for 8.8.4.4
All my computers on my network are confiremd to use 192.168.16.11/192.168.16.2 1/fc00:123 4:5678:9ab c::11/fc00 :1234:5678 :9abc::21 as their DNS servers - and every computer can access the internet properly.
When i go into DNS manager - into Root Hints, press edit - it fails to validate the root hint.
what am i doing wrong - the error message i get is:A timeout occured during validation.
i beleive i only have a primary DNS zone that is replicated to my 3 DNS servers.
Forward Lookup Zones
_msdcs.DomainName.Local
DomainName.Local
Reverse Lookup Zones:
0.0.0.1.8.7.6.54.3.2.1.0.0 .c.f.ip6.a rpa (ipv6 local network range)
16.168.192.in-addr.arp (ipv5 local network range)
2.4.10.in-addr.arpa (azure network range)
c.b.a.9.8.7.6.5.4.3.2.1.0. 0.c.f.ip6. arpa (DirectAccess Clients)
can anyone help me out?
many thanks
jack
I am getting a lot of errors/warnings in the Server 2012 Best Practice Tool for my DNS server.
I have 2 sites:
Local Network: 192.168.16.0
-- DC/DNS Server1 (win 2012): 192.168.16.11 / fc;1234:5678:9abc::11
-- DC/DNS Server2 (win 2012): 192.168.16.21 / fc;1234:5678:9abc::21
Azure: 10.4.2.0
-- DC/DNS Server3 (win 2012): 10.4.2.5
The errors/warnings i am getting (and there alot):
Errors:
(1) Zone TrustAnchors secondard servers must respond to queries for the zone
(2) At least one name server in the list of root hiints must respond to queries for the root zone.
(3) At Least one DNS server on the list of forwarders must respond to DNS queries
Warnings:
Zone TrustAnchones secondard server 192.168.16.21 should respond to queries for the zone
Zone TrustAnchones secondard server 10.4.2.5 should respond to queries for the zone
(plus i have this for the following IP addresses: fc00:1234:5678:9abc:a42d:8
Root hint server 192.33.4.12 must respond to NS queries for the root zone
(i have this for every route hint)
Forwarding server 8.8.4.4 should respond to DNS queries.
(Also the same for 8.8.4.4
All my computers on my network are confiremd to use 192.168.16.11/192.168.16.2
When i go into DNS manager - into Root Hints, press edit - it fails to validate the root hint.
what am i doing wrong - the error message i get is:A timeout occured during validation.
i beleive i only have a primary DNS zone that is replicated to my 3 DNS servers.
Forward Lookup Zones
_msdcs.DomainName.Local
DomainName.Local
Reverse Lookup Zones:
0.0.0.1.8.7.6.54.3.2.1.0.0
16.168.192.in-addr.arp (ipv5 local network range)
2.4.10.in-addr.arpa (azure network range)
c.b.a.9.8.7.6.5.4.3.2.1.0.
can anyone help me out?
many thanks
jack
First guess is you have routing issues. It is also possible that you have some firewall issues, but routing seems more likely given the extent of the errors you are posting. If your routes are screwed up between your on-site network and your Azure virtual network, that will cause all manner of issues.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
cgaliher,
thanks for your reply.
I have created a virtual network on Azure and have established a VPN connection between my ADSL router (192.168.16.1) and the Azure Virtual Network.
the connection is working - and it handles the routing from my 192.168.16.0 local network to the Azure Network 10.4.2.0
is there something else I should have done to ensure that routing is working properly?
some background on my network.
ipv4 - the default gateway is 192.168.16.1 which is my DrayTek ADSL router
ipv6 - I have a Windows Server 2012 VM that runs DirectAccess Server and RRAS (DirAccServer1 192.168.16.19/fc00:1234:56 78:9abc::1 6). This is broadcasts itself as the ipv6 gateway using the ip address: fe80::2833:3db9:c825:7dfe
I do not know if it is related - but DC1 is my DHCP server. It gives out ipv4 addresses without a problem - but it does not give out ipv6 addresses
ve3ofa,
Yes - that is where I have set the forwarders as 8.8.8.8 and 8.8.4.4
jack
thanks for your reply.
I have created a virtual network on Azure and have established a VPN connection between my ADSL router (192.168.16.1) and the Azure Virtual Network.
the connection is working - and it handles the routing from my 192.168.16.0 local network to the Azure Network 10.4.2.0
is there something else I should have done to ensure that routing is working properly?
some background on my network.
ipv4 - the default gateway is 192.168.16.1 which is my DrayTek ADSL router
ipv6 - I have a Windows Server 2012 VM that runs DirectAccess Server and RRAS (DirAccServer1 192.168.16.19/fc00:1234:56
I do not know if it is related - but DC1 is my DHCP server. It gives out ipv4 addresses without a problem - but it does not give out ipv6 addresses
ve3ofa,
Yes - that is where I have set the forwarders as 8.8.8.8 and 8.8.4.4
jack
ASKER
when i run:
nslookup -type=ns 199.7.83.42
The result is:
Server: DC2.DomainName.local
Address: fc00:1234:5678:9abc::21
DNS request timed out.
timeout was 2 seconds.
*** Request to DC2.DomainName.local timed-out
BUT when i run:
nslookup 199.7.83.42
i get the following result:
Server: DC2.DomainName.local
Address: fc00:1234:5678:9abc::21
Name: l.root-servers.net
Address: 199.7.83.42
Any idea why the switch -type=ns leads to a failure?
thanks
jack
nslookup -type=ns 199.7.83.42
The result is:
Server: DC2.DomainName.local
Address: fc00:1234:5678:9abc::21
DNS request timed out.
timeout was 2 seconds.
*** Request to DC2.DomainName.local timed-out
BUT when i run:
nslookup 199.7.83.42
i get the following result:
Server: DC2.DomainName.local
Address: fc00:1234:5678:9abc::21
Name: l.root-servers.net
Address: 199.7.83.42
Any idea why the switch -type=ns leads to a failure?
thanks
jack
with type=ns you are querying only the ns (name server records) of which l.root-servers.net is has a misconfiguration i.e. no ns records
ASKER
i don't know if this is a stupid question - where should i put the ns records?
ASKER
turned out to be a problem with my Draytek router - when I applied new firmware the problem was solved