Solved

DNS Issues Exch Svr DC/DNS (Svr 2008 r2 Std)

Posted on 2016-09-20
11
83 Views
Last Modified: 2016-09-20
Because were unable to view our external website w/o editing the HOSTS file, I ran this on the server (dcdiag /test:dns) and got the info below but I dont know how to correct it. Can anyone help me with correcting the errors? Thanks!

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ex2010.dirtech.com
            Domain: dirtech.com


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone dirtech.com

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               ex2010                       PASS PASS PASS PASS WARN PASS n/a
         ......................... dirtech.com passed test DNS
0
Comment
Question by:LemonCalvin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806952
This warning occurred because both of the methods of Dynamic updates selected on the DNS Server is “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates and then have a test again.

In addition, if the Dynamic updates add/delete test record process works properly, we can ignore this warning without issue.

Please refer to the link below for more information:

dcdiag failed to delete test record

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS

Dcdiag

http://technet.microsoft.com/en-us/library/cc731968.aspx

Hope this helps

Best regards

Michael

It was from a previous case reported on: https://social.technet.microsoft.com/Forums/en-US/334a638f-337b-4b26-930e-148157704394/failed-to-delete-the-test-record-dcdiagtestrecord-in-zone-testcom?forum=winserverDS

DC Diag failed to delete test record: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806971
Here is the process to configure secure updates:

If you can apply it in your environment (Cases were all the devices that update with your server are windows computers joined to the same domain than your AD, or a trusted domain from it):

To configure secure dynamic update:

1. In the DNS console, right-click the zone for which you want to configure dynamic update, and then click Properties .
2. In the Allow dynamic updates? box, select Only secure updates .
0
 

Author Comment

by:LemonCalvin
ID: 41807023
Thanks for responding. The only place in the DNS console where I see "Properties" is when I r-click on the name of my DNS server, otherwise Properties is not an option and when I click on properties dynamic or secure updates is not listed. See attachment
DNS-Manager.png
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807064
Cool... Let's do this...

1. Expand Forward LoopUp zones, there you will see a list of DNS zones inside it.

2. Right click on one of these DNS zones.

Note: make the right click on the left side of the window (not the central view).

Additionally, that Reverse Zone of your picture 16.172.in-arpa. is a reverse zone that you can also right click (use the left side of the window) and open their properties.

Let me know the results please.
0
 

Author Comment

by:LemonCalvin
ID: 41807111
Okay, The Reverse Zone was Secure and the Fwd Zone was Unsecure - I changed it to Secure. After doing that and running the dcdiag test again,  the DNS test passes but all querys above it still fails.

-------------------------------------------- START TEST----------------------------------------------
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... dirtech.com passed test DNS

C:\Users\services>
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807117
does that DNS connects directly to the Internet?
0
 

Author Comment

by:LemonCalvin
ID: 41807129
It connects to the internet via Cisco ASA 5512 FW
0
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41807171
These warnings are telling the following...

1. You are using root hints on your DNS server. (It can be verified if you right click your DNS server, click properties and open the Root Hints Tab. And here there is one important point. If you are using DNS forwarders ORrrrrr you do not use internet name resolution, you can delete that list of root hints. If these root hints are necessary because you are using external name resolution ANDdddd it is not based on DNS forwarders, then they can stay there.

2. (And it applies if the root hints are staying there). From a communication perspective, your server is not able to query or receive the answers of the queries sent from your servers to the root hints. It means that it is necessary to check if there is any rule blocking this connection (it uses UDP 53) or if you are using an IP stack not supported in your environment (IPv4 or IPv6) to communicate to the Internet.

Additionally, it is important that you know that these warnings are nog going to cause you an operative failure in your system. However, if you want to make that they do not appear the options are the two previously points specified (Remove the root hints from your server if they are not required, or ensure that your server communicate and get the answers from those root hints.)

Note: If you do not have any operational problem right now, it is likely a situation where you can remove them (Because anyway their name resolution is not working for the listed IP/names).
0
 

Author Comment

by:LemonCalvin
ID: 41807199
First I must say that I failed to mention previously that after following your steps, the "Failed to delete the test record dcdiag-test-record" did go away.
Secondly, I will remove the root hints as you stated because they're obviously not working. Thanks for all of your patience and help with this!
0
 

Author Closing Comment

by:LemonCalvin
ID: 41807200
Thank you for your patience and help with resolving this issue!
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807203
Welcome
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question