Solved

DNS Issues Exch Svr DC/DNS (Svr 2008 r2 Std)

Posted on 2016-09-20
11
42 Views
Last Modified: 2016-09-20
Because were unable to view our external website w/o editing the HOSTS file, I ran this on the server (dcdiag /test:dns) and got the info below but I dont know how to correct it. Can anyone help me with correcting the errors? Thanks!

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ex2010.dirtech.com
            Domain: dirtech.com


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone dirtech.com

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               ex2010                       PASS PASS PASS PASS WARN PASS n/a
         ......................... dirtech.com passed test DNS
0
Comment
Question by:LemonCalvin
  • 6
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806952
This warning occurred because both of the methods of Dynamic updates selected on the DNS Server is “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates and then have a test again.

In addition, if the Dynamic updates add/delete test record process works properly, we can ignore this warning without issue.

Please refer to the link below for more information:

dcdiag failed to delete test record

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS

Dcdiag

http://technet.microsoft.com/en-us/library/cc731968.aspx

Hope this helps

Best regards

Michael

It was from a previous case reported on: https://social.technet.microsoft.com/Forums/en-US/334a638f-337b-4b26-930e-148157704394/failed-to-delete-the-test-record-dcdiagtestrecord-in-zone-testcom?forum=winserverDS

DC Diag failed to delete test record: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806971
Here is the process to configure secure updates:

If you can apply it in your environment (Cases were all the devices that update with your server are windows computers joined to the same domain than your AD, or a trusted domain from it):

To configure secure dynamic update:

1. In the DNS console, right-click the zone for which you want to configure dynamic update, and then click Properties .
2. In the Allow dynamic updates? box, select Only secure updates .
0
 

Author Comment

by:LemonCalvin
ID: 41807023
Thanks for responding. The only place in the DNS console where I see "Properties" is when I r-click on the name of my DNS server, otherwise Properties is not an option and when I click on properties dynamic or secure updates is not listed. See attachment
DNS-Manager.png
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807064
Cool... Let's do this...

1. Expand Forward LoopUp zones, there you will see a list of DNS zones inside it.

2. Right click on one of these DNS zones.

Note: make the right click on the left side of the window (not the central view).

Additionally, that Reverse Zone of your picture 16.172.in-arpa. is a reverse zone that you can also right click (use the left side of the window) and open their properties.

Let me know the results please.
0
 

Author Comment

by:LemonCalvin
ID: 41807111
Okay, The Reverse Zone was Secure and the Fwd Zone was Unsecure - I changed it to Secure. After doing that and running the dcdiag test again,  the DNS test passes but all querys above it still fails.

-------------------------------------------- START TEST----------------------------------------------
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... dirtech.com passed test DNS

C:\Users\services>
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807117
does that DNS connects directly to the Internet?
0
 

Author Comment

by:LemonCalvin
ID: 41807129
It connects to the internet via Cisco ASA 5512 FW
0
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41807171
These warnings are telling the following...

1. You are using root hints on your DNS server. (It can be verified if you right click your DNS server, click properties and open the Root Hints Tab. And here there is one important point. If you are using DNS forwarders ORrrrrr you do not use internet name resolution, you can delete that list of root hints. If these root hints are necessary because you are using external name resolution ANDdddd it is not based on DNS forwarders, then they can stay there.

2. (And it applies if the root hints are staying there). From a communication perspective, your server is not able to query or receive the answers of the queries sent from your servers to the root hints. It means that it is necessary to check if there is any rule blocking this connection (it uses UDP 53) or if you are using an IP stack not supported in your environment (IPv4 or IPv6) to communicate to the Internet.

Additionally, it is important that you know that these warnings are nog going to cause you an operative failure in your system. However, if you want to make that they do not appear the options are the two previously points specified (Remove the root hints from your server if they are not required, or ensure that your server communicate and get the answers from those root hints.)

Note: If you do not have any operational problem right now, it is likely a situation where you can remove them (Because anyway their name resolution is not working for the listed IP/names).
0
 

Author Comment

by:LemonCalvin
ID: 41807199
First I must say that I failed to mention previously that after following your steps, the "Failed to delete the test record dcdiag-test-record" did go away.
Secondly, I will remove the root hints as you stated because they're obviously not working. Thanks for all of your patience and help with this!
0
 

Author Closing Comment

by:LemonCalvin
ID: 41807200
Thank you for your patience and help with resolving this issue!
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807203
Welcome
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now