Solved

DNS Issues Exch Svr DC/DNS (Svr 2008 r2 Std)

Posted on 2016-09-20
11
47 Views
Last Modified: 2016-09-20
Because were unable to view our external website w/o editing the HOSTS file, I ran this on the server (dcdiag /test:dns) and got the info below but I dont know how to correct it. Can anyone help me with correcting the errors? Thanks!

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ex2010.dirtech.com
            Domain: dirtech.com


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone dirtech.com

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               ex2010                       PASS PASS PASS PASS WARN PASS n/a
         ......................... dirtech.com passed test DNS
0
Comment
Question by:LemonCalvin
  • 6
  • 5
11 Comments
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806952
This warning occurred because both of the methods of Dynamic updates selected on the DNS Server is “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates and then have a test again.

In addition, if the Dynamic updates add/delete test record process works properly, we can ignore this warning without issue.

Please refer to the link below for more information:

dcdiag failed to delete test record

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS

Dcdiag

http://technet.microsoft.com/en-us/library/cc731968.aspx

Hope this helps

Best regards

Michael

It was from a previous case reported on: https://social.technet.microsoft.com/Forums/en-US/334a638f-337b-4b26-930e-148157704394/failed-to-delete-the-test-record-dcdiagtestrecord-in-zone-testcom?forum=winserverDS

DC Diag failed to delete test record: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41806971
Here is the process to configure secure updates:

If you can apply it in your environment (Cases were all the devices that update with your server are windows computers joined to the same domain than your AD, or a trusted domain from it):

To configure secure dynamic update:

1. In the DNS console, right-click the zone for which you want to configure dynamic update, and then click Properties .
2. In the Allow dynamic updates? box, select Only secure updates .
0
 

Author Comment

by:LemonCalvin
ID: 41807023
Thanks for responding. The only place in the DNS console where I see "Properties" is when I r-click on the name of my DNS server, otherwise Properties is not an option and when I click on properties dynamic or secure updates is not listed. See attachment
DNS-Manager.png
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807064
Cool... Let's do this...

1. Expand Forward LoopUp zones, there you will see a list of DNS zones inside it.

2. Right click on one of these DNS zones.

Note: make the right click on the left side of the window (not the central view).

Additionally, that Reverse Zone of your picture 16.172.in-arpa. is a reverse zone that you can also right click (use the left side of the window) and open their properties.

Let me know the results please.
0
 

Author Comment

by:LemonCalvin
ID: 41807111
Okay, The Reverse Zone was Secure and the Fwd Zone was Unsecure - I changed it to Secure. After doing that and running the dcdiag test again,  the DNS test passes but all querys above it still fails.

-------------------------------------------- START TEST----------------------------------------------
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... dirtech.com passed test DNS

C:\Users\services>
0
Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807117
does that DNS connects directly to the Internet?
0
 

Author Comment

by:LemonCalvin
ID: 41807129
It connects to the internet via Cisco ASA 5512 FW
0
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41807171
These warnings are telling the following...

1. You are using root hints on your DNS server. (It can be verified if you right click your DNS server, click properties and open the Root Hints Tab. And here there is one important point. If you are using DNS forwarders ORrrrrr you do not use internet name resolution, you can delete that list of root hints. If these root hints are necessary because you are using external name resolution ANDdddd it is not based on DNS forwarders, then they can stay there.

2. (And it applies if the root hints are staying there). From a communication perspective, your server is not able to query or receive the answers of the queries sent from your servers to the root hints. It means that it is necessary to check if there is any rule blocking this connection (it uses UDP 53) or if you are using an IP stack not supported in your environment (IPv4 or IPv6) to communicate to the Internet.

Additionally, it is important that you know that these warnings are nog going to cause you an operative failure in your system. However, if you want to make that they do not appear the options are the two previously points specified (Remove the root hints from your server if they are not required, or ensure that your server communicate and get the answers from those root hints.)

Note: If you do not have any operational problem right now, it is likely a situation where you can remove them (Because anyway their name resolution is not working for the listed IP/names).
0
 

Author Comment

by:LemonCalvin
ID: 41807199
First I must say that I failed to mention previously that after following your steps, the "Failed to delete the test record dcdiag-test-record" did go away.
Secondly, I will remove the root hints as you stated because they're obviously not working. Thanks for all of your patience and help with this!
0
 

Author Closing Comment

by:LemonCalvin
ID: 41807200
Thank you for your patience and help with resolving this issue!
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41807203
Welcome
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now