Improve company productivity with a Business Account.Sign Up

x
?
Solved

DNS Issues Exch Svr DC/DNS (Svr 2008 r2 Std)

Posted on 2016-09-20
11
Medium Priority
?
138 Views
Last Modified: 2016-09-20
Because were unable to view our external website w/o editing the HOSTS file, I ran this on the server (dcdiag /test:dns) and got the info below but I dont know how to correct it. Can anyone help me with correcting the errors? Thanks!

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Test results for domain controllers:

            DC: ex2010.dirtech.com
            Domain: dirtech.com


               TEST: Dynamic update (Dyn)
                  Warning: Failed to delete the test record dcdiag-test-record i
n zone dirtech.com

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

               ex2010                       PASS PASS PASS PASS WARN PASS n/a
         ......................... dirtech.com passed test DNS
0
Comment
Question by:LemonCalvin
  • 6
  • 5
11 Comments
 
LVL 15

Expert Comment

by:Schnell Solutions
ID: 41806952
This warning occurred because both of the methods of Dynamic updates selected on the DNS Server is “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates and then have a test again.

In addition, if the Dynamic updates add/delete test record process works properly, we can ignore this warning without issue.

Please refer to the link below for more information:

dcdiag failed to delete test record

http://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS

Dcdiag

http://technet.microsoft.com/en-us/library/cc731968.aspx

Hope this helps

Best regards

Michael

It was from a previous case reported on: https://social.technet.microsoft.com/Forums/en-US/334a638f-337b-4b26-930e-148157704394/failed-to-delete-the-test-record-dcdiagtestrecord-in-zone-testcom?forum=winserverDS

DC Diag failed to delete test record: https://social.technet.microsoft.com/Forums/windowsserver/en-US/f99e7099-b861-4400-a891-5f0a9492921e/dcdiag-failed-to-delete-test-record?forum=winserverDS
0
 
LVL 15

Expert Comment

by:Schnell Solutions
ID: 41806971
Here is the process to configure secure updates:

If you can apply it in your environment (Cases were all the devices that update with your server are windows computers joined to the same domain than your AD, or a trusted domain from it):

To configure secure dynamic update:

1. In the DNS console, right-click the zone for which you want to configure dynamic update, and then click Properties .
2. In the Allow dynamic updates? box, select Only secure updates .
0
 

Author Comment

by:LemonCalvin
ID: 41807023
Thanks for responding. The only place in the DNS console where I see "Properties" is when I r-click on the name of my DNS server, otherwise Properties is not an option and when I click on properties dynamic or secure updates is not listed. See attachment
DNS-Manager.png
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 15

Expert Comment

by:Schnell Solutions
ID: 41807064
Cool... Let's do this...

1. Expand Forward LoopUp zones, there you will see a list of DNS zones inside it.

2. Right click on one of these DNS zones.

Note: make the right click on the left side of the window (not the central view).

Additionally, that Reverse Zone of your picture 16.172.in-arpa. is a reverse zone that you can also right click (use the left side of the window) and open their properties.

Let me know the results please.
0
 

Author Comment

by:LemonCalvin
ID: 41807111
Okay, The Reverse Zone was Secure and the Fwd Zone was Unsecure - I changed it to Secure. After doing that and running the dcdiag test again,  the DNS test passes but all querys above it still fails.

-------------------------------------------- START TEST----------------------------------------------
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\services>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ex2010
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\EX2010
      Starting test: Connectivity
         ......................... EX2010 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\EX2010

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EX2010 passed test DNS

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : dirtech

   Running enterprise tests on : dirtech.com
      Starting test: DNS
         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
            DNS server: 2001:500:1::53 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53

            DNS server: 2001:500:2::c (c.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c

            DNS server: 2001:500:2d::d (d.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:500:84::b (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b

            DNS server: 2001:500:9f::42 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42

            DNS server: 2001:500:a8::e (e.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

            DNS server: 2001:7fd::1 (k.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

            DNS server: 2001:7fe::53 (i.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

            DNS server: 2001:dc3::35 (m.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

         ......................... dirtech.com passed test DNS

C:\Users\services>
0
 
LVL 15

Expert Comment

by:Schnell Solutions
ID: 41807117
does that DNS connects directly to the Internet?
0
 

Author Comment

by:LemonCalvin
ID: 41807129
It connects to the internet via Cisco ASA 5512 FW
0
 
LVL 15

Accepted Solution

by:
Schnell Solutions earned 2000 total points
ID: 41807171
These warnings are telling the following...

1. You are using root hints on your DNS server. (It can be verified if you right click your DNS server, click properties and open the Root Hints Tab. And here there is one important point. If you are using DNS forwarders ORrrrrr you do not use internet name resolution, you can delete that list of root hints. If these root hints are necessary because you are using external name resolution ANDdddd it is not based on DNS forwarders, then they can stay there.

2. (And it applies if the root hints are staying there). From a communication perspective, your server is not able to query or receive the answers of the queries sent from your servers to the root hints. It means that it is necessary to check if there is any rule blocking this connection (it uses UDP 53) or if you are using an IP stack not supported in your environment (IPv4 or IPv6) to communicate to the Internet.

Additionally, it is important that you know that these warnings are nog going to cause you an operative failure in your system. However, if you want to make that they do not appear the options are the two previously points specified (Remove the root hints from your server if they are not required, or ensure that your server communicate and get the answers from those root hints.)

Note: If you do not have any operational problem right now, it is likely a situation where you can remove them (Because anyway their name resolution is not working for the listed IP/names).
0
 

Author Comment

by:LemonCalvin
ID: 41807199
First I must say that I failed to mention previously that after following your steps, the "Failed to delete the test record dcdiag-test-record" did go away.
Secondly, I will remove the root hints as you stated because they're obviously not working. Thanks for all of your patience and help with this!
0
 

Author Closing Comment

by:LemonCalvin
ID: 41807200
Thank you for your patience and help with resolving this issue!
0
 
LVL 15

Expert Comment

by:Schnell Solutions
ID: 41807203
Welcome
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Organisation is organized in a pattern to flow the day to day business, every application and system is interdepended on each other and when very important “Exchange Server downtime” happened.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question