DNS Forwarding and Delegation Test failed on newly configured 2012 R2 domain controllers ?
Hi All,
I've just promoted 2x new Win2012 R2 AD DC with integrated DNS server to replace the existing Physical server 2008 R2 domain controller.
However, when I issue the test dcdiag/test:DNS in both of my new 2012 R2 domain controller, it returns failed:
The error is in Delegation and the Forwarding.
While the existing old server all successfully PASSED, I can also ping to one of my forwarders that is 8.8.8.8.
The new servers cannot even ping 8.8.8.8
Any help would be greatly appreciated.
Thanks,
I've just promoted 2x new Win2012 R2 AD DC with integrated DNS server to replace the existing Physical server 2008 R2 domain controller.
However, when I issue the test dcdiag/test:DNS in both of my new 2012 R2 domain controller, it returns failed:
Auth Basc Forw Del Dyn RReg Ext
_________________________________
PASS PASS FAIL FAIL PASS PASS n/a
The error is in Delegation and the Forwarding.
While the existing old server all successfully PASSED, I can also ping to one of my forwarders that is 8.8.8.8.
The new servers cannot even ping 8.8.8.8
Any help would be greatly appreciated.
Thanks,
Senior Systems Engineer
CERTIFIED EXPERT
What does DNS delegation means ?
That was the error when I setup the server as DNS server this morning.
---------------------------
DNS Options
---------------------------
A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "MyDomain.com.au". Otherwise, no action is required.
---------------------------
OK
---------------------------
That was the error when I setup the server as DNS server this morning.
Senior Systems Engineer
CERTIFIED EXPERT
Mahesh,
Yes, I have listed and entered 8.8.8.8 as one of the forwarders. It works on the old server, while on the new servers it doesn't work.
From the new server when Telnet to 8.8.8.8 53 - in Putty, I selected Telnet and then Port# 53:
While on the old server, I can keep the Putty window open when Telnet to 8.8.8.8 on Port 53 using Putty.
Yes, I have listed and entered 8.8.8.8 as one of the forwarders. It works on the old server, while on the new servers it doesn't work.
From the new server when Telnet to 8.8.8.8 53 - in Putty, I selected Telnet and then Port# 53:
---------------------------
PuTTY Fatal Error
---------------------------
Network error: Connection refused
---------------------------
OK
---------------------------
While on the old server, I can keep the Putty window open when Telnet to 8.8.8.8 on Port 53 using Putty.
Senior Systems Engineer
CERTIFIED EXPERT
Mahesh,
I'm just adding 2x new DC in the same AD site (single AD domain).
The static IP address on the new server that doesn't work:
PRODDC11-VM
DNS1: 10.0.0.11 (itself)
DNS2: 10.0.0.12 (another new DC on the same AD subnet)
PRODDC12-VM
DNS1: 10.0.0.12 (itself)
DNS2: 10.0.0.11 (another new DC on the same AD subnet)
The static IP address on the old server that works:
PRODDC01-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 127.0.0.1 (local loopback)
PRODDC02-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 10.1.1.25 (another DNS server in the different AD site/Data Center)
No I cannot perform connection using Putty from the new server to 8.8.8.8 port 53. But from the old server it is possible using Putty. Does this means the DNS TCP/53 is blocked by the hardware firewall ?
I'm just adding 2x new DC in the same AD site (single AD domain).
The static IP address on the new server that doesn't work:
PRODDC11-VM
DNS1: 10.0.0.11 (itself)
DNS2: 10.0.0.12 (another new DC on the same AD subnet)
PRODDC12-VM
DNS1: 10.0.0.12 (itself)
DNS2: 10.0.0.11 (another new DC on the same AD subnet)
The static IP address on the old server that works:
PRODDC01-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 127.0.0.1 (local loopback)
PRODDC02-VM
DNS1: 10.1.1.26 (another DNS server in the different AD site/Data Center)
DNS2: 10.1.1.25 (another DNS server in the different AD site/Data Center)
No I cannot perform connection using Putty from the new server to 8.8.8.8 port 53. But from the old server it is possible using Putty. Does this means the DNS TCP/53 is blocked by the hardware firewall ?
Senior Systems Engineer
CERTIFIED EXPERT
Mahesh,
So in this case, i will ask the network team to open the TCP/53 for this new DomainController servers.
So in this case, i will ask the network team to open the TCP/53 for this new DomainController servers.
Senior Systems Engineer
CERTIFIED EXPERT
Also what about _msdcs delegated folder under domain.com zone on new DCs?
Mahesh, I can see the new servers is already have it's own NS record in there.
yes, there are some missing or decommissioned server with the NS records still there.
Senior Systems Engineer
CERTIFIED EXPERT
Mahesh,
I've created another thread here: https://www.experts-exchange.com/questions/29012705/DNS-server-TEST-Delegations-Del-FAILED-IP-Unavailable-Missing-glue-A-record.html
I can see there is PRODDC26-VM.MyDomain.com (NS) record entry under the MyDomain.com (greyed out folder). Not sure what this is for, but the server PRODDC26-VM.MyDomain.com still exist and running as Domain Controller in the other AD site.
Shall I delete it ?
I've created another thread here: https://www.experts-exchange.com/questions/29012705/DNS-server-TEST-Delegations-Del-FAILED-IP-Unavailable-Missing-glue-A-record.html
I can see there is PRODDC26-VM.MyDomain.com (NS) record entry under the MyDomain.com (greyed out folder). Not sure what this is for, but the server PRODDC26-VM.MyDomain.com still exist and running as Domain Controller in the other AD site.
Shall I delete it ?
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions