DNS test fails with dcdiag /test:dns - TEST: Forwarders/Root hints (Forw)

Discussion in 'DNS Server' started by MartinH, Jun 14, 2006.

  1. MartinH

    MartinH Guest

    Hi,

    On our child DC's, running W2k3, DHCP, DNS and dns forwarding to the
    root DC and the other child DC, we have, with regular intervals, this,
    and simular, error messages in the DNS Server logfile...

    Event Type: Information
    Event Source: DNS
    Event Category: None
    Event ID: 5504
    Date: 13-Jun-06
    Time: 14:18:12
    User: N/A
    Computer: xxxxxxxxx
    Description:
    The DNS server encountered an invalid domain name in a packet from
    63.241.73.200. The packet will be rejected. The event data contains
    the DNS packet.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 70 29 84 00 01 00 08 00 p)?.....
    0008: 00 00 00 00 06 74 6f 67 .....tog
    0010: 67 6c 65 03 77 77 77 02 gle.www.
    0018: 6d 73 06 61 6b 61 64 6e ms.akadn
    0020: 73 03 6e 65 74 00 00 1c s.net...
    0028: 00 01 01 67 c0 13 00 05 ...gÀ...
    0030: 00 01 00 00 01 2c 00 06 .....,..
    0038: 03 6c 62 31 c0 13 c0 38 .lb1À.À8
    0040: 00 01 00 01 00 00 01 2c .......,
    0048: 00 04 cf 2e 14 1e c0 38 ..Ï...À8
    0050: 00 01 00 01 00 00 01 2c .......,
    0058: 00 04 cf 2e c7 1e c0 0c ..Ï.Ç.À.
    0060: 00 05 00 01 00 00 01 2c .......,
    0068: 00 02 c0 2a c0 38 00 01 ..À*À8..
    0070: 00 01 00 00 01 2c 00 04 .....,..
    0078: cf 2e c6 1e c0 38 00 01 Ï.Æ.À8..


    dcdiag /test:dns returns errors for all Root hints.
    I did search the internet on this problem but could not find a
    solution

    There doesn't seem to be a problem with any of the computers on our
    network with internet address resolving but i worry because the DNS
    test fails on this.

    Please help me.


    TEST: Forwarders/Root hints (Forw)
    Error: Root hints list has invalid root hint server:
    a.root-servers.net. (198.41.0.4)
    Error: Root hints list has invalid root hint server:
    b.root-servers.net. (128.9.0.107)
    Error: Root hints list has invalid root hint server:
    b.root-servers.net. (192.228.79.201)
    Error: Root hints list has invalid root hint server:
    c.root-servers.net. (192.33.4.12)
    Error: Root hints list has invalid root hint server:
    d.root-servers.net. (128.8.10.90)
    Error: Root hints list has invalid root hint server:
    e.root-servers.net. (192.203.230.10)
    Error: Root hints list has invalid root hint server:
    f.root-servers.net. (192.5.5.241)
    Error: Root hints list has invalid root hint server:
    g.root-servers.net. (192.112.36.4)
    Error: Root hints list has invalid root hint server:
    h.root-servers.net. (128.63.2.53)
    Error: Root hints list has invalid root hint server:
    i.root-servers.net. (192.36.148.17)
    Error: Root hints list has invalid root hint server:
    j.root-servers.net. (192.58.128.30)
    Error: Root hints list has invalid root hint server:
    k.root-servers.net. (193.0.14.129)
    Error: Root hints list has invalid root hint server:
    l.root-servers.net. (198.32.64.12)
    Error: Root hints list has invalid root hint server:
    m.root-servers.net. (202.12.27.33)

    TEST: Dynamic update (Dyn)
    Warning: Dynamic update is enabled on the zone but
    not secure
    xxxxxxxxxxxxxxxxxxxxxx.

    Summary of test results for DNS servers used by the above
    domain controllers:

    DNS server: 128.63.2.53 (h.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 128.63.2.53

    DNS server: 128.8.10.90 (d.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 128.8.10.90

    DNS server: 128.9.0.107 (b.root-servers.net.)
    1 test failure on this DNS server
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 128.9.0.107

    DNS server: 192.112.36.4 (g.root-servers.net.)
    1 test failure on this DNS server
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.112.36.4

    DNS server: 192.203.230.10 (e.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.203.230.10

    DNS server: 192.228.79.201 (b.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.228.79.201

    DNS server: 192.33.4.12 (c.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.33.4.12

    DNS server: 192.36.148.17 (i.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.36.148.17

    DNS server: 192.5.5.241 (f.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.5.5.241

    DNS server: 192.58.128.30 (j.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 192.58.128.30

    DNS server: 193.0.14.129 (k.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 193.0.14.129

    DNS server: 198.32.64.12 (l.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 198.32.64.12

    DNS server: 198.41.0.4 (a.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 198.41.0.4

    DNS server: 202.12.27.33 (m.root-servers.net.)
    1 test failure on this DNS server
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 202.12.27.33

    Summary of DNS test results:

    Auth Basc Forw Del Dyn
    RReg Ext

    ________________________________________________________________
    xxxxxxxxxxxxxxxxxxxxxxxxxx
    xxxxxxx PASS PASS FAIL PASS WARN
    PASS n/a

    ......................... xxxxxxxxxxx failed test DNS
     
    MartinH, Jun 14, 2006
    #1
    1. Advertisements

  2. I'm not sure the 5504 event is related to the dcdiag error, the dcdiag error
    is caused be your DNS server trying to find the parent domain in the root
    hint servers.

    If you will create a conditional forwarder for W3Ds.net, with your parent
    server's IP. Then check the box "Do not use recursion for this domain" the
    dcdiag DNS test will pass because your DNS will not go to the root hints for
    W3Ds.net.


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 14, 2006
    #2
    1. Advertisements

  3. MartinH

    MartinH Guest

    Hi, I have forwarders to the 2 other DC's and I checked the box "Do
    not use recursion for this domain" but after 10 minutes is still have
    the dcdiag error.
     
    MartinH, Jun 17, 2006
    #3
  4. Which error?
    There are two, and only one you can correct.
    DNS server: 128.63.2.53 (h.root-servers.net.)
    1 test failure on this DNS server

    This error cannot be corrected because the root servers are not configured
    to resolve 1.0.0.127.in-addr.arpa.
    This is not a valid DNS server. PTR record query for
    the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

    This one is corrected by using a conditional forwarder, unless you have an
    invalid DNS server in TCP/IP properties. Can you post an ipconfig /all?
    Name resolution is not functional. _ldap._tcp.W3Ds.net.
    failed on the DNS server 128.63.2.53


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 17, 2006
    #4
  5. MartinH

    MartinH Guest

    Hi kevin,

    No strange settings in my dns. I included ipcongig and dcdiag.
     
    MartinH, Jun 18, 2006
    #5
  6. MartinH

    MartinH Guest

    MartinH, Jun 20, 2006
    #6
  7. I'm not sure why your child DNS servers are still using root hints to find
    the w3ds.net DNS server if you have created a conditional forwarder for
    w3ds.net and set the forwarder to 192.168.10.1 with "Do not use recursion
    for this domain" I have tested this every way I can and I cannot get my DNS
    to query the root hints for the parent domain, unless I clear "Do not use
    recursion for this domain" on my conditional forwarder.

    This conditional forwarder is to the DNS server that has the w3ds.net AD
    domain zone?

    You test also notes that you have not delegated either of your child domains
    in the w3ds.net zone. See:
    For parent domain W3Ds.net and subordinate domain Amsterdam:
    Forwarders or root hints are not misconfigured from parent
    domain to subordinate domain
    Warning: Neither forwarders nor root hints are configured
    from subordinate domain to parent domain
    Error: Delegation is not configured on the parent domain
    For parent domain W3Ds.net and subordinate domain Hoofddorp:
    Forwarders or root hints are not misconfigured from parent
    domain to subordinate domain
    Warning: Neither forwarders nor root hints are configured
    from subordinate domain to parent domain
    Error: Delegation is not configured on the parent domain
    ......................... W3Ds.net failed test DNS

    In the w3ds.net zone, create a delegation named amsterdam and one named
    hoofddorp to the DNS servers that have these zones.

    Verify that the two child DCs have a conditional forwarder for w3ds.net with
    the parent DC (192.168.10.1) as the DNS server in the forwarder and "Do not
    use recursion is selected.

    Alternately, you can create a stub zone named w3ds.net on the child DNS
    (Only).
    -OR-
    Configure the w3ds.net zone to replicate to "All DNS servers in the Active
    Directory forest w3ds.net"
    You can only do one or the other, and only if all DNS servers in the
    replicated scope have Win2k3.

    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    https://secure.lsaol.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Jun 20, 2006
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.