DNS test fails with dcdiag /test:dns - TEST: Forwarders/Root hints (Forw)

Hi,

On our child DC's, running W2k3, DHCP, DNS and dns forwarding to the
root DC and the other child DC, we have, with regular intervals, this,
and simular, error messages in the DNS Server logfile...

Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 5504
Date: 13-Jun-06
Time: 14:18:12
User: N/A
Computer: xxxxxxxxx
Description:
The DNS server encountered an invalid domain name in a packet from
63.241.73.200. The packet will be rejected. The event data contains
the DNS packet.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 70 29 84 00 01 00 08 00 p)?.....
0008: 00 00 00 00 06 74 6f 67 .....tog
0010: 67 6c 65 03 77 77 77 02 gle.www.
0018: 6d 73 06 61 6b 61 64 6e ms.akadn
0020: 73 03 6e 65 74 00 00 1c s.net...
0028: 00 01 01 67 c0 13 00 05 ...gÀ...
0030: 00 01 00 00 01 2c 00 06 .....,..
0038: 03 6c 62 31 c0 13 c0 38 .lb1À.À8
0040: 00 01 00 01 00 00 01 2c .......,
0048: 00 04 cf 2e 14 1e c0 38 ..Ï...À8
0050: 00 01 00 01 00 00 01 2c .......,
0058: 00 04 cf 2e c7 1e c0 0c ..Ï.Ç.À.
0060: 00 05 00 01 00 00 01 2c .......,
0068: 00 02 c0 2a c0 38 00 01 ..À*À8..
0070: 00 01 00 00 01 2c 00 04 .....,..
0078: cf 2e c6 1e c0 38 00 01 Ï.Æ.À8..


dcdiag /test:dns returns errors for all Root hints.
I did search the internet on this problem but could not find a
solution

There doesn't seem to be a problem with any of the computers on our
network with internet address resolving but i worry because the DNS
test fails on this.

Please help me.


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server:
a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server:
b.root-servers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server:
c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server:
d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server:
e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server:
f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server:
g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server:
h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server:
i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server:
j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server:
k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server:
l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server:
m.root-servers.net. (202.12.27.33)

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure
xxxxxxxxxxxxxxxxxxxxxx.

Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.203.230.10

DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.228.79.201

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 193.0.14.129

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 198.32.64.12

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 198.41.0.4

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 202.12.27.33

Summary of DNS test results:

Auth Basc Forw Del Dyn
RReg Ext

________________________________________________________________
xxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxx PASS PASS FAIL PASS WARN
PASS n/a

......................... xxxxxxxxxxx failed test DNS

MartinH wrote:
> Hi,
>
> On our child DC's, running W2k3, DHCP, DNS and dns forwarding to the
> root DC and the other child DC, we have, with regular intervals, this,
> and simular, error messages in the DNS Server logfile...

I'm not sure the 5504 event is related to the dcdiag error, the dcdiag error
is caused be your DNS server trying to find the parent domain in the root
hint servers.

If you will create a conditional forwarder for W3Ds.net, with your parent
server's IP. Then check the box "Do not use recursion for this domain" the
dcdiag DNS test will pass because your DNS will not go to the root hints for
W3Ds.net.


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Hi, I have forwarders to the 2 other DC's and I checked the box "Do
not use recursion for this domain" but after 10 minutes is still have
the dcdiag error.

On Wed, 14 Jun 2006 17:20:46 -0500, "Kevin D. Goodknecht Sr. [MVP]"
<admin@nospam.WFTX.US> wrote:

>MartinH wrote:
>> Hi,
>>
>> On our child DC's, running W2k3, DHCP, DNS and dns forwarding to the
>> root DC and the other child DC, we have, with regular intervals, this,
>> and simular, error messages in the DNS Server logfile...
>
>I'm not sure the 5504 event is related to the dcdiag error, the dcdiag error
>is caused be your DNS server trying to find the parent domain in the root
>hint servers.
>
>If you will create a conditional forwarder for W3Ds.net, with your parent
>server's IP. Then check the box "Do not use recursion for this domain" the
>dcdiag DNS test will pass because your DNS will not go to the root hints for
>W3Ds.net.

MartinH wrote:
> Hi, I have forwarders to the 2 other DC's and I checked the box "Do
> not use recursion for this domain" but after 10 minutes is still have
> the dcdiag error.

Which error?
There are two, and only one you can correct.
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server

This error cannot be corrected because the root servers are not configured
to resolve 1.0.0.127.in-addr.arpa.
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

This one is corrected by using a conditional forwarder, unless you have an
invalid DNS server in TCP/IP properties. Can you post an ipconfig /all?
Name resolution is not functional. _ldap._tcp.W3Ds.net.
failed on the DNS server 128.63.2.53


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Hi kevin,

No strange settings in my dns. I included ipcongig and dcdiag.



On Sat, 17 Jun 2006 14:21:36 -0500, "Kevin D. Goodknecht Sr. [MVP]"
<admin@nospam.WFTX.US> wrote:

>MartinH wrote:
>> Hi, I have forwarders to the 2 other DC's and I checked the box "Do
>> not use recursion for this domain" but after 10 minutes is still have
>> the dcdiag error.
>
>Which error?
>There are two, and only one you can correct.
> DNS server: 128.63.2.53 (h.root-servers.net.)
> 1 test failure on this DNS server
>
>This error cannot be corrected because the root servers are not configured
>to resolve 1.0.0.127.in-addr.arpa.
> This is not a valid DNS server. PTR record query for
>the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
>
>This one is corrected by using a conditional forwarder, unless you have an
>invalid DNS server in TCP/IP properties. Can you post an ipconfig /all?
> Name resolution is not functional. _ldap._tcp.W3Ds.net.
>failed on the DNS server 128.63.2.53

Hi kevin, Only DNS in TCP/IP properties is local DNS. I have some
diagnostic logs for you...


http://www.w3ds.com/diagnostics/dcdiag.txt

http://www.w3ds.com/diagnostics/netdiag.txt

http://www.w3ds.com/diagnostics/repl.txt



On Sat, 17 Jun 2006 14:21:36 -0500, "Kevin D. Goodknecht Sr. [MVP]"
<admin@nospam.WFTX.US> wrote:

>MartinH wrote:
>> Hi, I have forwarders to the 2 other DC's and I checked the box "Do
>> not use recursion for this domain" but after 10 minutes is still have
>> the dcdiag error.
>
>Which error?
>There are two, and only one you can correct.
> DNS server: 128.63.2.53 (h.root-servers.net.)
> 1 test failure on this DNS server
>
>This error cannot be corrected because the root servers are not configured
>to resolve 1.0.0.127.in-addr.arpa.
> This is not a valid DNS server. PTR record query for
>the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
>
>This one is corrected by using a conditional forwarder, unless you have an
>invalid DNS server in TCP/IP properties. Can you post an ipconfig /all?
> Name resolution is not functional. _ldap._tcp.W3Ds.net.
>failed on the DNS server 128.63.2.53

MartinH wrote:
> Hi kevin, Only DNS in TCP/IP properties is local DNS. I have some
> diagnostic logs for you...

I'm not sure why your child DNS servers are still using root hints to find
the w3ds.net DNS server if you have created a conditional forwarder for
w3ds.net and set the forwarder to 192.168.10.1 with "Do not use recursion
for this domain" I have tested this every way I can and I cannot get my DNS
to query the root hints for the parent domain, unless I clear "Do not use
recursion for this domain" on my conditional forwarder.

This conditional forwarder is to the DNS server that has the w3ds.net AD
domain zone?

You test also notes that you have not delegated either of your child domains
in the w3ds.net zone. See:
For parent domain W3Ds.net and subordinate domain Amsterdam:
Forwarders or root hints are not misconfigured from parent
domain to subordinate domain
Warning: Neither forwarders nor root hints are configured
from subordinate domain to parent domain
Error: Delegation is not configured on the parent domain
For parent domain W3Ds.net and subordinate domain Hoofddorp:
Forwarders or root hints are not misconfigured from parent
domain to subordinate domain
Warning: Neither forwarders nor root hints are configured
from subordinate domain to parent domain
Error: Delegation is not configured on the parent domain
......................... W3Ds.net failed test DNS

In the w3ds.net zone, create a delegation named amsterdam and one named
hoofddorp to the DNS servers that have these zones.

Verify that the two child DCs have a conditional forwarder for w3ds.net with
the parent DC (192.168.10.1) as the DNS server in the forwarder and "Do not
use recursion is selected.

Alternately, you can create a stub zone named w3ds.net on the child DNS
(Only).
-OR-
Configure the w3ds.net zone to replicate to "All DNS servers in the Active
Directory forest w3ds.net"
You can only do one or the other, and only if all DNS servers in the
replicated scope have Win2k3.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================