Proper way to configure DNS for child domain

Hi,

What is the proper and correct way to configure DNS (AD Integrated zones)
for a child domain? I have two DC's in a child domain, let's call them DC1
and DC2. All servers run Windows 2003. Some people say to set them up like
this:

DC1
Primary server: DC1
Secondary server: DC2

DC2
Primary server: DC2
Secondary server: DC1

Other people say to set them up pointing to themselves as the primary and
use the parent DNS server as a secondary. Which way is the best practices
way? Also, on the TCP/IP adapter on the DNS server, do I need to use "Append
suffixes" radio button and check box? Is this necessary on the DNS server?

The way I have them set up is :

DC1
Primary: DC1
Secondary: Parent DNS server

DC2
Primary:DC2
Secondary:DC1

This is working okay but I get a few errors, namely event id 2088 and 5781.
Below is a dcdiag from DC1:


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine DC1, is a DC.
* Connecting to directory service on server DC1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 8 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: CHILD\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: CHILD\DC1
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : child
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom

Running enterprise tests on : domain.com
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: DC1.child.domain.com
Domain: child.domain.com


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 00:0F:1F:66:CF:62
IP address is static
IP address: 192.168.5.6
DNS servers:
Warning: 192.168.5.6 (<name unavailable>) [Invalid]
192.168.1.20 (<name unavailable>) [Valid]
192.168.5.7 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid
(unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid
(unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid
(unreachable)]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid
(unreachable)]
Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
Name: DC02.other.domain.com. IP: 192.168.1.10 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid
(unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid
(unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid
(unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid
(unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid
(unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid
(unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid
(unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid
(unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid
(unreachable)]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone child.domain.com.
Test record _dcdiag_test_record added successfully in zone
child.domain.com.
Test record _dcdiag_test_record deleted successfully in
zone child.domain.com.

TEST: Records registration (RReg)
Network Adapter [00000001] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server 192.168.5.6:
DC1.child.domain.com

Error: Missing CNAME record at DNS server 192.168.5.6 :
8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

Matching DC SRV record found at DNS server 192.168.5.6:
_ldap._tcp.dc._msdcs.child.domain.com

Error: Missing GC SRV record at DNS server 192.168.5.6 :
_ldap._tcp.gc._msdcs.domain.com
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

Matching PDC SRV record found at DNS server 192.168.5.6:
_ldap._tcp.pdc._msdcs.child.domain.com

Matching A record found at DNS server 192.168.1.20:
DC1.child.domain.com

Matching CNAME record found at DNS server 192.168.1.20:
8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com

Matching DC SRV record found at DNS server 192.168.1.20:
_ldap._tcp.dc._msdcs.child.domain.com

Matching GC SRV record found at DNS server 192.168.1.20:
_ldap._tcp.gc._msdcs.domain.com

Matching PDC SRV record found at DNS server 192.168.1.20:
_ldap._tcp.pdc._msdcs.child.domain.com

Matching A record found at DNS server 192.168.5.7:
DC1.child.domain.com

Matching CNAME record found at DNS server 192.168.5.7:
8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com

Matching DC SRV record found at DNS server 192.168.5.7:
_ldap._tcp.dc._msdcs.child.domain.com

Matching GC SRV record found at DNS server 192.168.5.7:
_ldap._tcp.gc._msdcs.domain.com

Matching PDC SRV record found at DNS server 192.168.5.7:
_ldap._tcp.pdc._msdcs.child.domain.com

Error: Record registrations cannot be found for all the
network adapters

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.168.5.6 (<name unavailable>)
1 test failure on this DNS server
This is a valid DNS server
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.168.5.6
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 128.8.10.90
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]
Name resolution is not functional. _ldap._tcp.domain.com.
failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period expired.)]

DNS server: 192.168.5.7 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

DNS server: 192.168.1.20 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

DNS server: 192.168.1.10 (DC02.other.domain.com.)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext

________________________________________________________________
Domain: child.domain.com
DC1 PASS WARN PASS PASS PASS FAIL n/a

......................... domain.com failed test DNS


The forest root has both forwarders enabled and root hints. I am not sure
why my server is trying to register records on the root hints server?! Any
help would be great. Thanks

They don't point to the parent domain at all,...only to themselves (1st) and
each other (2nd).

Active Directory Replication throughout the Forest takes care of the rest.

Child Domain DC1
Primary server: Child Domain DC1
Secondary server: Child Domain DC2

Child Domain DC2
Primary server: Child Domain DC2
Secondary server: Child Domain DC1


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


"JoeD" <JoeD@discussions.microsoft.com> wrote in message
news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@microsoft.com...
> Hi,
>
> What is the proper and correct way to configure DNS (AD Integrated zones)
> for a child domain? I have two DC's in a child domain, let's call them
> DC1
> and DC2. All servers run Windows 2003. Some people say to set them up like
> this:
>
> DC1
> Primary server: DC1
> Secondary server: DC2
>
> DC2
> Primary server: DC2
> Secondary server: DC1
>
> Other people say to set them up pointing to themselves as the primary and
> use the parent DNS server as a secondary. Which way is the best practices
> way? Also, on the TCP/IP adapter on the DNS server, do I need to use
> "Append
> suffixes" radio button and check box? Is this necessary on the DNS
> server?
>
> The way I have them set up is :
>
> DC1
> Primary: DC1
> Secondary: Parent DNS server
>
> DC2
> Primary:DC2
> Secondary:DC1
>
> This is working okay but I get a few errors, namely event id 2088 and
> 5781.
> Below is a dcdiag from DC1:
>
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine DC1, is a DC.
> * Connecting to directory service on server DC1.
> * Collecting site info.
> * Identifying all servers.
> * Identifying all NC cross-refs.
> * Found 8 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: CHILD\DC1
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> ......................... DC1 passed test Connectivity
>
> Doing primary tests
>
> Testing server: CHILD\DC1
> Test omitted by user request: Replications
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Test omitted by user request: NCSecDesc
> Test omitted by user request: NetLogons
> Test omitted by user request: Advertising
> Test omitted by user request: KnowsOfRoleHolders
> Test omitted by user request: RidManager
> Test omitted by user request: MachineAccount
> Test omitted by user request: Services
> Test omitted by user request: OutboundSecureChannels
> Test omitted by user request: ObjectsReplicated
> Test omitted by user request: frssysvol
> Test omitted by user request: frsevent
> Test omitted by user request: kccevent
> Test omitted by user request: systemlog
> Test omitted by user request: VerifyReplicas
> Test omitted by user request: VerifyReferences
> Test omitted by user request: VerifyEnterpriseReferences
> Test omitted by user request: CheckSecurityError
>
> DNS Tests are running and not hung. Please wait a few minutes...
>
> Running partition tests on : DomainDnsZones
> Test omitted by user request: CrossRefValidation
> Test omitted by user request: CheckSDRefDom
>
> Running partition tests on : ForestDnsZones
> Test omitted by user request: CrossRefValidation
> Test omitted by user request: CheckSDRefDom
>
> Running partition tests on : child
> Test omitted by user request: CrossRefValidation
> Test omitted by user request: CheckSDRefDom
>
> Running partition tests on : Schema
> Test omitted by user request: CrossRefValidation
> Test omitted by user request: CheckSDRefDom
>
> Running partition tests on : Configuration
> Test omitted by user request: CrossRefValidation
> Test omitted by user request: CheckSDRefDom
>
> Running enterprise tests on : domain.com
> Test omitted by user request: Intersite
> Test omitted by user request: FsmoCheck
> Starting test: DNS
> Test results for domain controllers:
>
> DC: DC1.child.domain.com
> Domain: child.domain.com
>
>
> TEST: Authentication (Auth)
> Authentication test: Successfully completed
>
> TEST: Basic (Basc)
> Microsoft(R) Windows(R) Server 2003, Standard Edition
> (Service Pack level: 2.0) is supported
> NETLOGON service is running
> kdc service is running
> DNSCACHE service is running
> DNS service is running
> DC is a DNS server
> Network adapters information:
> Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet:
> MAC address is 00:0F:1F:66:CF:62
> IP address is static
> IP address: 192.168.5.6
> DNS servers:
> Warning: 192.168.5.6 (<name unavailable>) [Invalid]
> 192.168.1.20 (<name unavailable>) [Valid]
> 192.168.5.7 (<name unavailable>) [Valid]
> The A record for this DC was found
> The SOA record for the Active Directory zone was found
> The Active Directory zone on this DC/DNS server was found
> (primary)
> Root zone on this DC/DNS server was not found
>
> TEST: Forwarders/Root hints (Forw)
> Recursion is enabled
> Forwarders are not configured on this DNS server
> Root hint Information:
> Name: a.root-servers.net. IP: 198.41.0.4 [Invalid
> (unreachable)]
> Name: b.root-servers.net. IP: 192.228.79.201 [Invalid
> (unreachable)]
> Name: c.root-servers.net. IP: 192.33.4.12 [Invalid
> (unreachable)]
> Name: d.root-servers.net. IP: 128.8.10.90 [Invalid
> (unreachable)]
> Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
> Name: DC02.other.domain.com. IP: 192.168.1.10 [Valid]
> Name: e.root-servers.net. IP: 192.203.230.10 [Invalid
> (unreachable)]
> Name: f.root-servers.net. IP: 192.5.5.241 [Invalid
> (unreachable)]
> Name: g.root-servers.net. IP: 192.112.36.4 [Invalid
> (unreachable)]
> Name: h.root-servers.net. IP: 128.63.2.53 [Invalid
> (unreachable)]
> Name: i.root-servers.net. IP: 192.36.148.17 [Invalid
> (unreachable)]
> Name: j.root-servers.net. IP: 192.58.128.30 [Invalid
> (unreachable)]
> Name: k.root-servers.net. IP: 193.0.14.129 [Invalid
> (unreachable)]
> Name: l.root-servers.net. IP: 199.7.83.42 [Invalid
> (unreachable)]
> Name: m.root-servers.net. IP: 202.12.27.33 [Invalid
> (unreachable)]
>
> TEST: Delegations (Del)
> No delegations were found in this zone on this DNS server
>
> TEST: Dynamic update (Dyn)
> Dynamic update is enabled on the zone child.domain.com.
> Test record _dcdiag_test_record added successfully in
> zone
> child.domain.com.
> Test record _dcdiag_test_record deleted successfully in
> zone child.domain.com.
>
> TEST: Records registration (RReg)
> Network Adapter [00000001] Broadcom NetXtreme Gigabit
> Ethernet:
> Matching A record found at DNS server 192.168.5.6:
> DC1.child.domain.com
>
> Error: Missing CNAME record at DNS server 192.168.5.6
> :
> 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> Matching DC SRV record found at DNS server
> 192.168.5.6:
> _ldap._tcp.dc._msdcs.child.domain.com
>
> Error: Missing GC SRV record at DNS server 192.168.5.6
> :
> _ldap._tcp.gc._msdcs.domain.com
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> Matching PDC SRV record found at DNS server
> 192.168.5.6:
> _ldap._tcp.pdc._msdcs.child.domain.com
>
> Matching A record found at DNS server 192.168.1.20:
> DC1.child.domain.com
>
> Matching CNAME record found at DNS server
> 192.168.1.20:
> 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>
> Matching DC SRV record found at DNS server
> 192.168.1.20:
> _ldap._tcp.dc._msdcs.child.domain.com
>
> Matching GC SRV record found at DNS server
> 192.168.1.20:
> _ldap._tcp.gc._msdcs.domain.com
>
> Matching PDC SRV record found at DNS server
> 192.168.1.20:
> _ldap._tcp.pdc._msdcs.child.domain.com
>
> Matching A record found at DNS server 192.168.5.7:
> DC1.child.domain.com
>
> Matching CNAME record found at DNS server 192.168.5.7:
> 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>
> Matching DC SRV record found at DNS server
> 192.168.5.7:
> _ldap._tcp.dc._msdcs.child.domain.com
>
> Matching GC SRV record found at DNS server
> 192.168.5.7:
> _ldap._tcp.gc._msdcs.domain.com
>
> Matching PDC SRV record found at DNS server
> 192.168.5.7:
> _ldap._tcp.pdc._msdcs.child.domain.com
>
> Error: Record registrations cannot be found for all the
> network adapters
>
> Summary of test results for DNS servers used by the above domain
> controllers:
>
> DNS server: 202.12.27.33 (m.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 202.12.27.33
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 199.7.83.42 (l.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 199.7.83.42
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 198.41.0.4 (a.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 198.41.0.4
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 193.0.14.129 (k.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 193.0.14.129
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.58.128.30 (j.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.58.128.30
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.5.5.241 (f.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.5.5.241
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.36.148.17 (i.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.36.148.17
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.33.4.12 (c.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.33.4.12
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.228.79.201 (b.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.228.79.201
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.203.230.10 (e.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.203.230.10
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.168.5.6 (<name unavailable>)
> 1 test failure on this DNS server
> This is a valid DNS server
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.168.5.6
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.112.36.4 (g.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 192.112.36.4
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 128.8.10.90 (d.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 128.8.10.90
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 128.63.2.53 (h.root-servers.net.)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
> Name resolution is not functional. _ldap._tcp.domain.com.
> failed on the DNS server 128.63.2.53
> [Error details: 1460 (Type: Win32 - Description: This
> operation returned because the timeout period expired.)]
>
> DNS server: 192.168.5.7 (<name unavailable>)
> All tests passed on this DNS server
> This is a valid DNS server
> Name resolution is funtional. _ldap._tcp SRV record for the
> forest root domain is registered
>
> DNS server: 192.168.1.20 (<name unavailable>)
> All tests passed on this DNS server
> This is a valid DNS server
> Name resolution is funtional. _ldap._tcp SRV record for the
> forest root domain is registered
>
> DNS server: 192.168.1.10 (DC02.other.domain.com.)
> All tests passed on this DNS server
> This is a valid DNS server
> Name resolution is funtional. _ldap._tcp SRV record for the
> forest root domain is registered
>
> Summary of DNS test results:
>
> Auth Basc Forw Del Dyn RReg
> Ext
>
> ________________________________________________________________
> Domain: child.domain.com
> DC1 PASS WARN PASS PASS PASS FAIL n/a
>
> ......................... domain.com failed test DNS
>
>
> The forest root has both forwarders enabled and root hints. I am not sure
> why my server is trying to register records on the root hints server?!
> Any
> help would be great. Thanks
>
>

Okay, do I use forwarders to the parent? Should I have the parent DNS
servers on the Name Servers Tab?

"Phillip Windell" wrote:

> They don't point to the parent domain at all,...only to themselves (1st) and
> each other (2nd).
>
> Active Directory Replication throughout the Forest takes care of the rest.
>
> Child Domain DC1
> Primary server: Child Domain DC1
> Secondary server: Child Domain DC2
>
> Child Domain DC2
> Primary server: Child Domain DC2
> Secondary server: Child Domain DC1
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>
> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
> news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@microsoft.com...
> > Hi,
> >
> > What is the proper and correct way to configure DNS (AD Integrated zones)
> > for a child domain? I have two DC's in a child domain, let's call them
> > DC1
> > and DC2. All servers run Windows 2003. Some people say to set them up like
> > this:
> >
> > DC1
> > Primary server: DC1
> > Secondary server: DC2
> >
> > DC2
> > Primary server: DC2
> > Secondary server: DC1
> >
> > Other people say to set them up pointing to themselves as the primary and
> > use the parent DNS server as a secondary. Which way is the best practices
> > way? Also, on the TCP/IP adapter on the DNS server, do I need to use
> > "Append
> > suffixes" radio button and check box? Is this necessary on the DNS
> > server?
> >
> > The way I have them set up is :
> >
> > DC1
> > Primary: DC1
> > Secondary: Parent DNS server
> >
> > DC2
> > Primary:DC2
> > Secondary:DC1
> >
> > This is working okay but I get a few errors, namely event id 2088 and
> > 5781.
> > Below is a dcdiag from DC1:
> >
> >
> > Domain Controller Diagnosis
> >
> > Performing initial setup:
> > * Verifying that the local machine DC1, is a DC.
> > * Connecting to directory service on server DC1.
> > * Collecting site info.
> > * Identifying all servers.
> > * Identifying all NC cross-refs.
> > * Found 8 DC(s). Testing 1 of them.
> > Done gathering initial info.
> >
> > Doing initial required tests
> >
> > Testing server: CHILD\DC1
> > Starting test: Connectivity
> > * Active Directory LDAP Services Check
> > * Active Directory RPC Services Check
> > ......................... DC1 passed test Connectivity
> >
> > Doing primary tests
> >
> > Testing server: CHILD\DC1
> > Test omitted by user request: Replications
> > Test omitted by user request: Topology
> > Test omitted by user request: CutoffServers
> > Test omitted by user request: NCSecDesc
> > Test omitted by user request: NetLogons
> > Test omitted by user request: Advertising
> > Test omitted by user request: KnowsOfRoleHolders
> > Test omitted by user request: RidManager
> > Test omitted by user request: MachineAccount
> > Test omitted by user request: Services
> > Test omitted by user request: OutboundSecureChannels
> > Test omitted by user request: ObjectsReplicated
> > Test omitted by user request: frssysvol
> > Test omitted by user request: frsevent
> > Test omitted by user request: kccevent
> > Test omitted by user request: systemlog
> > Test omitted by user request: VerifyReplicas
> > Test omitted by user request: VerifyReferences
> > Test omitted by user request: VerifyEnterpriseReferences
> > Test omitted by user request: CheckSecurityError
> >
> > DNS Tests are running and not hung. Please wait a few minutes...
> >
> > Running partition tests on : DomainDnsZones
> > Test omitted by user request: CrossRefValidation
> > Test omitted by user request: CheckSDRefDom
> >
> > Running partition tests on : ForestDnsZones
> > Test omitted by user request: CrossRefValidation
> > Test omitted by user request: CheckSDRefDom
> >
> > Running partition tests on : child
> > Test omitted by user request: CrossRefValidation
> > Test omitted by user request: CheckSDRefDom
> >
> > Running partition tests on : Schema
> > Test omitted by user request: CrossRefValidation
> > Test omitted by user request: CheckSDRefDom
> >
> > Running partition tests on : Configuration
> > Test omitted by user request: CrossRefValidation
> > Test omitted by user request: CheckSDRefDom
> >
> > Running enterprise tests on : domain.com
> > Test omitted by user request: Intersite
> > Test omitted by user request: FsmoCheck
> > Starting test: DNS
> > Test results for domain controllers:
> >
> > DC: DC1.child.domain.com
> > Domain: child.domain.com
> >
> >
> > TEST: Authentication (Auth)
> > Authentication test: Successfully completed
> >
> > TEST: Basic (Basc)
> > Microsoft(R) Windows(R) Server 2003, Standard Edition
> > (Service Pack level: 2.0) is supported
> > NETLOGON service is running
> > kdc service is running
> > DNSCACHE service is running
> > DNS service is running
> > DC is a DNS server
> > Network adapters information:
> > Adapter [00000001] Broadcom NetXtreme Gigabit Ethernet:
> > MAC address is 00:0F:1F:66:CF:62
> > IP address is static
> > IP address: 192.168.5.6
> > DNS servers:
> > Warning: 192.168.5.6 (<name unavailable>) [Invalid]
> > 192.168.1.20 (<name unavailable>) [Valid]
> > 192.168.5.7 (<name unavailable>) [Valid]
> > The A record for this DC was found
> > The SOA record for the Active Directory zone was found
> > The Active Directory zone on this DC/DNS server was found
> > (primary)
> > Root zone on this DC/DNS server was not found
> >
> > TEST: Forwarders/Root hints (Forw)
> > Recursion is enabled
> > Forwarders are not configured on this DNS server
> > Root hint Information:
> > Name: a.root-servers.net. IP: 198.41.0.4 [Invalid
> > (unreachable)]
> > Name: b.root-servers.net. IP: 192.228.79.201 [Invalid
> > (unreachable)]
> > Name: c.root-servers.net. IP: 192.33.4.12 [Invalid
> > (unreachable)]
> > Name: d.root-servers.net. IP: 128.8.10.90 [Invalid
> > (unreachable)]
> > Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
> > Name: DC02.other.domain.com. IP: 192.168.1.10 [Valid]
> > Name: e.root-servers.net. IP: 192.203.230.10 [Invalid
> > (unreachable)]
> > Name: f.root-servers.net. IP: 192.5.5.241 [Invalid
> > (unreachable)]
> > Name: g.root-servers.net. IP: 192.112.36.4 [Invalid
> > (unreachable)]
> > Name: h.root-servers.net. IP: 128.63.2.53 [Invalid
> > (unreachable)]
> > Name: i.root-servers.net. IP: 192.36.148.17 [Invalid
> > (unreachable)]
> > Name: j.root-servers.net. IP: 192.58.128.30 [Invalid
> > (unreachable)]
> > Name: k.root-servers.net. IP: 193.0.14.129 [Invalid
> > (unreachable)]
> > Name: l.root-servers.net. IP: 199.7.83.42 [Invalid
> > (unreachable)]
> > Name: m.root-servers.net. IP: 202.12.27.33 [Invalid
> > (unreachable)]
> >
> > TEST: Delegations (Del)
> > No delegations were found in this zone on this DNS server
> >
> > TEST: Dynamic update (Dyn)
> > Dynamic update is enabled on the zone child.domain.com.
> > Test record _dcdiag_test_record added successfully in
> > zone
> > child.domain.com.
> > Test record _dcdiag_test_record deleted successfully in
> > zone child.domain.com.
> >
> > TEST: Records registration (RReg)
> > Network Adapter [00000001] Broadcom NetXtreme Gigabit
> > Ethernet:
> > Matching A record found at DNS server 192.168.5.6:
> > DC1.child.domain.com
> >
> > Error: Missing CNAME record at DNS server 192.168.5.6
> > :
> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> >
> > Matching DC SRV record found at DNS server
> > 192.168.5.6:
> > _ldap._tcp.dc._msdcs.child.domain.com
> >
> > Error: Missing GC SRV record at DNS server 192.168.5.6
> > :
> > _ldap._tcp.gc._msdcs.domain.com
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> >
> > Matching PDC SRV record found at DNS server
> > 192.168.5.6:
> > _ldap._tcp.pdc._msdcs.child.domain.com
> >
> > Matching A record found at DNS server 192.168.1.20:
> > DC1.child.domain.com
> >
> > Matching CNAME record found at DNS server
> > 192.168.1.20:
> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> >
> > Matching DC SRV record found at DNS server
> > 192.168.1.20:
> > _ldap._tcp.dc._msdcs.child.domain.com
> >
> > Matching GC SRV record found at DNS server
> > 192.168.1.20:
> > _ldap._tcp.gc._msdcs.domain.com
> >
> > Matching PDC SRV record found at DNS server
> > 192.168.1.20:
> > _ldap._tcp.pdc._msdcs.child.domain.com
> >
> > Matching A record found at DNS server 192.168.5.7:
> > DC1.child.domain.com
> >
> > Matching CNAME record found at DNS server 192.168.5.7:
> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> >
> > Matching DC SRV record found at DNS server
> > 192.168.5.7:
> > _ldap._tcp.dc._msdcs.child.domain.com
> >
> > Matching GC SRV record found at DNS server
> > 192.168.5.7:
> > _ldap._tcp.gc._msdcs.domain.com
> >
> > Matching PDC SRV record found at DNS server
> > 192.168.5.7:
> > _ldap._tcp.pdc._msdcs.child.domain.com
> >
> > Error: Record registrations cannot be found for all the
> > network adapters
> >
> > Summary of test results for DNS servers used by the above domain
> > controllers:
> >
> > DNS server: 202.12.27.33 (m.root-servers.net.)
> > 1 test failure on this DNS server
> > This is not a valid DNS server. PTR record query for the
> > 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> > Name resolution is not functional. _ldap._tcp.domain.com.
> > failed on the DNS server 202.12.27.33
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> >
> > DNS server: 199.7.83.42 (l.root-servers.net.)
> > 1 test failure on this DNS server
> > This is not a valid DNS server. PTR record query for the
> > 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> > Name resolution is not functional. _ldap._tcp.domain.com.
> > failed on the DNS server 199.7.83.42
> > [Error details: 1460 (Type: Win32 - Description: This
> > operation returned because the timeout period expired.)]
> >
> > DNS server: 198.41.0.4 (a.root-servers.net.)

Name Servers Tab:
No,..I never have. Mine only lists the two DCs of my own domain that contain
that particular Zone
Active Directory Forest Replication already takes care of all that as I said
in the last post.
The Name Servers Tab only exists as Properties of the Zone itself,...what
good is it to have a DNS listed in there that is not the DNS used for that
Zone? If you look, each Zone has such a tab,...but the Properties of the
DNS Server itself does not.

Forwarders:
Use the ISP's DNS or some other valid external DNS as the Forwarder,...or
just don't use Forwarders at all and it will *default* to using Root Hints.


--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"JoeD" <JoeD@discussions.microsoft.com> wrote in message
news:E9AF664B-AB1D-4D2D-97D9-EB491BEE9D9B@microsoft.com...
> Okay, do I use forwarders to the parent? Should I have the parent DNS
> servers on the Name Servers Tab?
>
> "Phillip Windell" wrote:
>
>> They don't point to the parent domain at all,...only to themselves (1st)
>> and
>> each other (2nd).
>>
>> Active Directory Replication throughout the Forest takes care of the
>> rest.
>>
>> Child Domain DC1
>> Primary server: Child Domain DC1
>> Secondary server: Child Domain DC2
>>
>> Child Domain DC2
>> Primary server: Child Domain DC2
>> Secondary server: Child Domain DC1
>>
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>>
>> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
>> news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@microsoft.com...
>> > Hi,
>> >
>> > What is the proper and correct way to configure DNS (AD Integrated
>> > zones)
>> > for a child domain? I have two DC's in a child domain, let's call them
>> > DC1
>> > and DC2. All servers run Windows 2003. Some people say to set them up
>> > like
>> > this:
>> >
>> > DC1
>> > Primary server: DC1
>> > Secondary server: DC2
>> >
>> > DC2
>> > Primary server: DC2
>> > Secondary server: DC1
>> >
>> > Other people say to set them up pointing to themselves as the primary
>> > and
>> > use the parent DNS server as a secondary. Which way is the best
>> > practices
>> > way? Also, on the TCP/IP adapter on the DNS server, do I need to use
>> > "Append
>> > suffixes" radio button and check box? Is this necessary on the DNS
>> > server?
>> >
>> > The way I have them set up is :
>> >
>> > DC1
>> > Primary: DC1
>> > Secondary: Parent DNS server
>> >
>> > DC2
>> > Primary:DC2
>> > Secondary:DC1
>> >
>> > This is working okay but I get a few errors, namely event id 2088 and
>> > 5781.
>> > Below is a dcdiag from DC1:
>> >
>> >
>> > Domain Controller Diagnosis
>> >
>> > Performing initial setup:
>> > * Verifying that the local machine DC1, is a DC.
>> > * Connecting to directory service on server DC1.
>> > * Collecting site info.
>> > * Identifying all servers.
>> > * Identifying all NC cross-refs.
>> > * Found 8 DC(s). Testing 1 of them.
>> > Done gathering initial info.
>> >
>> > Doing initial required tests
>> >
>> > Testing server: CHILD\DC1
>> > Starting test: Connectivity
>> > * Active Directory LDAP Services Check
>> > * Active Directory RPC Services Check
>> > ......................... DC1 passed test Connectivity
>> >
>> > Doing primary tests
>> >
>> > Testing server: CHILD\DC1
>> > Test omitted by user request: Replications
>> > Test omitted by user request: Topology
>> > Test omitted by user request: CutoffServers
>> > Test omitted by user request: NCSecDesc
>> > Test omitted by user request: NetLogons
>> > Test omitted by user request: Advertising
>> > Test omitted by user request: KnowsOfRoleHolders
>> > Test omitted by user request: RidManager
>> > Test omitted by user request: MachineAccount
>> > Test omitted by user request: Services
>> > Test omitted by user request: OutboundSecureChannels
>> > Test omitted by user request: ObjectsReplicated
>> > Test omitted by user request: frssysvol
>> > Test omitted by user request: frsevent
>> > Test omitted by user request: kccevent
>> > Test omitted by user request: systemlog
>> > Test omitted by user request: VerifyReplicas
>> > Test omitted by user request: VerifyReferences
>> > Test omitted by user request: VerifyEnterpriseReferences
>> > Test omitted by user request: CheckSecurityError
>> >
>> > DNS Tests are running and not hung. Please wait a few minutes...
>> >
>> > Running partition tests on : DomainDnsZones
>> > Test omitted by user request: CrossRefValidation
>> > Test omitted by user request: CheckSDRefDom
>> >
>> > Running partition tests on : ForestDnsZones
>> > Test omitted by user request: CrossRefValidation
>> > Test omitted by user request: CheckSDRefDom
>> >
>> > Running partition tests on : child
>> > Test omitted by user request: CrossRefValidation
>> > Test omitted by user request: CheckSDRefDom
>> >
>> > Running partition tests on : Schema
>> > Test omitted by user request: CrossRefValidation
>> > Test omitted by user request: CheckSDRefDom
>> >
>> > Running partition tests on : Configuration
>> > Test omitted by user request: CrossRefValidation
>> > Test omitted by user request: CheckSDRefDom
>> >
>> > Running enterprise tests on : domain.com
>> > Test omitted by user request: Intersite
>> > Test omitted by user request: FsmoCheck
>> > Starting test: DNS
>> > Test results for domain controllers:
>> >
>> > DC: DC1.child.domain.com
>> > Domain: child.domain.com
>> >
>> >
>> > TEST: Authentication (Auth)
>> > Authentication test: Successfully completed
>> >
>> > TEST: Basic (Basc)
>> > Microsoft(R) Windows(R) Server 2003, Standard Edition
>> > (Service Pack level: 2.0) is supported
>> > NETLOGON service is running
>> > kdc service is running
>> > DNSCACHE service is running
>> > DNS service is running
>> > DC is a DNS server
>> > Network adapters information:
>> > Adapter [00000001] Broadcom NetXtreme Gigabit
>> > Ethernet:
>> > MAC address is 00:0F:1F:66:CF:62
>> > IP address is static
>> > IP address: 192.168.5.6
>> > DNS servers:
>> > Warning: 192.168.5.6 (<name unavailable>)
>> > [Invalid]
>> > 192.168.1.20 (<name unavailable>) [Valid]
>> > 192.168.5.7 (<name unavailable>) [Valid]
>> > The A record for this DC was found
>> > The SOA record for the Active Directory zone was found
>> > The Active Directory zone on this DC/DNS server was
>> > found
>> > (primary)
>> > Root zone on this DC/DNS server was not found
>> >
>> > TEST: Forwarders/Root hints (Forw)
>> > Recursion is enabled
>> > Forwarders are not configured on this DNS server
>> > Root hint Information:
>> > Name: a.root-servers.net. IP: 198.41.0.4 [Invalid
>> > (unreachable)]
>> > Name: b.root-servers.net. IP: 192.228.79.201
>> > [Invalid
>> > (unreachable)]
>> > Name: c.root-servers.net. IP: 192.33.4.12 [Invalid
>> > (unreachable)]
>> > Name: d.root-servers.net. IP: 128.8.10.90 [Invalid
>> > (unreachable)]
>> > Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
>> > Name: DC02.other.domain.com. IP: 192.168.1.10
>> > [Valid]
>> > Name: e.root-servers.net. IP: 192.203.230.10
>> > [Invalid
>> > (unreachable)]
>> > Name: f.root-servers.net. IP: 192.5.5.241 [Invalid
>> > (unreachable)]
>> > Name: g.root-servers.net. IP: 192.112.36.4 [Invalid
>> > (unreachable)]
>> > Name: h.root-servers.net. IP: 128.63.2.53 [Invalid
>> > (unreachable)]
>> > Name: i.root-servers.net. IP: 192.36.148.17
>> > [Invalid
>> > (unreachable)]
>> > Name: j.root-servers.net. IP: 192.58.128.30
>> > [Invalid
>> > (unreachable)]
>> > Name: k.root-servers.net. IP: 193.0.14.129 [Invalid
>> > (unreachable)]
>> > Name: l.root-servers.net. IP: 199.7.83.42 [Invalid
>> > (unreachable)]
>> > Name: m.root-servers.net. IP: 202.12.27.33 [Invalid
>> > (unreachable)]
>> >
>> > TEST: Delegations (Del)
>> > No delegations were found in this zone on this DNS
>> > server
>> >
>> > TEST: Dynamic update (Dyn)
>> > Dynamic update is enabled on the zone
>> > child.domain.com.
>> > Test record _dcdiag_test_record added successfully in
>> > zone
>> > child.domain.com.
>> > Test record _dcdiag_test_record deleted successfully
>> > in
>> > zone child.domain.com.
>> >
>> > TEST: Records registration (RReg)
>> > Network Adapter [00000001] Broadcom NetXtreme Gigabit
>> > Ethernet:
>> > Matching A record found at DNS server 192.168.5.6:
>> > DC1.child.domain.com
>> >
>> > Error: Missing CNAME record at DNS server
>> > 192.168.5.6
>> > :
>> >
>> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>> > [Error details: 1460 (Type: Win32 - Description:
>> > This
>> > operation returned because the timeout period expired.)]
>> >
>> > Matching DC SRV record found at DNS server
>> > 192.168.5.6:
>> > _ldap._tcp.dc._msdcs.child.domain.com
>> >
>> > Error: Missing GC SRV record at DNS server
>> > 192.168.5.6
>> > :
>> > _ldap._tcp.gc._msdcs.domain.com
>> > [Error details: 1460 (Type: Win32 - Description:
>> > This
>> > operation returned because the timeout period expired.)]
>> >
>> > Matching PDC SRV record found at DNS server
>> > 192.168.5.6:
>> > _ldap._tcp.pdc._msdcs.child.domain.com
>> >
>> > Matching A record found at DNS server 192.168.1.20:
>> > DC1.child.domain.com
>> >
>> > Matching CNAME record found at DNS server
>> > 192.168.1.20:
>> >
>> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>> >
>> > Matching DC SRV record found at DNS server
>> > 192.168.1.20:
>> > _ldap._tcp.dc._msdcs.child.domain.com
>> >
>> > Matching GC SRV record found at DNS server
>> > 192.168.1.20:
>> > _ldap._tcp.gc._msdcs.domain.com
>> >
>> > Matching PDC SRV record found at DNS server
>> > 192.168.1.20:
>> > _ldap._tcp.pdc._msdcs.child.domain.com
>> >
>> > Matching A record found at DNS server 192.168.5.7:
>> > DC1.child.domain.com
>> >
>> > Matching CNAME record found at DNS server
>> > 192.168.5.7:
>> >
>> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>> >
>> > Matching DC SRV record found at DNS server
>> > 192.168.5.7:
>> > _ldap._tcp.dc._msdcs.child.domain.com
>> >
>> > Matching GC SRV record found at DNS server
>> > 192.168.5.7:
>> > _ldap._tcp.gc._msdcs.domain.com
>> >
>> > Matching PDC SRV record found at DNS server
>> > 192.168.5.7:
>> > _ldap._tcp.pdc._msdcs.child.domain.com
>> >
>> > Error: Record registrations cannot be found for all the
>> > network adapters
>> >
>> > Summary of test results for DNS servers used by the above
>> > domain
>> > controllers:
>> >
>> > DNS server: 202.12.27.33 (m.root-servers.net.)
>> > 1 test failure on this DNS server
>> > This is not a valid DNS server. PTR record query for the
>> > 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
>> > [Error details: 1460 (Type: Win32 - Description: This
>> > operation returned because the timeout period expired.)]
>> > Name resolution is not functional. _ldap._tcp.domain.com.
>> > failed on the DNS server 202.12.27.33
>> > [Error details: 1460 (Type: Win32 - Description: This
>> > operation returned because the timeout period expired.)]
>> >
>> > DNS server: 199.7.83.42 (l.root-servers.net.)
>> > 1 test failure on this DNS server
>> > This is not a valid DNS server. PTR record query for the
>> > 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
>> > [Error details: 1460 (Type: Win32 - Description: This
>> > operation returned because the timeout period expired.)]
>> > Name resolution is not functional. _ldap._tcp.domain.com.
>> > failed on the DNS server 199.7.83.42
>> > [Error details: 1460 (Type: Win32 - Description: This
>> > operation returned because the timeout period expired.)]
>> >
>> > DNS server: 198.41.0.4 (a.root-servers.net.)

Thanks. Works like a charm.

"Phillip Windell" wrote:

> Name Servers Tab:
> No,..I never have. Mine only lists the two DCs of my own domain that contain
> that particular Zone
> Active Directory Forest Replication already takes care of all that as I said
> in the last post.
> The Name Servers Tab only exists as Properties of the Zone itself,...what
> good is it to have a DNS listed in there that is not the DNS used for that
> Zone? If you look, each Zone has such a tab,...but the Properties of the
> DNS Server itself does not.
>
> Forwarders:
> Use the ISP's DNS or some other valid external DNS as the Forwarder,...or
> just don't use Forwarders at all and it will *default* to using Root Hints.
>
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
> news:E9AF664B-AB1D-4D2D-97D9-EB491BEE9D9B@microsoft.com...
> > Okay, do I use forwarders to the parent? Should I have the parent DNS
> > servers on the Name Servers Tab?
> >
> > "Phillip Windell" wrote:
> >
> >> They don't point to the parent domain at all,...only to themselves (1st)
> >> and
> >> each other (2nd).
> >>
> >> Active Directory Replication throughout the Forest takes care of the
> >> rest.
> >>
> >> Child Domain DC1
> >> Primary server: Child Domain DC1
> >> Secondary server: Child Domain DC2
> >>
> >> Child Domain DC2
> >> Primary server: Child Domain DC2
> >> Secondary server: Child Domain DC1
> >>
> >>
> >> --
> >> Phillip Windell
> >> www.wandtv.com
> >>
> >> The views expressed, are my own and not those of my employer, or
> >> Microsoft,
> >> or anyone else associated with me, including my cats.
> >> -----------------------------------------------------
> >>
> >>
> >> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
> >> news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@microsoft.com...
> >> > Hi,
> >> >
> >> > What is the proper and correct way to configure DNS (AD Integrated
> >> > zones)
> >> > for a child domain? I have two DC's in a child domain, let's call them
> >> > DC1
> >> > and DC2. All servers run Windows 2003. Some people say to set them up
> >> > like
> >> > this:
> >> >
> >> > DC1
> >> > Primary server: DC1
> >> > Secondary server: DC2
> >> >
> >> > DC2
> >> > Primary server: DC2
> >> > Secondary server: DC1
> >> >
> >> > Other people say to set them up pointing to themselves as the primary
> >> > and
> >> > use the parent DNS server as a secondary. Which way is the best
> >> > practices
> >> > way? Also, on the TCP/IP adapter on the DNS server, do I need to use
> >> > "Append
> >> > suffixes" radio button and check box? Is this necessary on the DNS
> >> > server?
> >> >
> >> > The way I have them set up is :
> >> >
> >> > DC1
> >> > Primary: DC1
> >> > Secondary: Parent DNS server
> >> >
> >> > DC2
> >> > Primary:DC2
> >> > Secondary:DC1
> >> >
> >> > This is working okay but I get a few errors, namely event id 2088 and
> >> > 5781.
> >> > Below is a dcdiag from DC1:
> >> >
> >> >
> >> > Domain Controller Diagnosis
> >> >
> >> > Performing initial setup:
> >> > * Verifying that the local machine DC1, is a DC.
> >> > * Connecting to directory service on server DC1.
> >> > * Collecting site info.
> >> > * Identifying all servers.
> >> > * Identifying all NC cross-refs.
> >> > * Found 8 DC(s). Testing 1 of them.
> >> > Done gathering initial info.
> >> >
> >> > Doing initial required tests
> >> >
> >> > Testing server: CHILD\DC1
> >> > Starting test: Connectivity
> >> > * Active Directory LDAP Services Check
> >> > * Active Directory RPC Services Check
> >> > ......................... DC1 passed test Connectivity
> >> >
> >> > Doing primary tests
> >> >
> >> > Testing server: CHILD\DC1
> >> > Test omitted by user request: Replications
> >> > Test omitted by user request: Topology
> >> > Test omitted by user request: CutoffServers
> >> > Test omitted by user request: NCSecDesc
> >> > Test omitted by user request: NetLogons
> >> > Test omitted by user request: Advertising
> >> > Test omitted by user request: KnowsOfRoleHolders
> >> > Test omitted by user request: RidManager
> >> > Test omitted by user request: MachineAccount
> >> > Test omitted by user request: Services
> >> > Test omitted by user request: OutboundSecureChannels
> >> > Test omitted by user request: ObjectsReplicated
> >> > Test omitted by user request: frssysvol
> >> > Test omitted by user request: frsevent
> >> > Test omitted by user request: kccevent
> >> > Test omitted by user request: systemlog
> >> > Test omitted by user request: VerifyReplicas
> >> > Test omitted by user request: VerifyReferences
> >> > Test omitted by user request: VerifyEnterpriseReferences
> >> > Test omitted by user request: CheckSecurityError
> >> >
> >> > DNS Tests are running and not hung. Please wait a few minutes...
> >> >
> >> > Running partition tests on : DomainDnsZones
> >> > Test omitted by user request: CrossRefValidation
> >> > Test omitted by user request: CheckSDRefDom
> >> >
> >> > Running partition tests on : ForestDnsZones
> >> > Test omitted by user request: CrossRefValidation
> >> > Test omitted by user request: CheckSDRefDom
> >> >
> >> > Running partition tests on : child
> >> > Test omitted by user request: CrossRefValidation
> >> > Test omitted by user request: CheckSDRefDom
> >> >
> >> > Running partition tests on : Schema
> >> > Test omitted by user request: CrossRefValidation
> >> > Test omitted by user request: CheckSDRefDom
> >> >
> >> > Running partition tests on : Configuration
> >> > Test omitted by user request: CrossRefValidation
> >> > Test omitted by user request: CheckSDRefDom
> >> >
> >> > Running enterprise tests on : domain.com
> >> > Test omitted by user request: Intersite
> >> > Test omitted by user request: FsmoCheck
> >> > Starting test: DNS
> >> > Test results for domain controllers:
> >> >
> >> > DC: DC1.child.domain.com
> >> > Domain: child.domain.com
> >> >
> >> >
> >> > TEST: Authentication (Auth)
> >> > Authentication test: Successfully completed
> >> >
> >> > TEST: Basic (Basc)
> >> > Microsoft(R) Windows(R) Server 2003, Standard Edition
> >> > (Service Pack level: 2.0) is supported
> >> > NETLOGON service is running
> >> > kdc service is running
> >> > DNSCACHE service is running
> >> > DNS service is running
> >> > DC is a DNS server
> >> > Network adapters information:
> >> > Adapter [00000001] Broadcom NetXtreme Gigabit
> >> > Ethernet:
> >> > MAC address is 00:0F:1F:66:CF:62
> >> > IP address is static
> >> > IP address: 192.168.5.6
> >> > DNS servers:
> >> > Warning: 192.168.5.6 (<name unavailable>)
> >> > [Invalid]
> >> > 192.168.1.20 (<name unavailable>) [Valid]
> >> > 192.168.5.7 (<name unavailable>) [Valid]
> >> > The A record for this DC was found
> >> > The SOA record for the Active Directory zone was found
> >> > The Active Directory zone on this DC/DNS server was
> >> > found
> >> > (primary)
> >> > Root zone on this DC/DNS server was not found
> >> >
> >> > TEST: Forwarders/Root hints (Forw)
> >> > Recursion is enabled
> >> > Forwarders are not configured on this DNS server
> >> > Root hint Information:
> >> > Name: a.root-servers.net. IP: 198.41.0.4 [Invalid
> >> > (unreachable)]
> >> > Name: b.root-servers.net. IP: 192.228.79.201
> >> > [Invalid
> >> > (unreachable)]
> >> > Name: c.root-servers.net. IP: 192.33.4.12 [Invalid
> >> > (unreachable)]
> >> > Name: d.root-servers.net. IP: 128.8.10.90 [Invalid
> >> > (unreachable)]
> >> > Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
> >> > Name: DC02.other.domain.com. IP: 192.168.1.10
> >> > [Valid]
> >> > Name: e.root-servers.net. IP: 192.203.230.10
> >> > [Invalid
> >> > (unreachable)]
> >> > Name: f.root-servers.net. IP: 192.5.5.241 [Invalid
> >> > (unreachable)]
> >> > Name: g.root-servers.net. IP: 192.112.36.4 [Invalid
> >> > (unreachable)]
> >> > Name: h.root-servers.net. IP: 128.63.2.53 [Invalid
> >> > (unreachable)]
> >> > Name: i.root-servers.net. IP: 192.36.148.17
> >> > [Invalid
> >> > (unreachable)]
> >> > Name: j.root-servers.net. IP: 192.58.128.30
> >> > [Invalid
> >> > (unreachable)]
> >> > Name: k.root-servers.net. IP: 193.0.14.129 [Invalid
> >> > (unreachable)]
> >> > Name: l.root-servers.net. IP: 199.7.83.42 [Invalid
> >> > (unreachable)]
> >> > Name: m.root-servers.net. IP: 202.12.27.33 [Invalid
> >> > (unreachable)]
> >> >
> >> > TEST: Delegations (Del)
> >> > No delegations were found in this zone on this DNS
> >> > server
> >> >
> >> > TEST: Dynamic update (Dyn)
> >> > Dynamic update is enabled on the zone
> >> > child.domain.com.
> >> > Test record _dcdiag_test_record added successfully in
> >> > zone
> >> > child.domain.com.
> >> > Test record _dcdiag_test_record deleted successfully
> >> > in
> >> > zone child.domain.com.
> >> >
> >> > TEST: Records registration (RReg)
> >> > Network Adapter [00000001] Broadcom NetXtreme Gigabit
> >> > Ethernet:
> >> > Matching A record found at DNS server 192.168.5.6:
> >> > DC1.child.domain.com
> >> >
> >> > Error: Missing CNAME record at DNS server
> >> > 192.168.5.6
> >> > :
> >> >
> >> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> >> > [Error details: 1460 (Type: Win32 - Description:
> >> > This
> >> > operation returned because the timeout period expired.)]
> >> >
> >> > Matching DC SRV record found at DNS server
> >> > 192.168.5.6:
> >> > _ldap._tcp.dc._msdcs.child.domain.com
> >> >
> >> > Error: Missing GC SRV record at DNS server
> >> > 192.168.5.6
> >> > :
> >> > _ldap._tcp.gc._msdcs.domain.com
> >> > [Error details: 1460 (Type: Win32 - Description:
> >> > This
> >> > operation returned because the timeout period expired.)]
> >> >
> >> > Matching PDC SRV record found at DNS server
> >> > 192.168.5.6:
> >> > _ldap._tcp.pdc._msdcs.child.domain.com
> >> >
> >> > Matching A record found at DNS server 192.168.1.20:
> >> > DC1.child.domain.com
> >> >
> >> > Matching CNAME record found at DNS server
> >> > 192.168.1.20:
> >> >
> >> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
> >> >
> >> > Matching DC SRV record found at DNS server
> >> > 192.168.1.20:
> >> > _ldap._tcp.dc._msdcs.child.domain.com
> >> >
> >> > Matching GC SRV record found at DNS server

Very good , sir.
Good luck with it.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"JoeD" <JoeD@discussions.microsoft.com> wrote in message
news:4C723463-DFE9-4BB6-AF28-5672316B1127@microsoft.com...
> Thanks. Works like a charm.
>
> "Phillip Windell" wrote:
>
>> Name Servers Tab:
>> No,..I never have. Mine only lists the two DCs of my own domain that
>> contain
>> that particular Zone
>> Active Directory Forest Replication already takes care of all that as I
>> said
>> in the last post.
>> The Name Servers Tab only exists as Properties of the Zone itself,...what
>> good is it to have a DNS listed in there that is not the DNS used for
>> that
>> Zone? If you look, each Zone has such a tab,...but the Properties of the
>> DNS Server itself does not.
>>
>> Forwarders:
>> Use the ISP's DNS or some other valid external DNS as the Forwarder,...or
>> just don't use Forwarders at all and it will *default* to using Root
>> Hints.
>>
>>
>> --
>> Phillip Windell
>> www.wandtv.com
>>
>> The views expressed, are my own and not those of my employer, or
>> Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>>
>> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
>> news:E9AF664B-AB1D-4D2D-97D9-EB491BEE9D9B@microsoft.com...
>> > Okay, do I use forwarders to the parent? Should I have the parent DNS
>> > servers on the Name Servers Tab?
>> >
>> > "Phillip Windell" wrote:
>> >
>> >> They don't point to the parent domain at all,...only to themselves
>> >> (1st)
>> >> and
>> >> each other (2nd).
>> >>
>> >> Active Directory Replication throughout the Forest takes care of the
>> >> rest.
>> >>
>> >> Child Domain DC1
>> >> Primary server: Child Domain DC1
>> >> Secondary server: Child Domain DC2
>> >>
>> >> Child Domain DC2
>> >> Primary server: Child Domain DC2
>> >> Secondary server: Child Domain DC1
>> >>
>> >>
>> >> --
>> >> Phillip Windell
>> >> www.wandtv.com
>> >>
>> >> The views expressed, are my own and not those of my employer, or
>> >> Microsoft,
>> >> or anyone else associated with me, including my cats.
>> >> -----------------------------------------------------
>> >>
>> >>
>> >> "JoeD" <JoeD@discussions.microsoft.com> wrote in message
>> >> news:ECAD8118-4E66-4FEF-8417-4BECFD4DDA61@microsoft.com...
>> >> > Hi,
>> >> >
>> >> > What is the proper and correct way to configure DNS (AD Integrated
>> >> > zones)
>> >> > for a child domain? I have two DC's in a child domain, let's call
>> >> > them
>> >> > DC1
>> >> > and DC2. All servers run Windows 2003. Some people say to set them
>> >> > up
>> >> > like
>> >> > this:
>> >> >
>> >> > DC1
>> >> > Primary server: DC1
>> >> > Secondary server: DC2
>> >> >
>> >> > DC2
>> >> > Primary server: DC2
>> >> > Secondary server: DC1
>> >> >
>> >> > Other people say to set them up pointing to themselves as the
>> >> > primary
>> >> > and
>> >> > use the parent DNS server as a secondary. Which way is the best
>> >> > practices
>> >> > way? Also, on the TCP/IP adapter on the DNS server, do I need to
>> >> > use
>> >> > "Append
>> >> > suffixes" radio button and check box? Is this necessary on the DNS
>> >> > server?
>> >> >
>> >> > The way I have them set up is :
>> >> >
>> >> > DC1
>> >> > Primary: DC1
>> >> > Secondary: Parent DNS server
>> >> >
>> >> > DC2
>> >> > Primary:DC2
>> >> > Secondary:DC1
>> >> >
>> >> > This is working okay but I get a few errors, namely event id 2088
>> >> > and
>> >> > 5781.
>> >> > Below is a dcdiag from DC1:
>> >> >
>> >> >
>> >> > Domain Controller Diagnosis
>> >> >
>> >> > Performing initial setup:
>> >> > * Verifying that the local machine DC1, is a DC.
>> >> > * Connecting to directory service on server DC1.
>> >> > * Collecting site info.
>> >> > * Identifying all servers.
>> >> > * Identifying all NC cross-refs.
>> >> > * Found 8 DC(s). Testing 1 of them.
>> >> > Done gathering initial info.
>> >> >
>> >> > Doing initial required tests
>> >> >
>> >> > Testing server: CHILD\DC1
>> >> > Starting test: Connectivity
>> >> > * Active Directory LDAP Services Check
>> >> > * Active Directory RPC Services Check
>> >> > ......................... DC1 passed test Connectivity
>> >> >
>> >> > Doing primary tests
>> >> >
>> >> > Testing server: CHILD\DC1
>> >> > Test omitted by user request: Replications
>> >> > Test omitted by user request: Topology
>> >> > Test omitted by user request: CutoffServers
>> >> > Test omitted by user request: NCSecDesc
>> >> > Test omitted by user request: NetLogons
>> >> > Test omitted by user request: Advertising
>> >> > Test omitted by user request: KnowsOfRoleHolders
>> >> > Test omitted by user request: RidManager
>> >> > Test omitted by user request: MachineAccount
>> >> > Test omitted by user request: Services
>> >> > Test omitted by user request: OutboundSecureChannels
>> >> > Test omitted by user request: ObjectsReplicated
>> >> > Test omitted by user request: frssysvol
>> >> > Test omitted by user request: frsevent
>> >> > Test omitted by user request: kccevent
>> >> > Test omitted by user request: systemlog
>> >> > Test omitted by user request: VerifyReplicas
>> >> > Test omitted by user request: VerifyReferences
>> >> > Test omitted by user request: VerifyEnterpriseReferences
>> >> > Test omitted by user request: CheckSecurityError
>> >> >
>> >> > DNS Tests are running and not hung. Please wait a few minutes...
>> >> >
>> >> > Running partition tests on : DomainDnsZones
>> >> > Test omitted by user request: CrossRefValidation
>> >> > Test omitted by user request: CheckSDRefDom
>> >> >
>> >> > Running partition tests on : ForestDnsZones
>> >> > Test omitted by user request: CrossRefValidation
>> >> > Test omitted by user request: CheckSDRefDom
>> >> >
>> >> > Running partition tests on : child
>> >> > Test omitted by user request: CrossRefValidation
>> >> > Test omitted by user request: CheckSDRefDom
>> >> >
>> >> > Running partition tests on : Schema
>> >> > Test omitted by user request: CrossRefValidation
>> >> > Test omitted by user request: CheckSDRefDom
>> >> >
>> >> > Running partition tests on : Configuration
>> >> > Test omitted by user request: CrossRefValidation
>> >> > Test omitted by user request: CheckSDRefDom
>> >> >
>> >> > Running enterprise tests on : domain.com
>> >> > Test omitted by user request: Intersite
>> >> > Test omitted by user request: FsmoCheck
>> >> > Starting test: DNS
>> >> > Test results for domain controllers:
>> >> >
>> >> > DC: DC1.child.domain.com
>> >> > Domain: child.domain.com
>> >> >
>> >> >
>> >> > TEST: Authentication (Auth)
>> >> > Authentication test: Successfully completed
>> >> >
>> >> > TEST: Basic (Basc)
>> >> > Microsoft(R) Windows(R) Server 2003, Standard
>> >> > Edition
>> >> > (Service Pack level: 2.0) is supported
>> >> > NETLOGON service is running
>> >> > kdc service is running
>> >> > DNSCACHE service is running
>> >> > DNS service is running
>> >> > DC is a DNS server
>> >> > Network adapters information:
>> >> > Adapter [00000001] Broadcom NetXtreme Gigabit
>> >> > Ethernet:
>> >> > MAC address is 00:0F:1F:66:CF:62
>> >> > IP address is static
>> >> > IP address: 192.168.5.6
>> >> > DNS servers:
>> >> > Warning: 192.168.5.6 (<name unavailable>)
>> >> > [Invalid]
>> >> > 192.168.1.20 (<name unavailable>) [Valid]
>> >> > 192.168.5.7 (<name unavailable>) [Valid]
>> >> > The A record for this DC was found
>> >> > The SOA record for the Active Directory zone was
>> >> > found
>> >> > The Active Directory zone on this DC/DNS server was
>> >> > found
>> >> > (primary)
>> >> > Root zone on this DC/DNS server was not found
>> >> >
>> >> > TEST: Forwarders/Root hints (Forw)
>> >> > Recursion is enabled
>> >> > Forwarders are not configured on this DNS server
>> >> > Root hint Information:
>> >> > Name: a.root-servers.net. IP: 198.41.0.4
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: b.root-servers.net. IP: 192.228.79.201
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: c.root-servers.net. IP: 192.33.4.12
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: d.root-servers.net. IP: 128.8.10.90
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: DC01.domain.com. IP: 192.168.1.20 [Valid]
>> >> > Name: DC02.other.domain.com. IP: 192.168.1.10
>> >> > [Valid]
>> >> > Name: e.root-servers.net. IP: 192.203.230.10
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: f.root-servers.net. IP: 192.5.5.241
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: g.root-servers.net. IP: 192.112.36.4
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: h.root-servers.net. IP: 128.63.2.53
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: i.root-servers.net. IP: 192.36.148.17
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: j.root-servers.net. IP: 192.58.128.30
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: k.root-servers.net. IP: 193.0.14.129
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: l.root-servers.net. IP: 199.7.83.42
>> >> > [Invalid
>> >> > (unreachable)]
>> >> > Name: m.root-servers.net. IP: 202.12.27.33
>> >> > [Invalid
>> >> > (unreachable)]
>> >> >
>> >> > TEST: Delegations (Del)
>> >> > No delegations were found in this zone on this DNS
>> >> > server
>> >> >
>> >> > TEST: Dynamic update (Dyn)
>> >> > Dynamic update is enabled on the zone
>> >> > child.domain.com.
>> >> > Test record _dcdiag_test_record added successfully
>> >> > in
>> >> > zone
>> >> > child.domain.com.
>> >> > Test record _dcdiag_test_record deleted
>> >> > successfully
>> >> > in
>> >> > zone child.domain.com.
>> >> >
>> >> > TEST: Records registration (RReg)
>> >> > Network Adapter [00000001] Broadcom NetXtreme
>> >> > Gigabit
>> >> > Ethernet:
>> >> > Matching A record found at DNS server
>> >> > 192.168.5.6:
>> >> > DC1.child.domain.com
>> >> >
>> >> > Error: Missing CNAME record at DNS server
>> >> > 192.168.5.6
>> >> > :
>> >> >
>> >> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>> >> > [Error details: 1460 (Type: Win32 - Description:
>> >> > This
>> >> > operation returned because the timeout period expired.)]
>> >> >
>> >> > Matching DC SRV record found at DNS server
>> >> > 192.168.5.6:
>> >> > _ldap._tcp.dc._msdcs.child.domain.com
>> >> >
>> >> > Error: Missing GC SRV record at DNS server
>> >> > 192.168.5.6
>> >> > :
>> >> > _ldap._tcp.gc._msdcs.domain.com
>> >> > [Error details: 1460 (Type: Win32 - Description:
>> >> > This
>> >> > operation returned because the timeout period expired.)]
>> >> >
>> >> > Matching PDC SRV record found at DNS server
>> >> > 192.168.5.6:
>> >> > _ldap._tcp.pdc._msdcs.child.domain.com
>> >> >
>> >> > Matching A record found at DNS server
>> >> > 192.168.1.20:
>> >> > DC1.child.domain.com
>> >> >
>> >> > Matching CNAME record found at DNS server
>> >> > 192.168.1.20:
>> >> >
>> >> > 8ce8e939-476b-49b8-ae46-f777bd0d232a._msdcs.domain.com
>> >> >
>> >> > Matching DC SRV record found at DNS server
>> >> > 192.168.1.20:
>> >> > _ldap._tcp.dc._msdcs.child.domain.com
>> >> >
>> >> > Matching GC SRV record found at DNS server