Table of Contents 1.dcdiag /test:dns2. Below output seems ok3. H ere is some problem with the below output4.Now what are the "Auth" "Basc"" Forw" "Del" "Dyn" "RReg" "Ext"?5. Forw6. RReg7. Dyn8.Ext9. Use /E switch for testing the all DNS servers. See the below snap. I have two(2) DCs in my test environment.10.My Other TechNet WIKIs For DNS 1.dcdiag /test:dns You may be already familiar with this command but I want to clarify it briefly. 2. Below output seems ok C:\>dcdiag /test:dns
C:\>dcdiag /test:dns
Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\BAN-DC01 Starting test: Connectivity ......................... BAN-DC01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\BAN-DC01 DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : gs Running enterprise tests on : gs.com Starting test: DNS ......................... gs.com passed test DNS C:\> 3. Here is some problem with the below output C:\>dcdiag /test:dns Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\BAN-DC01 Starting test: Connectivity ......................... BAN-DC01 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\BAN-DC01 DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : gs Running enterprise tests on : gs.com Starting test: DNS Test results for domain controllers: DC: ban-dc01.gs.com Domain: gs.com TEST: Forwarders/Root hints (Forw) Error: Root hints list has invalid root hint server: a.root-se rvers.net. (198.41.0.4) Error: Root hints list has invalid root hint server: b.root-se rvers.net. (128.9.0.107) Error: Root hints list has invalid root hint server: c.root-se rvers.net. (192.33.4.12) Error: Root hints list has invalid root hint server: d.root-se rvers.net. (128.8.10.90) Error: Root hints list has invalid root hint server: e.root-se rvers.net. (192.203.230.10) Error: Root hints list has invalid root hint server: f.root-se rvers.net. (192.5.5.241) Error: Root hints list has invalid root hint server: g.root-se rvers.net. (192.112.36.4) Error: Root hints list has invalid root hint server: h.root-se rvers.net. (128.63.2.53) Error: Root hints list has invalid root hint server: i.root-se rvers.net. (192.36.148.17) Error: Root hints list has invalid root hint server: j.root-se rvers.net. (192.58.128.30) Error: Root hints list has invalid root hint server: k.root-se rvers.net. (193.0.14.129) Error: Root hints list has invalid root hint server: l.root-se rvers.net. (198.32.64.12) Error: Root hints list has invalid root hint server: m.root-se rvers.net. (202.12.27.33) Summary of test results for DNS servers used by the above domain contro llers: DNS server: 128.63.2.53 (h.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 128.63.2.53 DNS server: 128.8.10.90 (d.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 128.8.10.90 DNS server: 128.9.0.107 (b.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 128.9.0.107 DNS server: 192.112.36.4 (g.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.112.36.4 DNS server: 192.203.230.10 (e.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.203.230.10 DNS server: 192.33.4.12 (c.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.33.4.12 DNS server: 192.36.148.17 (i.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.36.148.17 DNS server: 192.5.5.241 (f.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.5.5.241 DNS server: 192.58.128.30 (j.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 192.58.128.30 DNS server: 193.0.14.129 (k.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 193.0.14.129 DNS server: 198.32.64.12 (l.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 198.32.64.12 DNS server: 198.41.0.4 (a.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 198.41.0.4 DNS server: 202.12.27.33 (m.root-servers.net.) 1 test failure on this DNS server This is not a valid DNS server. PTR record query for the 1.0.0.12 7.in-addr.arpa. failed on the DNS server 202.12.27.33 Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: gs.com ban-dc01 PASS PASS FAIL PASS PASS PASS n/a ......................... gs.com failed test DNS 4.Now what are the "Auth" "Basc"" Forw" "Del" "Dyn" "RReg" "Ext"? 5. Forw The issue above is with the DNS forwarders(Forw. Might be that not configured or forwarders are not working properly. For checking the issue you can use these commands: 1 Nslookup google.com <forwarder IP> 2 PortQry.exe -n <forwarder IP> -e 53 -p both 6. RReg Now what “RReg” is & what should you do if it is failed? resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running? If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific). Also check all SRV records of the problematic DC. Troubleshooting SRV Record Registration 7. Dyn Issue: TEST: Dynamic update (Dyn) Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local Resolution : This issue can occur if both the methods of Dynamic updates is selected on the DNS Server – “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f99e7099-b861-4400-a891-5f0a9492921e 8.Ext Issue: Have run the "Dcdiag /test:DNS /DnsResolveExtName /DnsInternetName:google.com" & got the below result. Resolution: Check your ISP forwarders. Value Description Basc /DnsBasic Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence. Del /DnsDelegation Performs the /DnsBasic tests, and also checks for proper delegations. Forw /DnsForwarders Performs the /DnsBasic tests, and also checks the configuration of forwarders. Dyn /DnsDynamicUpdate Performs /DnsBasic tests, and also determines if dynamic update is enabled in the Active Directory zone. RReg /DnsRecordRegistration Performs the /DnsBasic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results. Ext /DnsResolveExtName Performs the /DnsBasic tests, and also attempts to resolve InternetName. If /DnsInternetName is not specified, attempts to resolve the name www.microsoft.com. If /DnsInternetName is specified, attempts to resolve the Internet name supplied by the user. See the links for details. http://technet.microsoft.com/en-us/library/cc731968(v=ws.10).aspx http://technet.microsoft.com/en-us/library/cc776854(v=ws.10).aspx 9. Use /E switch for testing the all DNS servers. See the below snap. I have two(2) DCs in my test environment. ____________________________________________________________________________________________________________________________ 10.My Other TechNet WIKIs For DNS Nos. My Other TechNet WIKIs For DNS 1 DNS Zone Backup & Restoration 2 Need to Convert "A" Record From Lowercase to Uppercase - Part 1 3 Need to Convert "A" Record From Lowercase to Uppercase - Part 2 4 DNS Design-DNS Zones for per Organization Units 5 Best practices for DNS client settings on DC and domain members 6 Command to Troubleshoot DNS Issues (Nslookup Advance Usage) 7 AD Integrated Conditional Forwarder 8 When the User Is a Normal Domain User, How to Provide the Read Permission on a DNS Log for a Particular DNS Server 9 DNS Read-Only Console on 2003-Multi Domain Environment ____________________________________________________________________________________________________________________________ Regards Biswajit Biswas My Blogs|TechnetWiki Ninja Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BAN-DC01
Starting test: Connectivity
......................... BAN-DC01 passed test Connectivity
Doing primary tests
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : gs
Running enterprise tests on : gs.com
Starting test: DNS
......................... gs.com passed test DNS
C:\>
Test results
for
domain controllers:
DC: ban-dc01.gs.com
Domain: gs.com
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
Summary of test results
DNS servers used by the above domain contro
llers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on
this
DNS server
This is not a valid DNS server. PTR record query
the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.9.0.107 (b.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 192.112.36.4 (g.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.33.4.12 (c.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.32.64.12 (l.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 198.41.0.4 (a.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 202.12.27.33 (m.root-servers.net.)
7.in-addr.arpa. failed on the DNS server 202.12.27.33
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
ban-dc01 PASS PASS FAIL PASS PASS PASS n/a
......................... gs.com failed test DNS
4.Now what are the "Auth" "Basc"" Forw" "Del" "Dyn" "RReg" "Ext"? 5. Forw The issue above is with the DNS forwarders(Forw. Might be that not configured or forwarders are not working properly. For checking the issue you can use these commands: 1 Nslookup google.com <forwarder IP> 2 PortQry.exe -n <forwarder IP> -e 53 -p both 6. RReg Now what “RReg” is & what should you do if it is failed? resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running? If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific). Also check all SRV records of the problematic DC. Troubleshooting SRV Record Registration 7. Dyn Issue: TEST: Dynamic update (Dyn) Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local Resolution : This issue can occur if both the methods of Dynamic updates is selected on the DNS Server – “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f99e7099-b861-4400-a891-5f0a9492921e 8.Ext Issue: Have run the "Dcdiag /test:DNS /DnsResolveExtName /DnsInternetName:google.com" & got the below result. Resolution: Check your ISP forwarders. Value Description Basc /DnsBasic Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence. Del /DnsDelegation Performs the /DnsBasic tests, and also checks for proper delegations. Forw /DnsForwarders Performs the /DnsBasic tests, and also checks the configuration of forwarders. Dyn /DnsDynamicUpdate Performs /DnsBasic tests, and also determines if dynamic update is enabled in the Active Directory zone. RReg /DnsRecordRegistration Performs the /DnsBasic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results. Ext /DnsResolveExtName Performs the /DnsBasic tests, and also attempts to resolve InternetName. If /DnsInternetName is not specified, attempts to resolve the name www.microsoft.com. If /DnsInternetName is specified, attempts to resolve the Internet name supplied by the user.
1 Nslookup google.com <forwarder IP>
2 PortQry.exe -n <forwarder IP> -e 53 -p both 6. RReg Now what “RReg” is & what should you do if it is failed? resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log. Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running? If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific). Also check all SRV records of the problematic DC. Troubleshooting SRV Record Registration
resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running? If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific). Also check all SRV records of the problematic DC.
Troubleshooting SRV Record Registration
Issue: TEST: Dynamic update (Dyn) Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local Resolution : This issue can occur if both the methods of Dynamic updates is selected on the DNS Server – “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates. http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f99e7099-b861-4400-a891-5f0a9492921e
Issue: Have run the "Dcdiag /test:DNS /DnsResolveExtName /DnsInternetName:google.com" & got the below result.
Resolution: Check your ISP forwarders.
/DnsForwarders
Performs the /DnsBasic tests, and also checks the configuration of forwarders.
____________________________________________________________________________________________________________________________
____________________________________________________________________________________________________________________________ Regards Biswajit Biswas My Blogs|TechnetWiki Ninja
Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
Richard Mueller edited Revision 50. Comment: Fixed tags
Naomi N edited Revision 48. Comment: Minor corrections, more tags