DNS issue - problem accessing certain websites 2

[scottew]

I recently migrated from a SBS 2003 domain to a regular 2008 Domain. I have 2 DC's running Server 2008 R2. I am now having a problem accessing a few websites.

On DC1, I have the primary DNS server pointing to itself and the secondary is DC2. On DC2, the primary is DC1 and secondary is DC2. In the DCHP scope, I have DC1 as primary and DC2 as secondary.

I noticed that there are several entries in the Event Viewer under DNS Server with Event ID 5504

Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 3/9/2011 10:31:42 AM
Event ID: 5504
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DC2.ahs.local
Description:
The DNS server encountered an invalid domain name in a packet from 64.14.93.22. The packet will be rejected. The event data contains the DNS packet.

On DC1, I ran dcdiag /test:dns and got the following results.

C:\Windows\system32>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC1

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... DC1 passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : ahs

Running enterprise tests on : ahs.local
Starting test: DNS
Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30

DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

......................... ahs.local passed test DNS

C:\Windows\system32>

On a workstation, if I enter a DNS server from our ISP, I am able to access the websites so I know it is not a problem with the website.

Any help would be greatly appreciated.

Thanks,
Scott

 

[technome]

On DC2, the primary is DC1 and secondary is DC2."
I set it up as the primary as the server itself, DC2, primary DC2 secondary DC1. If you lose DC1, DC2 with DC1 as primary will have long delays as it searches for a DNS server which is not present, if not failures.

Those errors referenced reguard IPV6, I sure you did not setup for ver6 only IPV4, so disable it (uncheck it) in the NIC properties, there is a bit more to disabling all the components (google it) but disabling it in the NIC properties should suffice.

Rerun DCDiag with the /v switch, also NetDiag /v after you disable IPV6 and a reboot.




........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[58sniper]

And set up proper upstream DNS servers as forwarders so you're not hitting the root servers.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.exchangeblogs.com/

 

[scottew]

Thanks guys. I set up the forwarders and disabled IPv6 and all is well.

Thanks,
Scott

 

[technome]

Scott, also as to the forwarders, use at least two different ISP's DNS servers. Around my neck of the woods, the ISPs forget to inform you when they will be messing (up, off-lining) with their DNS servers.


........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm