netdiag DNS test failure on DC

[manners]

Hello.

We have two DCs for our domain, both run DNS using themselves as primary and the other as its secondary server. We recently had some replication problems which were tracked down to DNS (missing CNAME record) but when I run netdiag /test:dns on the PDC I get several errors which are essentially; "The DNS entries for this DC are not registered correctly on DNS Server <IP address>". This is listed for several IP addresses.

We use AD integrated DNS. I run the same test on the other DC with no problems. The serial number for both forward lookup zones is identical. What can cause this problem?

Thanks in advance.

 

[vbrocks]

Try flushing the dns cache on the failed server....

 

[manners]

Yeah tried that and still get the same error.

 

[vbrocks]

Did you check out the ip addresses and their associated records in DNS to see what was going on?

 

[vbrocks]

The DNS entries for this DC are not registered correctly on DNS Server <IP address>".

Are you saying it is listing other dns servers' ip addresses?

 

[manners]

Yeah there are six IP addresses listed, each one under the same error.

I've looked at DNS on both the machine its fine on and the faulty one, the serial number for the forward lookup zones are the same and I cant see any obvious problems with any of the records.

 

[vbrocks]

If you ping the ip addresses do they ping ok?
If you use Internet explorer to go to the ip addresses, where does it take you?

 

[manners]

I can ping them all, two of the IP addresses are local and are assigned to our failing DC (its own IP and the loopback IP). Two are IP addresses of forwarders setup and two I dont know where they've come from. Putting the two I do not recognise into a web browser gives me nothing.

 

[beerhunter2]

I'm no expert with DNS, but shouldn't you only have one primary and one secondary DNS server? You say that each of your DNS servers are set so they are the primary. Wouldn't this cause a conflict?

Are you getting any DNS errors in your event logs?

Help! I've fallen and I can't reach my beer.

 

[vbrocks]

What are the two that are setup as forwarders. Are they above your domain in the hierarchy or root servers? Are they your ISP? How is your domain setup?

 

[manners]

The TCP/IP configuration of the failing server has itself as its primary DNS server, and the other DNS as its secondary. In DNS for the failing server we have set two external DNS servers in the forwarders tab. These DNS servers are just the two given to us by our ISP.

We have only one domain; ourcompany.co.uk. and the DNS server we house internally is the authority for the forward lookup zone ourcompany.co.uk.

 

[vbrocks]

Have both servers been enabled for dynamic updates?

 

[manners]

Yes both are set to only allow secure dynamic updates.

 

[vbrocks]

try running ipconfig /registerdns and restart netlogon on each dns server, then try the diags again.....

 

[manners]

Done and still get the same problem. This is a strange one, replication seems to be working OK so i'm not sure whether this is a serious problem or not.

 

[vbrocks]

Is the DNS zone for your Active Directory domain set to "Active Directory Integrated"?

Check the option to NOT allow recursion on this domain.