roots hints list error

[capkirk]

had a domain controller crash several weeks ago, it did not hold any of the fsmo roles, but was a DC and did DNS.

everything seemed to be okay until today, when several people started having issues with their redirected My Documents folders. (we redirect all My Doc folders to file server).

severall users even couldnt open Excel files that were on their desktops (pc just locked up), but if I unplugged them from the network all of a sudden the PC ran like lightning.

I did the DCDIAG/ testNS on one of the servers and I get all of these errors I have posted below. first, I dont recognize any of these root hint servers, is there a way to clear them out?
secondly, I get the error:
Warning: Dynamic update is enabled on the zone but not secure

is this also something to worry about? should I make it secure?

here is the errors I received:

C:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\MYSERVER5
Starting test: Connectivity
......................... MYSERVER5 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\MYSERVER5

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : mydomain

Running enterprise tests on : mydomain.com
Starting test: DNS
Test results for domain controllers:

DC: myserver5.mydomain.com
Domain: mydomain.com


TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (39.13.229.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (199.7.83.42)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)

TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
mydomain.com.

Summary of test results for DNS servers used by the above domain contro
llers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 199.7.83.42

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33

DNS server: 39.13.229.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 39.13.229.241

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: mydomain.com
myserver5 PASS PASS FAIL PASS WARN PASS n/a

......................... mydomain.com failed test DNS

C:\>

 

[r8j8t]

Yes you can manualy delete root hints. The root hints are stored in the file called cache.dns.
An secure update is option in DNS when you have AD integrated zones.
An secure DNS will populate zone transfers only with only specfic DNS servers. This prevents root poisening.
When secure update is not selected the DNS server has tendancy to have its zone records dynamicaly updated with any DNS server.
In your case it looks like your DNS have got record for its root hints from some unsourcced DNS server.

Is your DNS server is internal DNS server or front end DNS box.
Also do you host your domain or it is ISP which does that.