I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing “DCDIAG /TEST:DNS” with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.
The error looked something like this:
P:>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SITE\DC01
Starting test: Connectivity
……………………. DC01 passed test Connectivity
Doing primary tests
Testing server: SITE\DC01
DNS Tests are running and not hung. Please wait a few minutes…
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : DOMAIN
Running enterprise tests on : DOMAIN.com
Starting test: DNS
Test results for domain controllers:
DC: DC01.DOMAIN.COM
Domain: DOMAIN.com
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________
Domain: DOMAIN.com
DC01 PASS PASS FAIL PASS WARN PASS n/a
……………………. DOMAIN.com failed test DNS
It looks pretty horrific - DNS is failing at a basic level! It turns out that the actual issue is an old version of DCDIAG.EXE. After several hours and a lot of head scratching I checked the versions of the DCDIAG.EXE (normally c:\Program Files\Support Tools\dcdiag.exe) and “Lo! And Behold!” the version was different. I downloaded the Windows Server 2003 Support Tools R2, uninstalled the old version (v5.2.3790.1800) and installed the new one (v5.2.3790.3959).
Et voila! The working test…
P:>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: SITE\DC01
Starting test: Connectivity
……………………. DC01 passed test Connectivity
Doing primary tests
Testing server: SITE\DC01
DNS Tests are running and not hung. Please wait a few minutes…
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : DOMAIN
Running enterprise tests on : DOMAIN.com
Starting test: DNS
Test results for domain controllers:
DC: DC01.DOMAIN.COM
Domain: DOMAIN.com
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________
Domain: DOMAIN.com
DC01 PASS PASS PASS PASS WARN PASS n/a
……………………. DOMAIN.com passed test DNS