Skip to main content
DefinIT
DefinIT

DCDIAG /TEST:DNS fails with errors regarding root hint servers

·943 words·5 mins
Sam McGeown
Microsoft Networking Active Directory Networking Windows Windows Server Windows Server 2003
Author
Author
Sam McGeown
Steely-eyed missile man
Warning: This article is now 16 years old! It is highly likely that this information is out of date and the author will have completely forgotten about it. Please take care when following any guidance to ensure you have up-to-date recommendations.

I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing “DCDIAG /TEST:DNS” with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.

The error looked something like this:

P:>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:

   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01

      Starting test: Connectivity

         ……………………. DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes…

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com

      Starting test: DNS

         Test results for domain controllers:

            DC: DC01.DOMAIN.COM

            Domain: DOMAIN.com

               TEST: Forwarders/Root hints (Forw)

                  Error: Root hints list has invalid root hint server: a.root-se

rvers.net. (198.41.0.4)

                  Error: Root hints list has invalid root hint server: b.root-se

rvers.net. (192.228.79.201)

                  Error: Root hints list has invalid root hint server: c.root-se

rvers.net. (192.33.4.12)

                  Error: Root hints list has invalid root hint server: d.root-se

rvers.net. (128.8.10.90)

                  Error: Root hints list has invalid root hint server: e.root-se

rvers.net. (192.203.230.10)

                  Error: Root hints list has invalid root hint server: f.root-se

rvers.net. (192.5.5.241)

                  Error: Root hints list has invalid root hint server: g.root-se

rvers.net. (192.112.36.4)

                  Error: Root hints list has invalid root hint server: h.root-se

rvers.net. (128.63.2.53)

                  Error: Root hints list has invalid root hint server: i.root-se

rvers.net. (192.36.148.17)

                  Error: Root hints list has invalid root hint server: j.root-se

rvers.net. (192.58.128.30)

                  Error: Root hints list has invalid root hint server: k.root-se

rvers.net. (193.0.14.129)

               TEST: Dynamic update (Dyn)

                  Warning: Dynamic update is enabled on the zone but not secure

DOMAIN.com.

         Summary of test results for DNS servers used by the above domain contro

llers:

            DNS server: 128.63.2.53 (h.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 128.63.2.53

            DNS server: 128.8.10.90 (d.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 192.112.36.4 (g.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 192.203.230.10 (e.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.228.79.201 (b.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.33.4.12 (c.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.36.148.17 (i.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.5.5.241 (f.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.58.128.30 (j.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 193.0.14.129 (k.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 198.41.0.4 (a.root-servers.net.)

               1 test failure on this DNS server

               This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 198.41.0.4

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext

               ________________________

            Domain: DOMAIN.com

               DC01                    PASS PASS FAIL PASS WARN PASS n/a

         ……………………. DOMAIN.com failed test DNS

It looks pretty horrific - DNS is failing at a basic level! It turns out that the actual issue is an old version of DCDIAG.EXE. After several hours and a lot of head scratching I checked the versions of the DCDIAG.EXE (normally c:\Program Files\Support Tools\dcdiag.exe) and “Lo! And Behold!” the version was different. I downloaded the Windows Server 2003 Support Tools R2, uninstalled the old version (v5.2.3790.1800) and installed the new one (v5.2.3790.3959).

Et voila! The working test…

P:>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:

   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01

      Starting test: Connectivity

         ……………………. DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes…

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com

      Starting test: DNS

         Test results for domain controllers:

            DC: DC01.DOMAIN.COM

            Domain: DOMAIN.com

               TEST: Dynamic update (Dyn)

                  Warning: Dynamic update is enabled on the zone but not secure

DOMAIN.com.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext

               ________________________

            Domain: DOMAIN.com

               DC01                    PASS PASS PASS PASS WARN PASS n/a

         ……………………. DOMAIN.com passed test DNS