Re: Error on Forwarders in my dcdiag results

Spin wrote:
> Experts,

Read inline please.

> Re-posting as I believe I'm close, but still not at the final
> solution.
>
> I have a question concerning a lingering DCOM problem on my test
> AD/DNS
> server at home. To pinpoint why it was trying to use DCOM to
> communicate
> with both of my ISP DNS servers (would occurr about 1-2 times per
> week), I removed one of them as a Forwarder. Sure enough, the DCOM
> error did appear again, but this time only to the one remaining ISP
> DNS server. So I deleted the remaining one and replaced it with the
> oft-recommended Verizon DNS servers: 4.2.2.1 and 4.2.2.2. I ran a
> dcdiag /c /e /v this morning to
> check things out. The result indicated a "test failure" against both
> of
> these new Forwarders, due to a failed "PTR record query for the
> 1.0.0.127.in-addr.arpa". That is where I am confused. I do not have
> a
> 1.0.0.127.in-addr.arpa zone nor do I want one.

You better take a closer look because you do have 1.0.0.127.in-addr.arpa.
PTR and it is in the 127.in-addr.arpa. zone.

I can't find a requirement by RFC for all DNS servers to have a
127.in-addr.arpa. zone, but it is recommended that you have one. Otherwise,
if you use 127.0.0.1 in your DNS server it will send this query to the
internet when you run nslookup against the 127.0.0.1 address. This is one
reason I would give for NOT using 127.0.0.1 as the DNS address, because with
nslookup's behavior of doing a PTR lookup on the DNS server's IP, if you
didn't have the zone it would forward or recurse the PTR.

Personally, I can't think of a good reason for DCDiag to check forwarders to
see if they have a 1.0.0.127.in-addr.arpa. PTR record, but many public
servers do. I assume mainly to prevent a DNS loop, if someone should query
for a PTR for 127.0.0.1.
<more below>

I have:
>
> 0.in-addr.arpa
> 1.168.192.in-addr.arpa <--- only this zone is enabled for dynamic updates
> 127.in-addr.arpa <-------Here is your 127.in-addr.arpa. zone.
> 255.in-addr,arpa
> 40-29.197.x.x.in-addr.arpa

While I cannot be sure, your DCOM error may be related to the delegated
reverse zone, have you verified that it is properly set up and delegated?
<more below>

> I just want the error to go away. Relevant snippet of the dcdiag
> results
> are below:
>
> Summary of test results for DNS servers used by the above domain
> controllers:
>
> DNS server: 4.2.2.1 (<name unavailable>)
> 1 test failure on this DNS server
> This is not a valid DNS server. PTR record query for
> the
> 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1
> [Error details: 9003 (Type: Win32 - Description: DNS
> name
> does not exist.)]

When running these tests, one must carefully take consideration on the tests
and decide if a test that fails is really relevant to you or not. I think it
is more of a warning J I C you consider removing your 127.in-addr.arpa.
zone.
Consider this, your DNS has a 127.in-addr.arpa. zone, is it really relevant
for your forwarder to have a PTR for the localhost address?
As long as you have the zone, it won't forward or try to recurse the PTR. I
can tell you that if you don't have the zone, if you query for the localhost
address PTR, it will put your DNS in a serious loop trying to recurse the
PTR.
<end of inline reply>


--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.

Relevant Pages

  • Re: Error on Forwarders in dcdiag results
    ... The query for 1.0.0.127.in-addr.arpa is looking for a reverse lookup zone on ... webserver for its loopback address I dont know. ... >with my two ISP DNS servers, ...
    (microsoft.public.windows.server.dns)
  • Re: DHCP & DNS
    ... The following RPMs need to be installed on the machine acting as the nameserver ... forward and reverse zone file directives: ... ;2 IN PTR pagham.jaa.org.uk. ...
    (Fedora)
  • Re: DNS and active directory
    ... my other two w2k3 DNS servers are listed so I am guessing ... on my Root domain dns server is set to replicate to "All DNS servers in the ... SHOULD be set to replicate to the forest so that the updates for each zone ... DNS data can be replicated in various application directory partitions (in ...
    (microsoft.public.windows.server.dns)
  • Re: Nameserver scenario with advertisers and resolvers - Solution Sum
    ... These are the two "hidden" DNS servers. ... I setup two more DNS servers in a Primary/Secondary configuration ... I created the zone for the internal domain. ...
    (microsoft.public.windows.server.dns)
  • Re: AD integrated/secondary zone entry discrepancies in W2k forest
    ... The DNS servers are clients too, ... The child domain DNS servers need to be able to query the root domain ... zone, and one way to do that is by having an active-directory integrated ... confusing and it may be simpler to make them all standard secondaries. ...
    (microsoft.public.windows.server.dns)