Hello All,
have an issue with our dns root zone and I believe it is due to permissions
that I set incorrectly. I was working with AD and DNS changing the groups
allowed access on the security tab, between those actions I ended up removing
the group/groups I that allow access to this zone. Now the MMC will load up the
_msdcs.domain.com in the forward lookup but not the domain.com zone, I see a
red circle with a white horizontal line through its middle, the error I get is
as follows:<o:p></o:p>
Zone not
loaded by DNS Server<o:p></o:p>
The DNS
server encountered a problem while attempting to load the zone. The zone data
may not be available in Active Directory, or the zone data is corrupt.<o:p></o:p>
Correct the
problem then either press F5, or on the Action menu, click Refresh.<o:p></o:p>
For more
information about troubleshooting DNS zone problems, see help.<o:p></o:p>
When I
click on the zone for properties all actions are grayed out except for the
following:<o:p></o:p>
All tasks
but the options under that are grayed out, View, Delete, Refresh, Help<o:p></o:p>
I ran
dcdiag /test:dns /v /e all results were as follows:<o:p></o:p>
Auth =
Pass, Basc = Pass, Forw = Pass, Del = Fail, Dyn = Pass, RReg = Pass, Ext = n/a<o:p></o:p>
Test:
Delegations (DEL)<o:p></o:p>
Error<o:p></o:p>
Failed to
enumerate the records at the zone root on the server domain.<o:p></o:p>
Error
details: 5 (Type:Win32 - Description: Access is denied)<o:p></o:p>
So what do
you guys think? DNS is functioning and I have no errors in my logs to
reference, I believe I have simply removed my access to the zone and that is
why it will not load in the DNS mmc. My account is a member of DNS admins,
enterprise admins, domain admins, administrators and a few others but those are
the ones I thought would be relevant.<o:p></o:p>