I manage a GC with DNS for one of our branch offices. While there have not been any issues, part of the the /test:DNS results indicates errors that I would like to address.
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
125.170.93.234 (<name unavailable>) [Invalid]
210.145.254.170 (<name unavailable>) [Invalid]
8.8.4.4 (<name unavailable>) [Invalid]
8.8.8.8 (<name unavailable>) [Invalid]
Error: All forwarders in the forwarder list are invalid.
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 199.9.14.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
Name: h.root-servers.net. IP: 198.97.190.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
As can be seen above, I have forwarders enabled. The first two are from the ISP, the second two are public Google DNS. While ISP DNS servers are preferred, I added the Google DNS to help investigate this issue. I have no problems removing it, though it does
not resolve the problems.
Questions #1: Why is the name unavailable?
Running nslookup on all of the forwarder IPs and root IP returns the name as expected. Here are several queries run on the DNS server.
C:\>nslookup 125.170.93.234
Server: dc01.site01.company.org
Address: 172.21.4.253
Name: nv-ku501.ocn.ad.jp
Address: 125.170.93.234
C:\>nslookup 8.8.4.4
Server: dc01.site01.company.org
Address: 172.21.4.253
Name: google-public-dns-b.google.com
Address: 8.8.4.4
C:\>nslookup 198.41.0.4
Server: dc01.site01.company.org
Address: 172.21.4.253
Name: a.root-servers.net
Address: 198.41.0.4
C:\>nslookup 199.9.14.201
Server: dc01.site01.company.org
Address: 172.21.4.253
Name: b.root-servers.net
Address: 199.9.14.201
The next section:
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 125.170.93.234 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 125.170.93.234
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.203.230.10
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.33.4.12
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.36.148.17
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.5.5.241
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 193.0.14.129
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 198.41.0.4
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 198.97.190.53 (h.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 198.97.190.53
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.7.83.42
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.7.91.13
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 199.9.14.201 (b.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 199.9.14.201
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 202.12.27.33
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 210.145.254.170 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 210.145.254.170
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 8.8.4.4 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 8.8.4.4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.company.org. failed on the DNS server 8.8.8.8
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 172.21.4.253 (DC-Foo01)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: Site01.company.org
DC-Foo01 PASS PASS FAIL PASS PASS PASS n/a
......................... company.org failed test DNS
Question #2: Why is it querying the forwarders and root servers for these internal records? This is an internal DNS server, so I would not expect or desire any of the following DNS queries would resolve. My guess is that this is that this is due to the unfortunate name domain name: *.org, which is ideally for public DNS. This name was decided on long before I started working here and is not something that I can change. Other than changing the name, is there anything I can or should do to fix this?