DNS Passed But Errors on New Domain Controller

Paul R 21

I had an old domain controller, that had been original for the domain, fail without opportunity for proper demotion. I cleaned up AD/DNS/etc... on remaining DC which is running Win Server 2008R2. Migrated DC/Domain to 2008R2 level and then promoted a new Win Server 2019 box as a second DC. Had to then resolve some DNS issues, but appear to have that sorted now and both DCs show proper info in DNS.
My question is, when I run dcdiag /test:dns it comes back quick and short and pass on the original DC, but although passed on new DC, have a lot of extra entries that appear to be external queries that stated failed. Again, overall says passed DNS test, but wonder what the extra is..?

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DCAPCLD
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCAPCLD
Starting test: Connectivity
......................... DCAPCLD passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCAPCLD

  Starting test: DNS

     DNS Tests are running and not hung. Please wait a few minutes...
     ......................... DCAPCLD passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : presenceus

Running enterprise tests on : presenceus.org
Starting test: DNS
Summary of test results for DNS servers used by the above domain controllers:

        DNS server: 128.63.2.53 (h.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
        DNS server: 128.8.10.90 (d.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
        DNS server: 128.9.0.107 (b.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
        DNS server: 198.32.64.12 (l.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
        DNS server: 2001:500:12::d0d (g.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:12::d0d
        DNS server: 2001:500:1::53 (h.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::53
        DNS server: 2001:500:200::b (b.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:200::b
        DNS server: 2001:500:2::c (c.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c
        DNS server: 2001:500:2d::d (d.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
        DNS server: 2001:500:2f::f (f.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
        DNS server: 2001:500:9f::42 (l.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:9f::42
        DNS server: 2001:500:a8::e (e.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:a8::e
        DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
        DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30
        DNS server: 2001:7fd::1 (k.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1
        DNS server: 2001:7fe::53 (i.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53
        DNS server: 2001:dc3::35 (m.root-servers.net.)
           1 test failure on this DNS server
           PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35
     ......................... presenceus.org passed test DNS

Accepted answer

Anonymous

Domain controller's own address should be primary

you have duplicates so just remove the four invalid ones.

                 Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
           ->  Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
                 Name: b.root-servers.net. IP: 199.9.14.201 [Valid]
                 Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
           ->  Name: d.root-servers.net. IP: 128.8.10.90 [Invalid (unreachable)]
                 Name: d.root-servers.net. IP: 199.7.91.13 [Valid]
                 Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                 Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                 Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
           ->  Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
                 Name: h.root-servers.net. IP: 198.97.190.53 [Valid]
                 Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                 Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                 Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
           ->  Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
                 Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                 Name: m.root-servers.net. IP: 202.12.27.33 [Valid]

--please don't forget to Accept as answer if the reply is helpful--

39 additional answers

Anonymous

2020-08-20T16:06:38.147+00:00

Well there are four pages and 30+ replies. I don't think it matters too much. You can mark whatever is appropriate.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Paul R 21 Reputation points

2020-08-20T16:21:52.953+00:00

Well, once I accepted one of your replies, it not longer has the option to accept any other answers. In any case, I greatly appreciate your help!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anonymous

2020-08-20T16:23:44.547+00:00

Sounds good, you're welcome. You could also vote some of the others if you like.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

DNS Passed But Errors on New Domain Controller

39 additional answers

Your answer