Dcdiag for DNS: Test details explained

 

1. dcdiag /test:dns

You may be already familiar with this command but I want to clarify it briefly.

 

2. Below output seems ok

C:\dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:

  Done gathering initial info.

Doing initial required tests

  Testing server: Default-First-Site-Name\BAN-DC01

  Starting test: Connectivity

  ......................... BAN-DC01 passed test Connectivity

Doing primary tests

  Testing server: Default-First-Site-Name\BAN-DC01

DNS Tests are running and not hung. Please wait a few minutes...

  Running partition tests on : ForestDnsZones

  Running partition tests on : DomainDnsZones

  Running partition tests on : Schema

  Running partition tests on : Configuration

  Running partition tests on : gs

  Running enterprise tests on : gs.com

  Starting test: DNS

  ......................... gs.com passed test DNS

C:\

3. Here is some problem with the below output

C:\dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:

 Done gathering initial info.

Doing initial required tests

0 Testing server: Default-First-Site-Name\BAN-DC01

 Starting test: Connectivity

 ......................... BAN-DC01 passed test Connectivity

Doing primary tests

 Testing server: Default-First-Site-Name\BAN-DC01

DNS Tests are running and not hung. Please wait a few minutes...

 Running partition tests on : ForestDnsZones

 Running partition tests on : DomainDnsZones

 Running partition tests on : Schema

 Running partition tests on : Configuration

 Running partition tests on : gs

 Running enterprise tests on : gs.com

 Starting test: DNS

 Test results for domain controllers:

 DC: ban-dc01.gs.com

 Domain: gs.com

 TEST: Forwarders/Root hints (Forw)

 Error: Root hints list has invalid root hint server: a.root-se

rvers.net. (198.41.0.4)

 Error: Root hints list has invalid root hint server: b.root-se

rvers.net. (128.9.0.107)

 Error: Root hints list has invalid root hint server: c.root-se

rvers.net. (192.33.4.12)

 Error: Root hints list has invalid root hint server: d.root-se

rvers.net. (128.8.10.90)

 Error: Root hints list has invalid root hint server: e.root-se

rvers.net. (192.203.230.10)

 Error: Root hints list has invalid root hint server: f.root-se

rvers.net. (192.5.5.241)

 Error: Root hints list has invalid root hint server: g.root-se

rvers.net. (192.112.36.4)

 Error: Root hints list has invalid root hint server: h.root-se

rvers.net. (128.63.2.53)

 Error: Root hints list has invalid root hint server: i.root-se

rvers.net. (192.36.148.17)

 Error: Root hints list has invalid root hint server: j.root-se

rvers.net. (192.58.128.30)

 Error: Root hints list has invalid root hint server: k.root-se

rvers.net. (193.0.14.129)

 Error: Root hints list has invalid root hint server: l.root-se

rvers.net. (198.32.64.12)

 Error: Root hints list has invalid root hint server: m.root-se

rvers.net. (202.12.27.33)

 Summary of test results for DNS servers used by the above domain contro

llers:

 DNS server: 128.63.2.53 (h.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 128.63.2.53

 DNS server: 128.8.10.90 (d.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 128.8.10.90

 DNS server: 128.9.0.107 (b.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 128.9.0.107

 DNS server: 192.112.36.4 (g.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.112.36.4

 DNS server: 192.203.230.10 (e.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.203.230.10

 DNS server: 192.33.4.12 (c.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.33.4.12

 DNS server: 192.36.148.17 (i.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.36.148.17

 DNS server: 192.5.5.241 (f.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.5.5.241

 DNS server: 192.58.128.30 (j.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 192.58.128.30

 DNS server: 193.0.14.129 (k.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 193.0.14.129

 DNS server: 198.32.64.12 (l.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 198.32.64.12

 DNS server: 198.41.0.4 (a.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 198.41.0.4

 DNS server: 202.12.27.33 (m.root-servers.net.)

 1 test failure on this DNS server

 This is not a valid DNS server. PTR record query for the 1.0.0.12

7.in-addr.arpa. failed on the DNS server 202.12.27.33

 Summary of DNS test results:

 Auth Basc Forw Del  Dyn  RReg Ext

 ________________________________________________________________

 Domain: gs.com

 ban-dc01  PASS PASS FAIL PASS PASS PASS n/a

 ......................... gs.com failed test DNS

 

4. DNS test result details explained

What is the "Auth" "Basc"" Forw" "Del"  "Dyn"  "RReg" "Ext"?

 

5. Forw

The issue above is with the DNS forwarders(Forw. Might be that not configured or forwarders are not working properly. For checking the issue you can use these commands:

**1 Nslookup google.com <forwarder IP> **

2 PortQry.exe -n <forwarder IP> -e 53 -p both

6. RReg

Now what “RReg” is & what should you do if it is failed?

resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running?

If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific).

Also check all SRV records of the problematic DC.

Troubleshooting SRV Record Registration

7. Dyn

Issue:  TEST: Dynamic update (Dyn)

  Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local

Resolution : This issue can occur if both the methods of Dynamic updates is selected on the DNS Server – “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f99e7099-b861-4400-a891-5f0a9492921e

8. Ext

Issue:

Have run the "Dcdiag /test:DNS /DnsResolveExtName /DnsInternetName:google.com" & got the below result.

Resolution: Check your ISP forwarders.

 

Value

Description

Basc

/DnsBasic Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence.

Del

/DnsDelegation  Performs the /DnsBasic tests, and also checks for proper delegations.

Forw

/DnsForwarders Performs the /DnsBasic tests, and also checks the configuration of forwarders.

Dyn

/DnsDynamicUpdate Performs /DnsBasic tests, and also determines if dynamic update is enabled in the Active Directory zone.

RReg

/DnsRecordRegistration Performs the /DnsBasic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results.

Ext

/DnsResolveExtName Performs the /DnsBasic tests, and also attempts to resolve InternetName. If /DnsInternetName is not specified, attempts to resolve the name www.microsoft.com. If /DnsInternetName is specified, attempts to resolve the Internet name supplied by the user.

See the links for details.

• http://technet.microsoft.com/en-us/library/cc731968(v=ws.10).aspx
• http://technet.microsoft.com/en-us/library/cc776854(v=ws.10).aspx

9. Use /E switch for testing the all DNS servers.

See the below snap. I have two(2) DCs in my test environment.

 

10. See also

• DNS Zone Backup & Restoration
• Need to Convert "A" Record From Lowercase to Uppercase - Part 1 
• DNS Design-DNS Zones for per Organization Units
• Command to Troubleshoot DNS Issues (Nslookup Advance Usage)
• AD Integrated Conditional Forwarder
• When the User Is a Normal Domain User, How to Provide the Read Permission on a DNS Log for a Particular DNS Server
• DNS Read-Only Console on 2003-Multi Domain Environment