none
microsoft dns server loses connectivity to root hint servers RRS feed

  • Question

  • We are experiencing an odd situation, our DNS/domain controllers keep losing there ability to connect to the root hint servers. This lasts for about 5 minutes and happens a few time everyday. We have hopped on the DNS server while this is happening and have opened a command prompt and were able to successfully ping the root hint servers manually from the DNS servers so we know if is not a internet connectivity issue.

    We ran a dcdiag during the event and saw that the DNS servers were able to connect but they could not connect to the root hint servers.

    DNS server: 8.8.4.4 (<name unavailable>)

               9 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.4.4               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

            DNS server: 8.8.8.8 (<name unavailable>)

               9 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

            DNS server: 192.112.36.4 (g.root-servers.net.)

               8 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

            DNS server: 192.203.230.10 (e.root-servers.net.)

               8 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

            DNS server: 192.228.79.201 (b.root-servers.net.)

               8 test failure on this DNS server

    All help would be appreciated.


    Thursday, October 5, 2017 8:08 PM

All replies

  • Hi Network Lighting,

    >>our DNS/domain controllers keep losing there ability to connect to the root hint servers

    Are there any errors when DC cannot connect to the root hint?

    As far as I know, it is safe to ignore the dcdiag error if the DNS resolution works fine.

    Dcdiag tests the functionality of root hints by sending a reverse DNS lookup query for 1.0.0.127.in-addr.arpa. This record exists on all Windows DNS servers . However, most root hints server does not have such reverser lookup zone which contains 1.0.0.127. in-addr.arpa. or they do not perform recursive lookup. This is why the test failed.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, October 6, 2017 2:35 AM
  • Candy,

    Thanks for your reply,  when the DNS server is unable to connect to the root servers the users  connected to the DNS for, resolution purposes, can no longer get to FQDNs on the internet. We have made sure that this is not an internet connectivity issue since we can ping IP addresses across the internet when this is happening.

    Thanks,

    MP

    Monday, October 9, 2017 3:37 PM
  • Hi MP,

    Thanks for your updating.

    >>can no longer get to FQDNs on the internet.

    You may turn on exhaustive debugging mode of NSlookup, this will display detailed information of name resolving process when you could not get to FQDNS.
    Open Command Prompt on client ,type
    nslookup and type set d2 .Then type FQDN ,we could find out the problem through the process .
    >NSlookup
    >set d2
    >[name which you want to resolve]
    Here is the guide for Nslookup :
    Nslookup
    https://technet.microsoft.com/en-us/library/cc940085.aspx

    In addition,please check the event logs to see if there are some error message for us to troubleshooting.

    Best Regards,
    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 10, 2017 2:23 AM
  • Hi MP,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 16, 2017 8:34 AM
  • Hi MP,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Eirk Whiteway Tuesday, February 20, 2018 11:22 PM
    • Unproposed as answer by Eirk Whiteway Tuesday, February 20, 2018 11:22 PM
    Wednesday, October 25, 2017 9:57 AM
  • I've now had this on several 2016 DNS server - the IPv4 root servers get erased from the server config.  Only IP v6 remain.  Then All IPv4 hits will fail.

    Simply hitting Copy from, and entering any IPv4 root server will re-populate the list.

    I've had this across many clients now in many places.  It is clearly a bug in 2016 DNS server.  I'm tempted to just remove IPv6 from those servers, but I'm not sure what else will break.

    I'm not sure how to report a sever bug - but this is a big one.  and I found enough posts with the issue that it's not just me.

    Tuesday, February 20, 2018 11:26 PM
  • Hi ,

    I would suggest you open a case with Microsoft where more investigation can be done.
     
    Once the issue has been confirmed as system flaw by MS, the consulting fee would be refund.

    Best Regards,

    Candy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, February 21, 2018 2:08 AM