none
BPA error by DNS check RRS feed

  • Question

  • Hi guys,

    we have a buggy problem with one error by BPA scan on one of our RODC (Windows Server 2012 R2 Standard) 

    Error DNS: Zone TrustAnchors secondary servers must respond to queries for the zone.

    DNS is working properly, I don't see any errors in the DNS log, all other RODC with W2012R2 are also working without any problem and BPA Scan there, shows no such error. Google was not also very helpful.

    ah, and we don't use DNSSEC.

    How can I solve this error if it is real "error" at all or should I add it to the exclusions?

    Thanks in advance


    • Edited by kondio Monday, May 27, 2019 11:20 AM
    Monday, May 27, 2019 11:18 AM

All replies

  • Hello kondio,

    Thank you for posting in this forum.

    Have you checked the information in this article: DNS: Zone <zone name> secondary servers must respond to queries for the zone?

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 28, 2019 3:01 AM
  • Hi Leon,

    I've checked the link but we don't use Trusted Zone Transfer. All our zones are AD integrated. 

    thanks

    Wednesday, May 29, 2019 8:29 AM
  • Hi Leon,

    I thought as well that I could ignore it but the problem is that I did the DNS BPA Scan on another RODC servers where we use the same configuration only different IP Addresses and only on this server, we get this message and there are no exclusions set on the other servers (they are very "fresh"). That's why I decided to ask in case I miss something or there is some kind of problem with the network.

    Thanks

    Friday, May 31, 2019 7:34 AM
  • Hi kondio,

    Then I would suggest you check the method provided by Psyr3n in this article to see if it helps.

    DNS BPA error Server 2012

    Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 31, 2019 9:39 AM
  • Hi Leon,

    ok, I will re-check the information there because there are additional links there and I have to check each one of them for more information. I will let you know if this worked.

    Thanks

    Friday, May 31, 2019 11:25 AM
  • Hi Leon,

    I checked the info but didn't helped much. I wonder if there might be some kind of strange network issue.

    thanks

    Tuesday, June 4, 2019 12:59 PM
  • Hi kondio,

    I can't be 100% sure that there is no problem.

    But I did a lot of research and found that even if BPA shows this error, their DNS server is always running, no problem.

    Best Regards,

    Leon


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 5, 2019 6:46 AM