1. dcdiag /test:dns

You may be already familiar with this command but I want to clarify it briefly.

 

2. Below output seems ok

C:\>dcdiag /test:dns

Domain Controller Diagnosis
Performing initial setup:
  Done gathering initial info.
Doing initial required tests
  Testing server: Default-First-Site-Name\BAN-DC01
  Starting test: Connectivity
  ......................... BAN-DC01 passed test Connectivity
Doing primary tests
  Testing server: Default-First-Site-Name\BAN-DC01
DNS Tests are running and not hung. Please wait a few minutes...
  Running partition tests on : ForestDnsZones
  Running partition tests on : DomainDnsZones
  Running partition tests on : Schema
  Running partition tests on : Configuration
  Running partition tests on : gs
  Running enterprise tests on : gs.com
  Starting test: DNS
  ......................... gs.com passed test DNS
C:\>

3. Here is some problem with the below output

C:\>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
 Done gathering initial info.
Doing initial required tests
0 Testing server: Default-First-Site-Name\BAN-DC01
 Starting test: Connectivity
 ......................... BAN-DC01 passed test Connectivity
Doing primary tests
 Testing server: Default-First-Site-Name\BAN-DC01
DNS Tests are running and not hung. Please wait a few minutes...
 Running partition tests on : ForestDnsZones
 Running partition tests on : DomainDnsZones
 Running partition tests on : Schema
 Running partition tests on : Configuration
 Running partition tests on : gs
 Running enterprise tests on : gs.com
 Starting test: DNS
 Test results for domain controllers:
 DC: ban-dc01.gs.com
 Domain: gs.com
 TEST: Forwarders/Root hints (Forw)
 Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
 Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
 Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
 Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
 Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
 Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
 Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
 Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
 Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
 Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
 Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
 Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
 Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
 Summary of test results for DNS servers used by the above domain contro
llers:
 DNS server: 128.63.2.53 (h.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
 DNS server: 128.8.10.90 (d.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
 DNS server: 128.9.0.107 (b.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107
 DNS server: 192.112.36.4 (g.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
 DNS server: 192.203.230.10 (e.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
 DNS server: 192.33.4.12 (c.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
 DNS server: 192.36.148.17 (i.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
 DNS server: 192.5.5.241 (f.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
 DNS server: 192.58.128.30 (j.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
 DNS server: 193.0.14.129 (k.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
 DNS server: 198.32.64.12 (l.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
 DNS server: 198.41.0.4 (a.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
 DNS server: 202.12.27.33 (m.root-servers.net.)
 1 test failure on this DNS server
 This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
 Summary of DNS test results:
 Auth Basc Forw Del  Dyn  RReg Ext
 ________________________________________________________________
 Domain: gs.com
 ban-dc01  PASS PASS FAIL PASS PASS PASS n/a
 ......................... gs.com failed test DNS

 

4. DNS test result details explained

What is the "Auth" "Basc"" Forw" "Del"  "Dyn"  "RReg" "Ext"?

  

5. Forw

The issue above is with the DNS forwarders(Forw. Might be that not configured or forwarders are not working properly. For checking the issue you can use these commands:

1 Nslookup google.com <forwarder IP> 
2 PortQry.exe -n <forwarder IP> -e 53 -p both

6. RReg

Now what “RReg” is & what should you do if it is failed?

resource registration. ipconfig /registerdns on a server will attempt to register the DNS entries, and report errors in the event log.

Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355. Is the PDC emulator really up and running?

If you want to force a dc to re-register AD specific DNS registrations, you need to use NLTEST /dsregdns (Ipconfig /registerDNS only does host registrations not DC specific).

Also check all SRV records of the problematic DC.

Troubleshooting SRV Record Registration

7. Dyn

Issue:  TEST: Dynamic update (Dyn)

  Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local

Resolution : This issue can occur if both the methods of Dynamic updates is selected on the DNS Server – “Nonsecure and Secure”, please convert the zone to “Secure only” on Dynamic updates.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f99e7099-b861-4400-a891-5f0a9492921e

8. Ext

Issue:

Have run the "Dcdiag /test:DNS /DnsResolveExtName /DnsInternetName:google.com" & got the below result.

Resolution: Check your ISP forwarders.

 

 Value Description   Basc /DnsBasic

Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence.

 Del /DnsDelegation 

Performs the /DnsBasic tests, and also checks for proper delegations.

  Forw

/DnsForwarders

Performs the /DnsBasic tests, and also checks the configuration of forwarders.

 

 Dyn /DnsDynamicUpdate

Performs /DnsBasic tests, and also determines if dynamic update is enabled in the Active Directory zone.

 RReg /DnsRecordRegistration

Performs the /DnsBasic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results.

 Ext /DnsResolveExtName

Performs the /DnsBasic tests, and also attempts to resolve InternetName. If /DnsInternetName is not specified, attempts to resolve the name www.microsoft.com. If /DnsInternetName is specified, attempts to resolve the Internet name supplied by the user.

See the links for details.

9. Use /E switch for testing the all DNS servers.

See the below snap. I have two(2) DCs in my test environment.

 

10. See also