DNS 4010 Errors

  • Thread starter Thread starter Reed Wiedower
  • Start date Start date
R

Reed Wiedower

Since yesterday all 3 of my active directory integrated DNS servers have
been coughing up tons of 4010 errors. The error looks like this:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4010
Date: 4/28/2004
Time: 1:35:12 PM
User: N/A
Computer: **********
Description:
The DNS server was unable to load a resource record (RR) from the directory
at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa. Use the DNS
console to recreate this RR or check that the Active Directory is
functioning properly and reload the zone. The event data contains the error.


The resource records in question are all behind the firewall using a private
address scheme. Any idea what might be going on? Thanks.

end of line,

Reed Wiedower
 
In
Reed Wiedower said:
Since yesterday all 3 of my active directory integrated DNS servers
have been coughing up tons of 4010 errors. The error looks like this:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4010
Date: 4/28/2004
Time: 1:35:12 PM
User: N/A
Computer: **********
Description:
The DNS server was unable to load a resource record (RR) from the
directory at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa.
Use the DNS console to recreate this RR or check that the Active
Directory is functioning properly and reload the zone. The event data
contains the error.


The resource records in question are all behind the firewall using a
private address scheme. Any idea what might be going on? Thanks.

end of line,

Reed Wiedower
Click to expand...

The error only mentions one IP, so are you saying it for mutliple IPs and is
it just the reverse zone or both the forward and reverse zones?

Did you try to delete 192.168.0.32 (or any of the other records) to see if
the errors go away? When you recreated it, did it go away? Or if dynamic
update recreated it, dose the error come back?

Did you also try to reload the zone in question?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
It is for just the reverse zone (several IP addresses in that zone).

I have reloaded the zone several times to no avail.

The ip addresses in question are valid, so I don't wish to delete the ptr
records...

eol,

Reed


"Ace Fekay [MVP]"
 
can you provide some information regarding how your DNS is setup? who is
primary, who is secondary, who is forwarding to whom, who is using whom for
what, is dynamic update enabled, any other error beside 4010?

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
MVP - Directory Services
www.readymaids.com - got SPAM problems?
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
 
The DNS is fully AD-integrated, with dynamic update enabled.

The 4010 errors are the only ones that are showing up, and they occur once
for each of the client workstations that are in the private zone.

Each of the DNS servers (there are 3 of them) has their own ip address
entered in as the first DNS server to check, and then requests go to one of
the three.

eol,

Reed
 
In
Reed Wiedower said:
The DNS is fully AD-integrated, with dynamic update enabled.

The 4010 errors are the only ones that are showing up, and they occur
once for each of the client workstations that are in the private zone.

Each of the DNS servers (there are 3 of them) has their own ip address
entered in as the first DNS server to check, and then requests go to
one of the three.

eol,

Reed
Click to expand...

I would first suggest to point to a partner DNS as the first entry, then to
itself as the 2nd entry. This is as long as the partner DC/DNS is on the
same subnet or Site. If across a WAN link, then point to itself first. This
eliminates some minor issues, and not saying it will eliminate this, but it
will not hurt. As a consensus, among the MVPs and the MS engineers, it's
actually best practice to follow this. There's also an article mentioning
this as well.

As for the reverse zone, you can delete it without worrying about the
entries, since they WILL come back with registration. What I believe is that
the zone may be corrupted. If you delete the zone and re-create it, I think
at this time it may be beneficial for your case. First make the zone a
Primary. Make sure it is also removed on all DC/DNS servers. Then recreate
it on one of the servers, then make it AD Integrated, then wait a few
minutes for replication to occur (depending onyour replication topology) and
add the zone back in on the other servers, making it AD Integrated as well.

You didn't mention if you use forwarders. I would suggest to use a forwarder
for efficient Internet resolution. Forwarders will also alleviate some
possible Event log errors. You can use 4.2.2.2 as a forwarder. It works
well.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
It didn't work. I deleted the zone completely, replicated the information to
the other two DCs and made sure it vanished from their systems. After
deleting it completely, I recreated it on one and replicated it to all 3,
using AD.

Sure enough, it started coughing up errors shortly thereafter.

I'm fine with the forwarders, and with switching the order of the dns
servers but I just want to know why these errors are occurring and how to
prevent them.

end of line,

Reed


"Ace Fekay [MVP]"
 
Back
Top