DNS recursive test failed

[Paul]

Hi,

I have dual DCs in my domain both running integrated DNS. Both DNS have
their forwarders set to identical servers. However one of the DNS servers
fails the recursive test. This is extremely puzzling because in all respects
the set up is the same. However there is one error in the DCDIAG that may be
the reason, that is that one of the DCs has a non-convential server name
called server_mycompany; notice the underline in the name. I am wondering if
anyone know if this could be the cause of the recursive error, and how to
fix it?

Thanks,

 

[Herb Martin]

Hi,

I have dual DCs in my domain both running integrated DNS. Both DNS have
their forwarders set to identical servers. However one of the DNS servers
fails the recursive test. This is extremely puzzling because in all respects
the set up is the same. However there is one error in the DCDIAG that may be
the reason, that is that one of the DCs has a non-convential server name
called server_mycompany; notice the underline in the name. I am wondering if
anyone know if this could be the cause of the recursive error, and how to
fix it?

Probably not since the name of "this" server isn't really used
to do recursion nor forwarding.

But if you wish to change the name then...

You have to rename the DC which isn't possible until you
upgrade FULLY to Win2003 (Server mode domain.)

Failing a recursive test is usually a consequence of an
intervening firewall, incorrect root hints, or perhaps a
badly selected recursion setting (but I haven't double
checked the latter.)

Why are you recursing if you use Forwarders?

Perhaps you might just check "do not use recursion" on
the forwarders ONLY (do not do this in Advanced which
is another place to check on each server for differences.)

In Advanced, "Disable recursion" means both recursion and
forwarding which is only the correct choice for an authoritative
server -- usually on the Internet -- which must ONLY resolve
names for zones it holds.

 

[Paul]

I thought recursion deals with forwarding and that an error on the recursion
test indicates forwarding is not functioning correctly, although my other
test indicators suggests that external resolution is actually working, so I
am a bit confused.

I use ISA2000 and have the DNS setup to relay at the perimeter. It works
well for other servers in my domain which do not report errors in the
recursive test.

Thanks.

 

[Herb Martin]

I thought recursion deals with forwarding and that an error on the recursion
test indicates forwarding is not functioning correctly, although my other
test indicators suggests that external resolution is actually working, so I
am a bit confused.

There is confusion on the meaning of recursion in such
contexts (and it isn't necessarily your confusion.)

The developers have a tendency to use the word for
making or handling a "recursive query" -- whether
that query is performed through actually recursing
the name space from the top down OR by handing
it off to another DNS server.

It's not clear to me exactly what "failing a recursive
test" means. I would presume it to mean failing to
do the actual recursion (and have never checked) but
it might mean being able to "recurse OR forward".

I use ISA2000 and have the DNS setup to relay at the perimeter. It works
well for other servers in my domain which do not report errors in the
recursive test.

In such a setup, I would generally check "Do not use recursion"
on that forwarding tab.

This means that all (recursive) requests will be forwarded to
the list of forwarders if they cannot be resolved locally by the
DNS server.

(It might even make the error go way -- I believe I have seen
that -- since now the only part of the test that is performed is
through the forwarder, and not going to be affected by firewall
rules which prevent the internal DNS from doing the physical
recursion.)

Thanks.

Not sure I have really help yet, but you are welcome.