I am troubleshooting an issue with the dns server on the main DC in our forest. I ended up at this point while trying to get a second controller up and running.
Current results for dcdiag /test:dns are below
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ad
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: ad\AD
Starting test: Connectivity
......................... AD passed test Connectivity
Doing primary tests
Testing server: ad\AD
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... AD passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: ad.domain.com
Domain: domain.com
TEST: Basic (Basc)
Warning: adapter
[00000011] Intel(R) 82574L Gigabit Network Connection has
invalid DNS server: 127.0.0.1 (AD)
Error: all DNS servers are invalid
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.26 (AD)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain.com. failed on the DNS server 192.168.0.26
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: domain.com
ad PASS FAIL PASS PASS PASS FAIL n/a
......................... domain.com failed test DNS
So I've been trying to troubleshoot what the Basc error might be, but at this point I'm not sure, and any searching about it has been fruitless.
I am glad to provide any more info or diagnostic output.
Edit: ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ad
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection
Physical Address. . . . . . . . . : 00-0C-29-3F-20-F4
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b916:e720:ea8b:a326%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.26(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::1:1%14
192.168.0.3
DHCPv6 IAID . . . . . . . . . . . : 352324649
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-C4-A2-0C-00-0C-29-A9-80-01
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{715545D0-9D5A-4707-91A2-876364FA3227}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Thanks, Cam
You've got 127.0.0.1 listed as the only DNS server in the TCP/IP settings of the server. The DCPROMO process does make that setting, but the BPA will generate a warning if 127.0.0.1 is configured as the first DNS server. Set the servers actual ip address as primary DNS and set 127.0.0.1 as secondary DNS, then reboot the server and check it again
I see this is answered already, but I wanted to follow up. This is a best practices issue. Run the BPA for DNS, and you'll see that it's no longer recommended to have the loopback address as the first DNS server. The IP of the server, in a single DNS server environment, should the the primary, then if you want you can have the loopback address in the secondary slot.
This is actually the kind of thing the BPA was designed to take care of though. After you're done deploying AD, you ought to run the DNS and AD BPAs. Many issues that are strange and difficult to troubleshoot/track down could be avoided by running the BPA early and often (after configuration changes, new servers being added, etc).