DNS: The DNS server <IP address> on <adapter name> must be able to resolve names in the forest root domain name zone

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Microsoft Baseline Configuration Analyzer or Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the DNS Microsoft Baseline Configuration Analyzer or DNS Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

Product/Feature

DNS

Severity

Critical

Category

Configuration

Issue

Network interfaces must be configured with DNS servers that can resolve names in the forest root domain. The DNS server did not respond to the query for the forest root domain.

A DNS server that is configured on the network adapter was unable to resolve the start of authority (SOA) record for the forest root domain name.

Impact

The DNS server might be unable to communicate with resources on the network.

If the network adapter is used to communicate with resources located in the forest root domain, the DNS server might be unable to locate these resources on the network.

Resolution

Configure the network interface to use valid DNS servers.

Configure the network interface to use DNS servers that are responsive and can resolve names in the forest root domain.

To configure valid IPv4 DNS server addresses

  1. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change Adapter settings, double-click the network connection you want to change, and then click Properties.

  2. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

  3. Click Use the following DNS server addresses.

  4. In Preferred DNS server and Alternate DNS server, type addresses that are valid and responsive DNS servers.

  5. Click Advanced, and then click DNS.

  6. Click Edit or Remove to change any invalid or unresponsive DNS server addresses.

To configure valid IPv6 DNS server addresses

  1. Click Start, click Control Panel, click Network and Internet, click Network and Sharing Center, click Change Adapter settings, double-click the network connection you want to change, and then click Properties.

  2. Click Internet Protocol Version 6 (TCP/IPv6), and then click Properties.

  3. Click Use the following DNS server addresses.

  4. In Preferred DNS server and Alternate DNS server, type addresses that are valid and responsive DNS servers.

  5. Click Advanced, and then click DNS.

  6. Click Edit or Remove to change any invalid or unresponsive DNS server addresses.