Since yesterday all 3 of my active directory integrated DNS servers have
been coughing up tons of 4010 errors. The error looks like this:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4010
Date: 4/28/2004
Time: 1:35:12 PM
User: N/A
Computer: **********
Description:
The DNS server was unable to load a resource record (RR) from the directory
at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa. Use the DNS
console to recreate this RR or check that the Active Directory is
functioning properly and reload the zone. The event data contains the error.


The resource records in question are all behind the firewall using a private
address scheme. Any idea what might be going on? Thanks.

end of line,

Reed Wiedower

In news:(E-Mail Removed),
Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I offered
mine
> Since yesterday all 3 of my active directory integrated DNS servers
> have been coughing up tons of 4010 errors. The error looks like this:
>
> Event Type: Error
> Event Source: DNS
> Event Category: None
> Event ID: 4010
> Date: 4/28/2004
> Time: 1:35:12 PM
> User: N/A
> Computer: **********
> Description:
> The DNS server was unable to load a resource record (RR) from the
> directory at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa.
> Use the DNS console to recreate this RR or check that the Active
> Directory is functioning properly and reload the zone. The event data
> contains the error.
>
>
> The resource records in question are all behind the firewall using a
> private address scheme. Any idea what might be going on? Thanks.
>
> end of line,
>
> Reed Wiedower

The error only mentions one IP, so are you saying it for mutliple IPs and is
it just the reverse zone or both the forward and reverse zones?

Did you try to delete 192.168.0.32 (or any of the other records) to see if
the errors go away? When you recreated it, did it go away? Or if dynamic
update recreated it, dose the error come back?

Did you also try to reload the zone in question?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

It is for just the reverse zone (several IP addresses in that zone).

I have reloaded the zone several times to no avail.

The ip addresses in question are valid, so I don't wish to delete the ptr
records...

eol,

Reed


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I offered
> mine
> > Since yesterday all 3 of my active directory integrated DNS servers
> > have been coughing up tons of 4010 errors. The error looks like this:
> >
> > Event Type: Error
> > Event Source: DNS
> > Event Category: None
> > Event ID: 4010
> > Date: 4/28/2004
> > Time: 1:35:12 PM
> > User: N/A
> > Computer: **********
> > Description:
> > The DNS server was unable to load a resource record (RR) from the
> > directory at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa.
> > Use the DNS console to recreate this RR or check that the Active
> > Directory is functioning properly and reload the zone. The event data
> > contains the error.
> >
> >
> > The resource records in question are all behind the firewall using a
> > private address scheme. Any idea what might be going on? Thanks.
> >
> > end of line,
> >
> > Reed Wiedower
>
> The error only mentions one IP, so are you saying it for mutliple IPs and
is
> it just the reverse zone or both the forward and reverse zones?
>
> Did you try to delete 192.168.0.32 (or any of the other records) to see if
> the errors go away? When you recreated it, did it go away? Or if dynamic
> update recreated it, dose the error come back?
>
> Did you also try to reload the zone in question?
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>

can you provide some information regarding how your DNS is setup? who is
primary, who is secondary, who is forwarding to whom, who is using whom for
what, is dynamic update enabled, any other error beside 4010?

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
MVP - Directory Services
www.readymaids.com - got SPAM problems?
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
"Reed Wiedower" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> It is for just the reverse zone (several IP addresses in that zone).
>
> I have reloaded the zone several times to no avail.
>
> The ip addresses in question are valid, so I don't wish to delete the ptr
> records...
>
> eol,
>
> Reed
>
>
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&(E-Mail Removed)> wrote in
> message news:(E-Mail Removed)...
> > In news:(E-Mail Removed),
> > Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I
offered
> > mine
> > > Since yesterday all 3 of my active directory integrated DNS servers
> > > have been coughing up tons of 4010 errors. The error looks like this:
> > >
> > > Event Type: Error
> > > Event Source: DNS
> > > Event Category: None
> > > Event ID: 4010
> > > Date: 4/28/2004
> > > Time: 1:35:12 PM
> > > User: N/A
> > > Computer: **********
> > > Description:
> > > The DNS server was unable to load a resource record (RR) from the
> > > directory at 32.0.168.192.in-addr.arpa. in zone 168.192.in-addr.arpa.
> > > Use the DNS console to recreate this RR or check that the Active
> > > Directory is functioning properly and reload the zone. The event data
> > > contains the error.
> > >
> > >
> > > The resource records in question are all behind the firewall using a
> > > private address scheme. Any idea what might be going on? Thanks.
> > >
> > > end of line,
> > >
> > > Reed Wiedower
> >
> > The error only mentions one IP, so are you saying it for mutliple IPs
and
> is
> > it just the reverse zone or both the forward and reverse zones?
> >
> > Did you try to delete 192.168.0.32 (or any of the other records) to see
if
> > the errors go away? When you recreated it, did it go away? Or if dynamic
> > update recreated it, dose the error come back?
> >
> > Did you also try to reload the zone in question?
> >
> > --
> > Regards,
> > Ace
> >
> > Please direct all replies to the newsgroup so all can benefit.
> > This posting is provided "AS-IS" with no warranties and confers no
> > rights.
> >
> > Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> > Microsoft Windows MVP - Active Directory
> >
> > HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> > pig. --
> > =================================
> >
> >
>
>

The DNS is fully AD-integrated, with dynamic update enabled.

The 4010 errors are the only ones that are showing up, and they occur once
for each of the client workstations that are in the private zone.

Each of the DNS servers (there are 3 of them) has their own ip address
entered in as the first DNS server to check, and then requests go to one of
the three.

eol,

Reed


"Deji Akomolafe" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> can you provide some information regarding how your DNS is setup? who is
> primary, who is secondary, who is forwarding to whom, who is using whom
for
> what, is dynamic update enabled, any other error beside 4010?
>
> --
> Sincerely,
>
> Dèjì Akómöláfé, MCSE MCSA MCP+I
> MVP - Directory Services
> www.readymaids.com - got SPAM problems?
> www.akomolafe.com
> Do you now realize that Today is the Tomorrow you were worried about
> Yesterday? -anon
> "Reed Wiedower" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > It is for just the reverse zone (several IP addresses in that zone).
> >
> > I have reloaded the zone several times to no avail.
> >
> > The ip addresses in question are valid, so I don't wish to delete the
ptr
> > records...
> >
> > eol,
> >
> > Reed
> >
> >
> > "Ace Fekay [MVP]"
> > <PleaseSubstituteMyActualFirstName&(E-Mail Removed)> wrote in
> > message news:(E-Mail Removed)...
> > > In news:(E-Mail Removed),
> > > Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I
> offered
> > > mine
> > > > Since yesterday all 3 of my active directory integrated DNS servers
> > > > have been coughing up tons of 4010 errors. The error looks like
this:
> > > >
> > > > Event Type: Error
> > > > Event Source: DNS
> > > > Event Category: None
> > > > Event ID: 4010
> > > > Date: 4/28/2004
> > > > Time: 1:35:12 PM
> > > > User: N/A
> > > > Computer: **********
> > > > Description:
> > > > The DNS server was unable to load a resource record (RR) from the
> > > > directory at 32.0.168.192.in-addr.arpa. in zone
168.192.in-addr.arpa.
> > > > Use the DNS console to recreate this RR or check that the Active
> > > > Directory is functioning properly and reload the zone. The event
data
> > > > contains the error.
> > > >
> > > >
> > > > The resource records in question are all behind the firewall using a
> > > > private address scheme. Any idea what might be going on? Thanks.
> > > >
> > > > end of line,
> > > >
> > > > Reed Wiedower
> > >
> > > The error only mentions one IP, so are you saying it for mutliple IPs
> and
> > is
> > > it just the reverse zone or both the forward and reverse zones?
> > >
> > > Did you try to delete 192.168.0.32 (or any of the other records) to
see
> if
> > > the errors go away? When you recreated it, did it go away? Or if
dynamic
> > > update recreated it, dose the error come back?
> > >
> > > Did you also try to reload the zone in question?
> > >
> > > --
> > > Regards,
> > > Ace
> > >
> > > Please direct all replies to the newsgroup so all can benefit.
> > > This posting is provided "AS-IS" with no warranties and confers no
> > > rights.
> > >
> > > Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> > > Microsoft Windows MVP - Active Directory
> > >
> > > HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> > > pig. --
> > > =================================
> > >
> > >
> >
> >
>
>

In news:(E-Mail Removed),
Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I offered
mine
> The DNS is fully AD-integrated, with dynamic update enabled.
>
> The 4010 errors are the only ones that are showing up, and they occur
> once for each of the client workstations that are in the private zone.
>
> Each of the DNS servers (there are 3 of them) has their own ip address
> entered in as the first DNS server to check, and then requests go to
> one of the three.
>
> eol,
>
> Reed
>

I would first suggest to point to a partner DNS as the first entry, then to
itself as the 2nd entry. This is as long as the partner DC/DNS is on the
same subnet or Site. If across a WAN link, then point to itself first. This
eliminates some minor issues, and not saying it will eliminate this, but it
will not hurt. As a consensus, among the MVPs and the MS engineers, it's
actually best practice to follow this. There's also an article mentioning
this as well.

As for the reverse zone, you can delete it without worrying about the
entries, since they WILL come back with registration. What I believe is that
the zone may be corrupted. If you delete the zone and re-create it, I think
at this time it may be beneficial for your case. First make the zone a
Primary. Make sure it is also removed on all DC/DNS servers. Then recreate
it on one of the servers, then make it AD Integrated, then wait a few
minutes for replication to occur (depending onyour replication topology) and
add the zone back in on the other servers, making it AD Integrated as well.

You didn't mention if you use forwarders. I would suggest to use a forwarder
for efficient Internet resolution. Forwarders will also alleviate some
possible Event log errors. You can use 4.2.2.2 as a forwarder. It works
well.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

It didn't work. I deleted the zone completely, replicated the information to
the other two DCs and made sure it vanished from their systems. After
deleting it completely, I recreated it on one and replicated it to all 3,
using AD.

Sure enough, it started coughing up errors shortly thereafter.

I'm fine with the forwarders, and with switching the order of the dns
servers but I just want to know why these errors are occurring and how to
prevent them.

end of line,

Reed


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&(E-Mail Removed)> wrote in
message news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Reed Wiedower <(E-Mail Removed)> posted their thoughts, then I offered
> mine
> > The DNS is fully AD-integrated, with dynamic update enabled.
> >
> > The 4010 errors are the only ones that are showing up, and they occur
> > once for each of the client workstations that are in the private zone.
> >
> > Each of the DNS servers (there are 3 of them) has their own ip address
> > entered in as the first DNS server to check, and then requests go to
> > one of the three.
> >
> > eol,
> >
> > Reed
> >
>
> I would first suggest to point to a partner DNS as the first entry, then
to
> itself as the 2nd entry. This is as long as the partner DC/DNS is on the
> same subnet or Site. If across a WAN link, then point to itself first.
This
> eliminates some minor issues, and not saying it will eliminate this, but
it
> will not hurt. As a consensus, among the MVPs and the MS engineers, it's
> actually best practice to follow this. There's also an article mentioning
> this as well.
>
> As for the reverse zone, you can delete it without worrying about the
> entries, since they WILL come back with registration. What I believe is
that
> the zone may be corrupted. If you delete the zone and re-create it, I
think
> at this time it may be beneficial for your case. First make the zone a
> Primary. Make sure it is also removed on all DC/DNS servers. Then recreate
> it on one of the servers, then make it AD Integrated, then wait a few
> minutes for replication to occur (depending onyour replication topology)
and
> add the zone back in on the other servers, making it AD Integrated as
well.
>
> You didn't mention if you use forwarders. I would suggest to use a
forwarder
> for efficient Internet resolution. Forwarders will also alleviate some
> possible Event log errors. You can use 4.2.2.2 as a forwarder. It works
> well.
>
>
>
> --
> Regards,
> Ace
>
> Please direct all replies to the newsgroup so all can benefit.
> This posting is provided "AS-IS" with no warranties and confers no
> rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>