IPv4 addresses are missing from Windows Server 2016 DNS root hints list

Symptoms:
Clients cannot resolve many external DNS names when Windows Server 2016 DNS server is configured to use root hints.

When examining the root hints tab you discover that vast majority of the root servers listed with their IPv6 address without any IPv4 address.

When validating root hints which have IPv6 address only, it results an error.

DNSipv6error

Workaround:
To resolve the issue manually edit each of the roots hint and remove the IPv6 addresses, leaving only IPv4 addresses.
Validate the root hint IPv4 address from the list of root servers published by IANA.org

More details:
This issue occurs because of a recently discovered bug in the DNS service in Windows Server 2016 that is being investigated by Microsoft.

Advertisements

Summary of how Windows cluster works

Cluster health checks

  • Between every node on all cluster enabled networks
  • By default a heartbeat is sent every 1 second
  • Node is removed from the cluster if 5 heartbeats are missed
  • Not a ping, but a full “Request – Reply” handshake
  • UDP traffic between cluster nodes
  • Sensitive to latency

Intra-Cluster communication

  • Are over single interface
  • Can failover to another interface if there the route fails
    • Networks without network gateway take priority, as it is considered as cluster-dedicated network
  • Includes Resource failover communication:
    • Resource status/state changes (offline/move/online, etc) must be acknowledged by all nodes to the cluster owner between failover steps
  • Sensitive to latency

Microsoft Failover Cluster Virtual Adapter (aka NetFT Virtual adapter)

  • Created and configured when the Cluster service is installed
  • Has APIPA IP address
  • Hidden device in Device Manager
  • “Keep hands off”  – don’t change anything

Microsoft Failover Cluster Virtual Adapter Performance Filter (aka NetFT Virtual adapter Performance Filter)

  • New in Win2012
  • Binds to the physical interface(s)
  • Captures incoming UDP cluster traffic from the network
  • Routes incoming cluster communication directly to the Cluster Service

Cluster service (ClusSvc.exe)

  • Talks to NetFT adapter only
  • Directly via TCP/3343
  • Using IPV6 only

NetFT Virtual adapter

  • Tunnels cluster traffic via the physical interface(s)
  • Communicates on UDP/3343
  • Using IPv4 or IPv6 depending on the physical interface(s) configuration

NetFT Architecture

NetFT-Architecture

Source:

https://blogs.msdn.microsoft.com/clustering/2012/11/21/tuning-failover-cluster-network-thresholds/