Hi all, I just saw an alarm comming in for one of my DNS servers: DNS2008 External Resolution Monitor. The alarm suggests that the DNS Server cannot resolve external adresses. When I first imported the MP, I've overridden the default (faultive) value from www.microsoft.com to microsoft.com. As a test, I ran the query which the monitor is running and got this result back: C:\Users\username>nslookup -querytype=ns microsoft.com x.x.x.x Server: Servername.contoso.com Address: x.x.x.x microsoft.com nameserver = ns3.msft.net microsoft.com nameserver = ns4.msft.net microsoft.com nameserver = ns5.msft.net microsoft.com nameserver = ns1.msft.net microsoft.com nameserver = ns2.msft.net ns3.msft.net internet address = 213.199.159.59 ns5.msft.net internet address = 65.55.226.140 ns1.msft.net internet address = 65.55.37.62 ns2.msft.net internet address = 64.4.59.173 So eventhough the DNS server can resolve external names, the monitor states that it can't. Does anyone have any idea how this can be? The monitor is still in critical state at this moment (also during and after my test). Many thanks! Filip

the server address... there might be multiple "dns listening ip's". you should test them all (also 127.0.0.1). if one fails the monitor fails e.g. the server is listening on all ip's but the windows firewall blocks requests to a specific ip (which is the only reason why you'd want to check all listening ip's i can think of and probably when it's blocked it's by design allthough you'd probably should configure the dns server to listen on specific ip's instead of blocking the traffic. the monitor could be much smarter, causing less load on the host). Also consider setting the debug flag to true (i haven't done this for this monitor, but for other dns monitors this is pretty useless to do) and/or find the script doing the tests and run it manually (with the correct parameters) as well. And give feedback on connect. The dns mp is evil and needs to be redesigned! https://connect.microsoft.com/OpsMgr/feedback/details/630115/rewrite-dns-entirely Rob Korving http://jama00.wordpress.com/

it seems MS released an update (finally!) of this mp. Allthough they fixed the config churn issue, it seems they didn't change much on the actually rules themselves apart from a bit of timing. But this might be helpful, so i'd recommmend to try this new mp first (i know i will). http://blogs.technet.com/b/kevinholman/archive/2011/02/24/dns-mp-update-ships-support-for-dns-on-windows-server-2008-r2-and-many-fixes.aspxRob Korving http://jama00.wordpress.com/

Check the root hints in the DNS server. The monitor tries to query all DNS listenning addresses. In my case I was getting the same messages for a DNS server which has no other name resolution but a spacial DNS zone configured. So I disabled it.XER