How to troubleshoot 7062 errors logged in DNS event log (235689)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows NT Server 4.0
This article was previously published under Q235689
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SUMMARY

This article describes how to troubleshoot the cause or causes of event ID 7062 on a DNS server that is running Microsoft Windows 2000 or Microsoft Windows NT Server 4.0.

If event ID 7062 logs on your DNS server, it will appear as follows:
EVENT message 7062:
DNS Server encountered a packet addressed to itself -- IP address<actual IP address>. The DNS server should never be sending a packet to itself. This situation usually indicates a configuration error.
Check the following areas for possible self-send configuration errors:

1) Forwarders list. (DNS servers should not forward to themselves).
2) Master lists of secondary zones.
3) Notify lists of primary zones.
4) Delegations of subzones. Must not contain NS record for DNS server.
As part of your troubleshooting, you may find that none of the steps that are listed in event ID 7062 apply to your DNS server. However, event ID 7062 may continue to log on your DNS server. This article discusses some of the other reasons why this issue may occur.

Step 4 of event ID 7062 may lead you to conclude that for the event to be triggered, a primary DNS server must create a delegation of a subdomain. However, the root DNS servers maintain the .com, .net, and other domains. Additionally, the root DNS servers delegate the namespace under those domains to other DNS servers. Therefore, although your DNS server may be the primary DNS server for example.com, your DNS server has been delegated that responsibility by the ".com" DNS server or servers.

This means that if you have registered a domain with the NSFnet Network Information Center (InterNIC), and they delegate that domain to your DNS server, it is your responsibility to make sure that your DNS server can handle all requests for the registered domain.

For example, you have a DNS server at dns.example.com, and you have recently registered example.org with InterNIC. After InterNIC delegates example.org to your DNS server, you must create a zone file that can answer queries for example.org.

The following hypothetical sequence of events describes how event ID 7062 may continue to log to your DNS server if you have not configured it to maintain zone files for domains that you have registered.
  1. A client computer tries to contact www.example.org. The client computer sends a query for www.example.org to the root servers. The root servers determine that the Start of Authority (SOA) for example.org is the DNS server dns.example.com at IP address 10.1.1.1. IP address 10.1.1.1 is your DNS server.
  2. The client computer sends a request to 10.1.1.1 for www.example.org. Your DNS server examines its zone files and determines that it is not the SOA for example.org because it does not have a zone file for www.example.org.
  3. Your DNS server sends an iterative query for example.org to the root servers.
  4. The root servers respond to the iterative query from your DNS server by telling your DNS server that the SOA, or owner of the domain, for example.org is at 10.1.1.1. Your DNS server examines itself for the answer to the query, and does not find one.
  5. If the root hints that are in Windows 2000 point to the same computer, event ID 7062 will log. For additional information about replacing the existing root hints with the default root hints, click the following article number to view the article in the Microsoft Knowledge Base:

    249868 Replacing root hints with the Cache.dns file



    Note Event ID 7062 will log even when zone transfers are disabled. For more information about this behavior, see "Event ID 7062 logs even when zone transfers are disabled" in the More Information section.

MORE INFORMATION

How to find the actual requested domains

To find the actual requested domains, you must debug your DNS server. After you have created a log file, open it in Microsoft Word or Microsoft Excel. We do not recommend that you open the file in Notepad because Notepad does not parse characters into an easily readable format.

When you have the log file open, search for "7062." This search should bring you to the first error. After you find the error, scroll up. A DNS query log looks similar to the following code.
dns_ProcessMessage() for packet at 00A5E524.
dns_AnswerQuestion() for packet at 00A5E524.
Node for (3)www(10)mycompany(3)com(0) NOT in database.
Closest node found"com."
Encountered non-authoritative node with no matching RRs.
dns_ProcessMessage() for packet at 00A5EAC4.
Processing response packet at 00A5EAC4.
Packet contains RR for authoritative zone node: "dns.hello.com."
	-- ignoring RR.dns_ContinueCurrentLookup() for query at 00A5E524.
dns_AnswerQuestion() for packet at 00A5E524.
dns_AnswerQuestionFromDatabase() for query at 00A5E524
	node label = www
	question type = 0x0001
ERROR:  Self-send to address 10.1.1.1!!!
Log EVENT message 7062 (80001B96):
The following describes what occurs during the important phases of this log:
  1. The DNS query log starts with dns_ProcessMessage().
  2. The node for the request is www.example.org.
  3. Your DNS server cannot handle the request Encountered non-authoritative node.
  4. Your DNS server sends a dns_ProcessMessage to the root servers.
  5. The root servers send a response packet, Processing response packet, to your DNS server. This response indicates that your DNS server is the SOA for example.org.
  6. Your DNS server ignores the response packet.
  7. Event ID 7062 logs on your DNS server.

Event ID 7062 logs even when zone transfers are disabled

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Event ID 7062 will log even if zone transfers are disabled if the Notify option has been configured to notify a DNS server or servers that are listed on the Name Servers tab.

By default, a Windows 2000-based primary DNS server that has multiple zones is configured to notify the servers that are listed on the Name Servers tab.

Note Disabling zone transfers does not disable the Notify option. If the Notify option is set to notify a DNS server or servers that are listed on the Name Servers tab, it will continue to do this.

To disable zone transfers, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Zones\ZoneName

  3. In the right pane, right-click NotifyLevel, and then click Modify.
  4. Type 0, and then click OK.
  5. Quit Registry Editor.

REFERENCES

For more information, see the following Microsoft Knowledge Base article:

218814 DNS server encountered a packet addressed to itself

Modification Type:MajorLast Reviewed:3/9/2005
Keywords:kbinfo KB235689
©2004 Microsoft Corporation. All rights reserved.