Re: Zone transfer

In news:976E1653-A933-4C93-B1CD-65A8345A1887@xxxxxxxxxxxxx,
Audun Wangen <AudunWangen@xxxxxxxxxxxxxxxxxxxxxxxxx> made this post, which I
then commented about below:
> "Ace Fekay [MVP]" wrote:
>
>> In news:D9D7B491-6CC7-46A1-87A3-153AECDEB56F@xxxxxxxxxxxxx,
>> Audun Wangen <Audun Wangen@xxxxxxxxxxxxxxxxxxxxxxxxx> made this
>> post, which I then commented about below:
>>> I have a 2 Windows 2000 servers that host AD and DNS. I have one
>>> AD-integrated zone and 2 primary zones. When i attempt to set up
>>> zone transfer for the 2 latter zones i get the error: "The DNS
>>> server encountered an error while attempting to load the zone".
>>
>> A Primary zone is a writable copy. It will not receive transfers,
>> but you can allow transfers to a secondary zone. If you have an AD
>> INtegrated zone, that acts as a Primary as well. Therefore you
>> cannot transfer from an AD Integrated zone to a Primary zone, but
>> you can to a secondary zone. If you have an AD Integrated zone, then
>> why are you mixing AD Integrated zones with Primary zones?
>
> Sorry, I see it got a little messy so thank you very much for your
> patience. I'll try to elaborate. I should have just ignored the AD
> integrated zones. They work fine on both servers.
>
> The core of the issue is; I have 2 DNS servers (lets just refer to
> them as DNS1 and DNS2). DNS1 is set up with 2 Primary zones and I
> have set up DNS2 to host these zones as Secondary zones. Se below for
> explanation of why we mix AD integrated and Primary/Secondary zones.
> If you know of a better solution, feel free to inform me.
>
>>> I've tried all the obvious solutions like checking nameserver setup
>>> for the zones, zone transfer settings. Tried "Transfer from master"
>>> on the secondary DNS server and checked DNS event logs. I get an
>>> error on the primary DNS server; "Event ID: 3000, The DNS server is
>>> logging numerous run-time events..." if that should matter. The
>>> primary DNS server is set up with itself as DNS server and the
>>> secondary DNS server as secondary server. The secondary DNS server
>>> is set up with the primary DNS server as Primary DNS server and
>>> itself as the secondary.
>>
>> This contradicts your earlier previous paragraph. ??
>
> I don't think so :-). It just got messy. I refered to the network
> setup on DNS1 and DNS2. DNS1 using DNS1 as primary DNS- server, and
> DNS2 using DNS1 as primary DNS- server. It seemed to be the solution,
> on some forums, for some issues conserning zone replication. Does
> that make more sense?
>
>>
>>> I also tried the following commands on the secondary DNS server:
>>> nslookup
>>> [primary DNS listed as Default server]
>>> ls -d <zone>
>>> [lists all entries]
>>>
>>> So, why doesn't it work?
>>
>> Please elaborate a bit on your infrastructure, why you are mixing
>> Primary and AD INtegrated zones, assuming the zone name is the same
>> exact zone. If this is the case, it maybe the root of the whole
>> issue because the system is seeing dupes.
>
> Well, I think I'll have to explain our infrastructure a bit for this
> to make sence:
> Firstly DNS1 and DNS2 is strictly for internal use.
>
> We have a outer DMZ using internal non-routable IP-addresses for
> services from the internet (NFuse, websites etc.). We use static NAT
> for the "outside" to reach them. Before we set up a Primary zone
> these adresses were resolved with the public IP- address, and that
> didn't work. So it worked from the internet but not interally on the
> LAN.
>
> So we had to make a new zone on DNS1 to override the name to be
> resolved to the internal IP- address. The problem is I can't get
> these zones to replicate to DNS2.
>
> Is there a better way to solve this without going to extremes like
> using HOST- files etc.?

Let's see. Simply, you're trying to replicate a zone from the internal DNS,
DNS1, to the DMZ DNS server. I bleive that's what you're appearing to be
saying. This is in order for your VPN clients to access internal resources
using their private IPs.

If zone transfer from DNS1 is not working to the external DMZ DNS server,
than maybe you didn't create a port re-map rule thru the NAT device to allow
UDP and TCP from the DMZ side (NAT's WAN IP) to go to DNS1's private IP on
the internal side.

I hope I understood...

Ace


.

Relevant Pages

  • Re: Urgent! New router and big disaster
    ... The SBS DNS server, running on ... its IP it means that your problem is now DNS. ... forward ports to it reliably in the router. ... I should have been more clear about internet connection.. ...
    (microsoft.public.windows.server.sbs)
  • RE: exchange server cannot mount mailbox store
    ... What's the exact detailed DNS Events ... Type desired internal IP address of your SBS server. ... it will delete the reverse lookup zone if the zone no longer ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: How to use sub-domain
    ... The administrator maintains entirely separate DNS implementations (no zone ... server, or VPN server) must also be changed manually in the internal AD/DNS ... Company users accessing the network from the Internet ...
    (microsoft.public.windows.server.general)
  • Re: Event 4515 :another copy of zone has been found
    ... running on the old 2000 server. ... I then installed DNS on ... I seem to remember hearing that if you just delete/remove the zone it ... Container), the Configuration Partition, and the Schema Partition. ...
    (microsoft.public.windows.server.dns)
  • Re: Replication between parent child domains
    ... install dns before i run the dcpromo on the melbourne server. ... DNS server will forward any query it can't answer, Checks zone ...
    (microsoft.public.windows.server.active_directory)