Forward lookup zone not automatically created for new domain in fo

Hi,

I have a forest with three domains that are in separate trees: company.biz,
sight.company, and shell.company. Company.biz is the forest root.
Shell.company is the new domain. In DNS, all three domains appear in the
forward lookup zones on the domain controllers hosting shell.company. Domain
controllers for the other two domains only show the two domains.

DNS is Active Directory-Integrated. Replication is set for 'All DNS servers
in the Active Directory Forest'. Zone transfers are allowed to 'only to
servers listed on the Name Servers tab'. Under the Name Servers tab, I have
update the name servers so that the two new shell.company domain controllers
appear in all three zones.

Adding the servers under the Name Servers tab appears to have resolved my
Kerberos issues because now in Sites and Services, the correct domain appears
for both of my shell.company domain controllers. Previously, the servers
were in the site, but the domain did not show.

Adding the servers to the Names Servers tab also appears to have fixed my
name resolution problem. Pinging the shell.company is now resolvable from
other domain controllers. Pinging one shell.company DC from the other
shell.company DC now returns the FQDN instead of just the name.

Although I can resolve names, I'm not sure how the resolution is occurring
as the servers doing the resolution do not have the shell.company domain
forward lookup zone. I suspect the forest root is resolving names because of
an A record for a shell.company domain controller in
company.biz\forestdnszones.

Are zone transfers actually occurring? Will manually creating a forward
lookup zone in the company.biz and sight.company domains cause DNS
corruption? Is there a setting I can change so that the shell.company
forward lookup zones automatically propagate into the other zones?

----------------
DCDIAG:

C:\>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Site\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Site\DC1
Starting test: Replications
......................... DC1 passed test Replications
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: Services
......................... DC1 passed test Services
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC1 passed test frssysvol
Starting test: frsevent
......................... DC1 passed test frsevent
Starting test: kccevent
......................... DC1 passed test kccevent
Starting test: systemlog
......................... DC1 passed test systemlog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : shell
Starting test: CrossRefValidation
......................... shell passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... shell passed test CheckSDRefDom

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running enterprise tests on : company.biz
Starting test: Intersite
......................... company.biz passed test Intersite
Starting test: FsmoCheck
......................... company.biz passed test FsmoCheck

NETDIAG -------------------------------------------------------------------


C:\>netdiag

Computer Name: DC1
DNS Host Name: DC1.shell.company
System info : Microsoft Windows Server 2003 R2 (Build 3790)
Processor : x86 Family 15 Model 33 Stepping 2, AuthenticAMD
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB908519
KB908531
KB909520
KB910437
KB911280
KB911562
KB911567
KB911927
KB912919
KB914388
KB914389
KB917159
KB917344
KB917422
KB917734
KB917953
KB918439
KB918899
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB924191
KB924496
KB925486
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : DC1.shell.company
IP Address . . . . . . . . :
Subnet Mask. . . . . . . . :
Default Gateway. . . . . . :
Primary WINS Server. . . . :
Dns Servers. . . . . . . . :


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server ''
and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC are not registered correctly on
DNS se
rver ''. Please wait for 30 minutes for DNS server replication.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{92CF28BD-0ECC-4EDC-A934-915B8D99B36E}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


.

Relevant Pages

  • Re: Protected Forest with One Child domain
    ... All servers are Win2K3. ... The forest is in native mode. ... I have setup my child domains to conditionally forward to the forest domain ... I can click on the root of the forest (in dns) and then ...
    (microsoft.public.windows.server.dns)
  • Re: Forward lookup zone not automatically created for new domain in fo
    ... Company.biz is the forest root. ... forward lookup zones on the domain controllers hosting shell.company. ... You need your DNS servers in every domain/tree ... servers are Win2003 you can do forest wide AD Integration ...
    (microsoft.public.windows.server.active_directory)
  • Re: Permissions with Trusts
    ... clients point to the same DNS servers? ... Is the IM down (if same forest and not all DCs are ... Gotta be something other then SRV records because on some servers I can connect to it and we have none of their SRV records on our side. ...
    (microsoft.public.win2000.active_directory)
  • Re: Forward Lookup Zone missing when new tree added to forest
    ... I have a forest with three domains that are in separate trees: ... DNS is Active Directory-Integrated. ... to 'only to servers listed on the Name Servers tab'. ... shell.company domain forward lookup zone. ...
    (microsoft.public.windows.server.dns)
  • Forward Lookup Zone missing when new tree added to forest
    ... Company.biz is the forest root. ... DNS is Active Directory-Integrated. ... servers listed on the Name Servers tab'. ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.dns)
Loading