Re: AD integrated/secondary zone entry discrepancies in W2k forest

1) The DNS servers are clients too, in their TCP/IP properties. What
problems are they experiencing?
2) The root domain zone in the child domain AD is just a secondary copy that
is being stored in AD instead of a text file like a standard secondary. What
exactly is wrong with it? If it is not up to date, is it being copied from a
live root domain DC?
3) The child domain DNS servers need to be able to query the root domain
zone, and one way to do that is by having an active-directory integrated
copy, but if you have other DNS servers that are not DCs this can get a bit
confusing and it may be simpler to make them all standard secondaries.
Anthony


"Richard Adams" <RichardAdams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CD3C44A6-488F-45B4-900F-4AACA1E44DEF@xxxxxxxxxxxxxxxx
Thanks for the quick response. The issues are not being experienced by
clients, but by the DNS servers on the 'problem' child domain. The AD
integrated zone is working fine in its own AD domain, as are all the
secondaries of it running on DNS servers in the 'good' child. Its only in
the
'bad' child I'm experiencing problems. I could not easily remove the AD
integrated zone as it forms the root of a major corporation.
--
Richard Adams
MCSE, CNE, etc


"Anthony" wrote:

W2K and W2K3 are slightly different, but the principle is the same. If
your
root zone is being loaded, it must be being stored in AD. You can delete
it
from AD in the System, Microsoft DNS OU.
You can then add it as secondary wherever you need it. You can choose to
store the zone in AD, if you prefer.
The reason for an incomplete zone must be that some clients (incl
servers)
do not have the right DNS specified in their TCP/IP properties and
therefore
do not register. This would add up if some of the zones are secondaries,
as
they are not writable. I suppose it could also be an old faulty zone that
is
still sitting in AD, which would be solved by deleting the copy in AD,
Anthony


"Richard Adams" <RichardAdams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:66E10EBB-F3B6-48E6-B23D-055F16D2F056@xxxxxxxxxxxxxxxx
I have a W2k forest with a root domain, biggroup.com and two child
domains,
aaa.biggroup.com and bbb.biggroup.com. The DNS zone for biggroup.com is
AD
integrated. The DNS servers in the aaa.biggroup.com hold secondary
copies
of
the biggroup.com domain - these work fine. My problem lies with the DNS
in
bbb.biggroup.com. Here there are several DNS servers, with some holding
secondary copies of bigroup.com and others showing ad-integrated
versions
of
the zone. (I was not involved in the original setup). I realise that
this
is
not correct, and naturally when the DNS service is restarted AD
converts
the
secondary zone on that server to AD integrated. When this happens, only
a
subset of the records in biggroup.com appear and replication problems
immediately start as server in the bbb.biggroup domain cannot find the
necessary records for its partner servers. The only workaround is to
convert
the zone back to secondary on the affected server.
Questions:
1) Why are only the subset of records found when the zone is running
ad-integrated?
2) Presumably the ad-integration/secondary zone conversion is something
controlled and applied at AD domain level? As I mentioned earlier, in
my
aaa.biggroup.com domain, all the DNS servers happily run secondaries of
biggroup.com.
3) Presumably if I can resolve the missing record problem I should be
running the biggroup.com zone AD-integrated on all my DNS servers?

Thanks

--
Richard Adams
MCSE, CNE, etc





.

Relevant Pages

  • Re: DNS resolving issues
    ... When you configure a child domain you either create a sub domain or delegate ... to do this would be to create a secondary zone that pulls the AD-Integrated ... the zone transfers tab is only used for DNS servers ...
    (microsoft.public.win2000.dns)
  • Re: HELP/heterogenous/multiple domains/split dns
    ... Matt made a post then I commented ... Point all machines in domain.com to the DNS servers you just installed (no ... Create the zone on one of those servers, ... Create only the child zones respective to each child domain. ...
    (microsoft.public.win2000.dns)
  • Re: Creation of a child domain
    ... >> If you create the child zone without creating a separate zone in DNS, ... If the DNS servers can handle the load, ... >> You must be an enterprise admin to create a child domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD integrated/secondary zone entry discrepancies in W2k forest
    ... but by the DNS servers on the 'problem' child domain. ... secondaries of it running on DNS servers in the 'good' child. ... integrated zone as it forms the root of a major corporation. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS and active directory
    ... my other two w2k3 DNS servers are listed so I am guessing ... on my Root domain dns server is set to replicate to "All DNS servers in the ... SHOULD be set to replicate to the forest so that the updates for each zone ... DNS data can be replicated in various application directory partitions (in ...
    (microsoft.public.windows.server.dns)