Re: Help with Zone tranfers keep breaking
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Fri, 1 Sep 2006 21:23:09 +0100
well this wierd...
The secondary zone will transfer normally if one of the Name Servers is
down.
- Can you please confirm that in DNS Server in Forest A Secondary Zone you
have NS records for SrvA,B and C from ForestB?
- also confirm the SOA record (I think that must be to ServerC).
-When you shutdown the serverC, run dnscmd /clearcache, and ipconfig
/flushdns, then restart the DNS server on ForestA does the same behavior
happens?
-What errors are you seeing in DNS event Viewer?
- If everything Ok then if you can, do a test.
On ServerA in Forest A
-Delete the secondary zone.
-IMPORTANT -> Go to System32\DNS and delete the zone that refers to this
secondary zone.
-Restart DNS service.
-Recriate the Secondary Zone, but don't use the ServerC From ForestB, use
only ServerA and B From ForestB.
-After the Zone has been loaded, check the SOA owner.
-Manually create a A record in the DNS Zone (on ServerA or B) , then go to
ServerA (ForestA), and choose transfer from master, see if updates.
-Then shutdown one of the servers (A or B), make a new change and choose
transfer from master, see if iot works.
I want to help you, but I never saw something familiar with this, In my
expirience Secondary Zones always worked fine with no problems. I also
searched on web but I didn't found anything similar to this.
Zone transfers from a secondary DNS server fail
http://technet2.microsoft.com/WindowsServer/en/library/547be1bb-1a55-465b-a39c-e326d31e1cf71033.mspx?mfr=true
Troubleshooting zone problems
http://technet2.microsoft.com/WindowsServer/en/library/13fdfb80-5d58-4eb8-86a6-d7fc669de0be1033.mspx?mfr=true
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Chris Peikert" <c.peikert@xxxxxxxxxxxxxxxxxx> wrote in message
news:AyZJg.333$MF1.170@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Yes they are AD Integrated. Yes we told each server to allow zone
transfers to each other. There is no FW in the way of transfers.
Whats happening however is the DNS server in Forrest A has decided the
only Server it will use for authentication is Server C in Forrest B. If C
is unavailable it will not do zone transfers and it breaks the link
therefore causing havoc. It is my understanding that if C is unavailable
then it should transfer with the others but it wont. It gives the error
"Logon server unavaible." Server A in Forrest B is the main server not C.
So to me it doesnt make any sence.
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:%23txPFFezGHA.4092@xxxxxxxxxxxxxxxxxxxxxxx
Ok here is how it looks and yes DNS Integration is turned on thewhat do you mean with this? The DNS is Active Directory Integrated? Are
primaries.
you sure?
If yes, you only need to check allow zone transfer in each server, FW
defenitions (if any), and that the servers are reachable (for example by
ping).
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Chris Peikert" <c.peikert@xxxxxxxxxxxxxxxxxx> wrote in message
news:U7WJg.20027$kO3.9100@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Ok here is how it looks and yes DNS Integration is turned on the
primaries.
Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary
Forrest B --- Server A --- DNS Primary with Forrest A Secondary
Forrest B --- Server B --- DNS Primary with Forrest A Secondary
Forrest B --- Server C --- DNS Primary with Forrest A Secondary
Forrest A is in 192.168.123.x subnet
Forrest B with Server A, and C is in 192.168.1.x Subnet
Forrest B with Server B is in 192.168.18.x Subnet.
There is only one firewall but its not in the path of communication
between these 3 subnets. They all link up to a Routing Switch.
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:O$2DzXVzGHA.4932@xxxxxxxxxxxxxxxxxxxxxxx
Ok.
I believe they are all primary zones.
All zones Primary Zones AD Integrated? I'm asking this because you can
only have one single standard Primary Zone configured on one server and
all other servers that need that Standard Primary Zone will have to be
setup with secondary zone.
For example (In forest B) if ServerA as a Standard Primary Zone, then
ServerB and C would need to have secondary Zones configured. In this
scenario If you configure ServerB and C with primary zones, that means
that all zones will be independent from each other.
You can confirm this on the Zone properties.
Assuming that you have Primary Zone AD Integrated:
Let me see if I get this right:
On Forest A you have a DNS server configured with a Primary Zone
Then you add a Secondary zone From ForestB, you configured that
secondary Zone to load from ForestB-ServerA,B and C.
That Zone only updates when ServerC is online Correct?
Check:
-Go to ForestA DNS ServerA and right click on that secondary zone and
choose properties, on the general tab, confirm that you have the
correct IPAddresses for the servers (A,B and C) in ForestB.
-Then go to EACH Server in forestB (Server A, B and C), right Click on
the Zone choose Zone Transfers Tab, make sure that in EACH server you
have the option "Allow Zone Transfers" Selected and the option "Only to
the following Servers" and that you have the Correct IPAddress for
ServerA In ForestA, this has to be done in EACH DNS Server in ForestB.
FW=Firewall, I asked this because if you have those servers (From
ForestB) in different locations they might have one Different FW to
each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP.
Conditional Forwarding (Only in windows 2003):
Defines where Specific queries for especific Domains are forwarded,
this is a very popular method used in different forests configuration
scenario (Note: You can't use Secondary Zones and Conditional
Forwarding to the Same Domain in the Same server, you can only use one
of both methods in each server).
http://technet2.microsoft.com/WindowsServer/en/library/0104be3c-0405-4455-b011-6950875c04461033.mspx?mfr=true
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Chris Peikert" <c.peikert@xxxxxxxxxxxxxxxxxx> wrote in message
news:ozHJg.13112$%j7.12508@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I believe they are all primary zones.
All servers are setup to do Zone transfers.
We are not using any forwarders if thats what FW is.
What is conditional forwarding?
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:eJ9dCKQzGHA.4816@xxxxxxxxxxxxxxxxxxxxxxx
Hi
Are you working with Secondary Zones?
Did you configured Server A,B and C to allow zone transfer?
Do you have any FW between these servers?
Why don't you use Conditional Forwarding?
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Chris Peikert" <c.peikert@xxxxxxxxxxxxxxxxxx> wrote in message
news:palJg.4478$yO7.3130@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Here is a setup of our current system.
Forrest A ---- Domain A ---- Server A
Forrest B ---- Domain A ----Server A (main server), B, and C.
Forrest A keeps having trouble with the DNS staying updated. When it
tries to replicate the zone info it gets an error "Unable to locate
a logon server." The server Forrest A wants is Server C in Forrest
B. Question is why doesnt Server A or B answer the request? Also is
there a way to make it look for Server A instead of C?
We rebooted Server C and it works fine for now, but what will happen
if C dies and goes offline permanatly? We could really appreciate
some help here. Thanks.
.
- References:
- Re: Help with Zone tranfers keep breaking
- From: Chris Peikert
- Re: Help with Zone tranfers keep breaking
- From: Jorge Silva
- Re: Help with Zone tranfers keep breaking
- From: Chris Peikert
- Re: Help with Zone tranfers keep breaking
- From: Jorge Silva
- Re: Help with Zone tranfers keep breaking
- From: Chris Peikert
- Re: Help with Zone tranfers keep breaking
- Prev by Date: Re: DNS Migration Plan
- Next by Date: Re: Unable to view external websites
- Previous by thread: Re: Help with Zone tranfers keep breaking
- Next by thread: Re: Help with Zone tranfers keep breaking
- Index(es):
Relevant Pages
|
