Re: Help with Zone tranfers keep breaking

Thanks guys. I think my problem might be it is just bugged since it works
for you. Hopefully when I get time and it will not impact the users I will
undo the zones and recreate them. Hopefully this will fix it.


"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:ui8KkuQ1GHA.3464@xxxxxxxxxxxxxxxxxxxxxxx
Did you try a zone transfer?

Yep. But as you said, only updates with new records if the SOA is online
or if the Secondary changes to the Online SOA. But the trust always
worked.



--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Kevin D. Goodknecht Sr. [MVP]" <admin@xxxxxxxxxxxxxx> wrote in message
news:OWoKuyP1GHA.4924@xxxxxxxxxxxxxxxxxxxxxxx
Jorge Silva wrote:
Hi Kevin and Chris

Well I did some testing on this again and I'm going to let you know
the results:

I setup a similar scenario to Chris

2 Forests, and 2 DCs in each.
Between the 2 forests there is a Forest trust (Note: unlike External
trust, with forest trust we need DNS resolution.)

- Now according to Chris previous posts (lease let me know if I'm out
the base), he said that when he shutdown the ServerC, the trust fail
to validate, and this is the main question correct?

-Forest A has 1 Zone AD Integrated in the 2 Servers (DC1,DC2) for the
local domain. I changed the SOA expiration time to 5m, and evrything
else to 1min. -Forest B has 1 Zone AD Integrated in the 1 Server
(DC3) for the local domain, then I Setup a secondary Zone setup to
load from the 2 servers from ForestA.
-The Secondary Zone SOA is pointing to DC1 on ForestA.
-Shutdown the the DC1.
-Goto ForestB try to validate the trust, the validation FAILS. I
clear the local cache and DNS server cache, then I try again the
Trust verify successfully.
-Then I did one more test.
-Because isn't possible to get the Secondary Zone updated (new
records, deleted records,etc) if the SOA owner is down, i selected
reload from master and the SOA record changed automatically from DC1
to DC2, and it's up and running.

These were my tests, I don't know if Kevin has something to add or
comment, or if he desagree.


Note:I had a 3 Forest (Windows 2004 SP4), that I didn't included in
the scenario above, but I also setup a secondary Zone, and I could
verify that the SOA owner changed from DC1 to DC2 after awhile.

Did you try a zone transfer?



--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================






.

Relevant Pages

  • Re: Help with Zone tranfers keep breaking
    ... if the Secondary changes to the Online SOA. ... Between the 2 forests there is a Forest trust (Note: ... -The Secondary Zone SOA is pointing to DC1 on ForestA. ...
    (microsoft.public.windows.server.dns)
  • Re: Help with Zone tranfers keep breaking
    ... I setup a similar scenario to Chris ... Between the 2 forests there is a Forest trust (Note: ... -The Secondary Zone SOA is pointing to DC1 on ForestA. ...
    (microsoft.public.windows.server.dns)
  • Re: Help with Zone tranfers keep breaking
    ... I setup a similar scenario to Chris ... Forests, ... Between the 2 forests there is a Forest trust (Note: ... I changed the SOA expiration time to 5m, ...
    (microsoft.public.windows.server.dns)
  • Re: cross-forrests trusts on routed networks with NAT
    ... "Rup And" wrote in message ... So you can put a trust between the 2 forest root domains of your 2 forests - ... > One forrest build on Windows2000 and one forrst build on Windows 2003 ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem Establishing Trust between Production and Development AD E
    ... The easiest thing to do would be to move the test dns domain to your ... establish the trust without any other modifications. ... > setup a trust between our production and development AD forests in order ... > trust between the production ICM domain and ORT? ...
    (microsoft.public.windows.server.active_directory)