Re: Forward Lookup Zone missing when new tree added to forest
- From: Shawn Conaway <ShawnConaway@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Nov 2006 08:27:02 -0800
Hi Ace,
Thanks for the help. My DNS resolution is actually working fine as far as I
can tell. I added DNS to a second domain controller in the shell.company
domain and I no longer have DNS errors in my log.
The real problem I am experiencing is that I don't have a forward lookup
zone for shell.company in DNS hosted by either the company.biz (forest root)
domain or the sight.company (another tree in the forest). However, zones for
company.biz and sight.company DO appear in the forward lookup zones for
shell.company. There is my dilemma.
DNS for the entire forest is AD-integrated. Since DNS replication is
AD-integrated, I was not terribly surprised that I didn't have a
shell.company zone. However, the other two domains do have zones. I would
expect it would be an all or nothing situation: either the AD-integrated
domains all have forward lookup zones or all of them don't. The current
situation is a mix of both.
The lack of a forward lookup zone has me worried. I don't want to get the
domain rolled out and have it come to a screeching halt in 30 days because of
a replication problem. However, I don't see any replication problems aside
from the missing shell.company zone.
Here is the ipconfig for the three servers mentioned above:
*** Forest Root server ***
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : company.Biz
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.biz
sight.company
mke.company.net
companysolutions.com
Ethernet adapter 10.3.1.244:
Connection-specific DNS Suffix . : company.Biz
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-D2-64-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.244
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.244
10.3.1.239
10.3.1.103
Primary WINS Server . . . . . . . : 10.3.1.239
--------------------------
*** Second tree in domain ***
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : sight.company
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sight.company
company.biz
mke.company.net
shell.company
Ethernet adapter 10.3.1.239:
Connection-specific DNS Suffix . : sight.company
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-AB-15-F8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.239
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.239
10.3.1.244
10.3.1.103
Primary WINS Server . . . . . . . : 10.3.1.239
Secondary WINS Server . . . . . . : 10.3.0.15
--------------------------
*** New tree in domain ***
Host Name . . . . . . . . . . . . : DC8
Primary Dns Suffix . . . . . . . : shell.company
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.biz
sight.company
mke.company.net
companysolutions.com
shell.company
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : shell.company
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-B0-30-A2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.103
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.103 (self)
10.3.1.104 (DC2 --> second DC in
shell.company)
10.3.1.244 (forest root)
10.3.1.239 (DC for second tree in
forest)
Primary WINS Server . . . . . . . : 10.3.1.239
*** Forest Root server ***
Host Name . . . . . . . . . . . . : DC1
Primary Dns Suffix . . . . . . . : company.Biz
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.biz
sight.company
mke.company.net
companysolutions.com
Ethernet adapter 10.3.1.244:
Connection-specific DNS Suffix . : company.Biz
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-D2-64-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.244
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.244
10.3.1.239
10.3.1.103
Primary WINS Server . . . . . . . : 10.3.1.239
--------------------------
*** Second tree in domain ***
Host Name . . . . . . . . . . . . : DC3
Primary Dns Suffix . . . . . . . : sight.company
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sight.company
company.biz
mke.company.net
shell.company
Ethernet adapter 10.3.1.239:
Connection-specific DNS Suffix . : sight.company
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-AB-15-F8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.239
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.239
10.3.1.244
10.3.1.103
Primary WINS Server . . . . . . . : 10.3.1.239
Secondary WINS Server . . . . . . : 10.3.0.15
--------------------------
*** New tree in domain ***
Host Name . . . . . . . . . . . . : DC8
Primary Dns Suffix . . . . . . . : shell.company
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.biz
sight.company
mke.company.net
companysolutions.com
shell.company
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : shell.company
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-B0-30-A2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.3.1.103
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.3.0.1
DNS Servers . . . . . . . . . . . : 10.3.1.103 (self)
10.3.1.104 (DC2 --> second DC in
shell.company)
10.3.1.244 (forest root)
10.3.1.239 (DC for second tree in
forest)
Primary WINS Server . . . . . . . : 10.3.1.239
"Ace Fekay [MVP]" wrote:
In news:2B35F4C8-F377-4C48-B6AD-135E576BA62F@xxxxxxxxxxxxx,.
Shawn Conaway <ShawnConaway@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
commented on below:
Hi,
I have a forest with three domains that are in separate trees:
company.biz, sight.company, and shell.company. Company.biz is the
forest root. Shell.company is the new domain. In DNS, all three
domains appear in the forward lookup zones on the domain controllers
hosting shell.company. Domain controllers for the other two domains
only show the two domains.
DNS is Active Directory-Integrated. Replication is set for 'All DNS
servers in the Active Directory Forest'. Zone transfers are allowed
to 'only to servers listed on the Name Servers tab'. Under the Name
Servers tab, I have update the name servers so that the two new
shell.company domain controllers appear in all three zones.
Adding the servers under the Name Servers tab appears to have
resolved my Kerberos issues because now in Sites and Services, the
correct domain appears for both of my shell.company domain
controllers. Previously, the servers were in the site, but the
domain did not show.
Adding the servers to the Names Servers tab also appears to have
fixed my name resolution problem. Pinging the shell.company is now
resolvable from other domain controllers. Pinging one shell.company
DC from the other shell.company DC now returns the FQDN instead of
just the name.
Although I can resolve names, I'm not sure how the resolution is
occurring as the servers doing the resolution do not have the
shell.company domain forward lookup zone. I suspect the forest root
is resolving names because of an A record for a shell.company domain
controller in company.biz\forestdnszones.
Are zone transfers actually occurring? Will manually creating a
forward lookup zone in the company.biz and sight.company domains
cause DNS corruption? Is there a setting I can change so that the
shell.company forward lookup zones automatically propagate into the
other zones?
<snipped>
I can't tell from the DCDIag and Netdiag since you masked out the IP
addresses for your DNS servers. The best way to tell is to know what DNS
servers are being used by all your DCs. If the wrong DNS, or an ISP's is
involved, then that can be the cause of it all.
Keep in mind, with AD integrated zones, the zone is stored in the AD
database. There is no such thing as a zone transfer between them. The DC/DNS
servers get their data from the AD database. If it is set to forest
replication, then all DCs in the forest have a copy of the zone. Surprised
that you are having trouble with the nameservers tab, etc, to not be able to
find all the DCs. BY default, all this just populates with AD integrated
zones, and if forest wide replication scope is set, then ALL DCs will have a
copy. Ideallyt when installing a new tree in the forest, we would want to
point ONLY to an existing DNS server in order for it to create the zone,
then you must have PATIENCE to allow the AD database to replciate to all
DCs. If you install DNS on another DC, WAIT WAIT WAIT for the DNS data to
replicate and it will auto populate. BUt if your DNS addresses are not
configured properly to point to the correct DNS servers, then that maynot
even work. Hence why you had Sites and Services issues.
Honestly, it would better to see a whole layout of each DC in each
tree/domain and see each of their "ipconfig all" (unedited and
un-obfuscated). If you cannot post that, then at least go by my
recommendations please.
--
Ace
Innovative IT Concepts, Inc (IITCI)
Willow Grove, PA
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer
Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164
Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."
The only constant in life is change...
- Follow-Ups:
- Re: Forward Lookup Zone missing when new tree added to forest
- From: Ace Fekay [MVP]
- Re: Forward Lookup Zone missing when new tree added to forest
- References:
- Forward Lookup Zone missing when new tree added to forest
- From: Shawn Conaway
- Re: Forward Lookup Zone missing when new tree added to forest
- From: Ace Fekay [MVP]
- Forward Lookup Zone missing when new tree added to forest
- Prev by Date: Re: Forward Lookup Zone missing when new tree added to forest
- Next by Date: Re: "Network" DNS Server
- Previous by thread: Re: Forward Lookup Zone missing when new tree added to forest
- Next by thread: Re: Forward Lookup Zone missing when new tree added to forest
- Index(es):
Relevant Pages
|
Loading
