AD Integrated Zone Serial Numbers

  • Thread starter Thread starter Ujoshi
  • Start date Start date
U

Ujoshi

I'm running 2 ADCs for a single domain, with dns running on both.
They each host an AD integrated zone.
However, they maintain disparate serial numbers.
This is a problem for children which alternately use one as a primary and
the other as a secondary.
How can I make sure that they 'update' each other?
 
In
Ujoshi said:
I'm running 2 ADCs for a single domain, with dns running on both.
They each host an AD integrated zone.
However, they maintain disparate serial numbers.
This is a problem for children which alternately use one as a primary
and the other as a secondary.
How can I make sure that they 'update' each other?
Click to expand...

The serials should stay the same, Do both DCs have NS records in both zones?
You may have a replication problem, DCDIAG will check that, run DCDIAG /e /v
In TCP/IP properties are the DCs pointing to the other DC as Preferred then
to itself as Alternate DNS only? (no ISP's DNS allowed in the NIC)
 
Thanks for your reply Kevin.

I have checked the network properties and each server refers to the other
first for dns lookups; no other dns server is listed
Both zones already have both servers listed in NS records.
And, dcdiag shows no errors with the parameters you said to use.

I'm still having one server basically 'running away' on updates to the
serial numbers. The separation is about 1 on one server for every 100 on the
other.

Do you have any other suggestions?

Once again, thank you for giving me some ideas on what to look for.

- Umesh
 
In
Ujoshi said:
Thanks for your reply Kevin.

I have checked the network properties and each server refers to the
other first for dns lookups; no other dns server is listed
Click to expand...

On both of them point them to themselves as Alternate.
Both zones already have both servers listed in NS records.
And, dcdiag shows no errors with the parameters you said to use.

I'm still having one server basically 'running away' on updates to the
serial numbers. The separation is about 1 on one server for every 100
on the other.
Click to expand...

So are you saying that when one increments 1 the other increments 100?

try this command to check DNS registration netdiag /test:dns /v
 
Kevin D. Goodknecht said:
In

On both of them point them to themselves as Alternate.
Click to expand...

I apologize. I meant that they point to the other as primary and to
themselves as secondary.
So are you saying that when one increments 1 the other increments 100?
Click to expand...

The ratio is not exactly 1 for every 100, but it's approximately the general
trend.
Sometimes, the other catches up a little and is behind by only 150 or so.
But otherwise, there's a separation of around 500 by a day's end.
try this command to check DNS registration netdiag /test:dns /v
--
Click to expand...

This did not report any errors on either server.

I'm wondering if this may be the case:
These servers are root domain controllers which are not to be used by
anyone.
Perhaps end users of child domains are referring to one of the above as a
secondary.
Would this cause such an effect?
 
U> This is a problem for children which alternately use one
U> as a primary and the other as a secondary.

Unless you are very careful and know _exactly_ what you are
doing, don't mix and match different database replication
mechanisms within a single set of peer content DNS servers.

<URL:http://groups.google.com/[email protected]>
 
Thanks for the details. I guess that I'm more worried about the serial
numbers than I need to be!
It /is/ kind of oddball that the serial number is supposed to represent an
actual change to records, but is incremented by replication where no real
change is involved...
 
Back
Top