DNS problem (I think)

[Alex Anderson]

Hello everyone,

I've recent brought up another DC in my organization and I have
transferred over the FSMO's to this new server. This new DC will be taking
the place of my first DC. Since I've transferred over the FSMO's what am I
to do with the DNS on this server? All my other DNS servers (4 total
including my old first DC) are configured as Active Directory-Integrated
Primary zone, with the check box checked "Store the zone in Active Directory
(available only if DNS server is a domain controller). One problem I do see
is the reserve DNS zones which are setup the same way as my forward. They
don't seem to be updating properly. I have some discrepancies with certain
records. I've been told, so long they are active directory integrated, I
should be okay. Any help or insight will be greatly appreciated.

Thank you
Alex Anderson

 

[James Raines]

Hello Alex,

Thank you for choosing Microsoft and for using our Newsgroups. I have
reviewed the information you have provided this far. My understanding of
the issue is the following:

You are planning to demote one of your DC's and you want to know what you
should do about DNS on that server since the zone is AD Integrated. You
stated that you are also discrepancies with records in DNS.


RESOLUTION:
============

As far as the DC you want to demote, you can either convert the zone to
secondary if you want it to remain a DNS server, or you can uninstall DNS
before you demote it.

Now as far as discrepancies in your DNS records, the important thing to
remember is that since these are AD Integrated zones, if AD isn't
replicating properly the records won't be the same across all DNS servers.
Since you have mulitiple DNS servers look at the following article and make
sure your DNS configuration is set this way:

275278 DNS Server Becomes an Island When a Domain Controller Points to
Itself
http://support.microsoft.com/?id=275278

Also, if your DC's are pointed to an Internet DNS server in the TCP/IP
properties of the NIC, this will also cause problems. Once you've verified
that DNS is configured properly, you can use repadmin or replmon from the
Win2k support tools that come with the server CD to analyze whether AD is
replicating properly. You can also download the latest Win2k support tools
here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=f08d28f3-b835-4847-
b810-bb6539362473&DisplayLang=en

Best Regards,

James Raines
Microsoft Corporation

 

[Alex Anderson]

James,

Hey thank you so much for the information. It looks like things are
correct itself, however I did notice one weird thing to me anyways. Under
my zone/_msdcs_domains/has a bunch of letters and numbers/_TCP/ I have a few
SRV recoreds that are not DC controllers yet they are workstations. There
are about 3 records of those. Should they be in there? I don't think so
personally. Also, I saw what I was doing wrong and followed method 1 of
that KB article you gave me.

Thank you
Alex Anderson

 

[Jonathan de Boyne Pollard]

AA> One problem I do see is the reserve

"reverse"

AA> DNS zones which are setup the same way as my forward. They don't
AA> seem to be updating properly. I have some discrepancies with certain
AA> records.

Discrepancies between the copies of the DNS database (which would be an
Active Directory replication problem)? Discrepancies between what is in
the DNS database and what you think *ought* to be in the DNS database
(which would most likely be a Dynamic DNS and DHCP server problem)?
Describe your problem in concrete terms.