DNS replication

  • Thread starter Thread starter Scott Micale
  • Start date Start date
S

Scott Micale

I need some help I am about to pull all my hair out!!!! I have 2 DNS
servers both are running Win2k3. On is in hrm.lan and the other is in
hh.hrm.lan. HRM.Lan is a AD-Integrated and replication is set to All domain
controllers in AD Domain. When I try and ping some clients in a hrm.lan
from hh.hrm.lan I get no replies. When I do a nslookup from a machine in
hh.hrm.lan and set the server to the hh.hrm.lan server I get the error where
it can't resolve. If I switch the server to the hrm.lan server I get my
resolution to work. What do I have set wrong? In my zone list on the dns
server in hh.hrm.lan should I see the zone hrm.lan? I have been told I
shouldn't because I am replicating to All domain controllers in AD domain.
If I try and delete that zone on the hh.hrm.lan dns server I get a access is
denied.

Hope this is enough info.
Thanks!
 
In
Scott Micale said:
I need some help I am about to pull all my hair out!!!! I have 2 DNS
servers both are running Win2k3.
Click to expand...
One is in hrm.lan and the other is in
hh.hrm.lan. HRM.Lan is a AD-Integrated and replication is set to All
domain controllers in AD Domain.
Click to expand...
When I try and ping some clients in
a hrm.lan from hh.hrm.lan I get no replies.
Click to expand...
When I do a nslookup
from a machine in hh.hrm.lan and set the server to the hh.hrm.lan
server I get the error where it can't resolve.
Click to expand...

Curious, if you need to "set" it to a DNS server in hh.hrm.lan from a
machine that is sitting in hh.hrm.lan, then its telling me your DNS config
is incorrect.
If I switch the
server to the hrm.lan server I get my resolution to work.
Click to expand...

Hmm, configuration issue, if you're saying you're doing this from a machine
in the child domain.
What do I
have set wrong? In my zone list on the dns server in hh.hrm.lan
should I see the zone hrm.lan? I have been told I shouldn't because
I am replicating to All domain controllers in AD domain. If I try and
delete that zone on the hh.hrm.lan dns server I get a access is
denied.
Click to expand...

Depends on who you are logging in and from what machine which will dictate
whether you can do or not perform this function.
Hope this is enough info.
Thanks!
Click to expand...

You need to either replicate to All domains in the forest or setup a
delegation.

Show us an ipconfig /all from a DC and a client in both the in the hrm.lan
and the hh.hrm.land domains please to get a clearer picture of what's going
on.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I don't have to "set" the server when doing a nslookup. I just tried to set
it to see if it made a difference. It did not, so I guess that answers that
question.

I am logging in as a Admin with full privileges. For the life of me
everytime I get the hrm.lan zone deleted on of the servers and stop and
restart the dns service, it reappears. What can I do to get the hrm.lan off
of the dns server in hh.hrm.lan? There must be something else I can try?

Thanks Ace!

"Ace Fekay [MVP]"
 
In
Scott Micale said:
I don't have to "set" the server when doing a nslookup. I just tried
to set it to see if it made a difference. It did not, so I guess
that answers that question.

I am logging in as a Admin with full privileges. For the life of me
everytime I get the hrm.lan zone deleted on of the servers and stop
and restart the dns service, it reappears. What can I do to get the
hrm.lan off of the dns server in hh.hrm.lan? There must be something
else I can try?

Thanks Ace!
Click to expand...

No prob, but haven't figured it out yet!

You want to remove the zone for hrm.lan from the DNS server hosting
hh.hrm.lan? If they are separate zones, such as:

hrm.lan
hh.hrm.lan

Then you can delete the hrm.lan

If hh is a child of hrm.lan, then no, you can't delete the parent zone.
Re-create the child zone as hh.hrm.lan and then you can delete the other
tree.

Unless I;m still misunderstanding whats going on...?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Yes hh is a child of hrm.lan. So in hh.hrm.lan am I suppose to see the
hrm.lan zone? I thought I was not. I already have the hh.hrm.lan zone
setup in hh.hrm.lan so that does not need added. Are we on the same page?
Hopefully I haven't confused you too much.

Thanks again.

"Ace Fekay [MVP]"
 
In
Scott Micale said:
Yes hh is a child of hrm.lan. So in hh.hrm.lan am I suppose to see
the hrm.lan zone? I thought I was not.
Click to expand...

No, if the zone is physically created and spelled like this:
hh.hrm.lan

Then that's the zone name and you will not see hrm.lan unless you created it
separately and spelled it that way.
I already have the
hh.hrm.lan zone setup in hh.hrm.lan so that does not need added. Are
we on the same page? Hopefully I haven't confused you too much.
Click to expand...

I think so! :-) If you also want to see hrm.lan on a DNS server that is a DC
in a different domain, then on the DNS server in the hrm.lan zone, you can
replicate the zone to all domains in teh forest, so then it should show up
in the application partition and when you physically create the zone and
make it AD Integrated, the zone will populate, taking it from the app
partition in the AD database.
Thanks again.
Click to expand...

I hope the helped and we're on the same page?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Well I think I understand what you are saying, but I almost feel like my DNS
is hosed on this child DC. I am considering removing the DNS and redoing
it. Will that mess up my AD if I uninstall DNS and then re-add it? Or
since this is my only dc in this domain I was thinking of getting a machine
and loading win2k3 on it and then making it a dc so I would have a backup if
something went wrong and then once I have gotten my regular DC back up,
dcpromo the one I just added and take it off the network. SHould I do that?
The replication is not being done right on the hh.hrm.lan domain and I think
starting over is my best bet.
"Ace Fekay [MVP]"
 
In
Scott Micale said:
Well I think I understand what you are saying, but I almost feel like
my DNS is hosed on this child DC. I am considering removing the DNS
and redoing it. Will that mess up my AD if I uninstall DNS and then
re-add it?
Click to expand...

Usually its just a configuration issue. I wouldn't do that. Maybe if you do
have a DNS on the child, you can easily configure a delegation. Delegate
from the parent domain DNS to the child, then configure a forwarder from the
child back to the parent. The parent would forward to the ISP in this case,
and not the child.

255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248
Or since this is my only dc in this domain I was thinking
of getting a machine and loading win2k3 on it and then making it a dc
so I would have a backup if something went wrong and then once I have
gotten my regular DC back up, dcpromo the one I just added and take
it off the network. SHould I do that?
Click to expand...

Its always recommended to have at least 2 DCs in each domain for a couple
reasons:
1. Fault tolerance and redundancy
2. The Infrastructure Master FSMO Role needs to be moved off the machine
that is a GC to the other machine in the domain. This really only is a
factor in a multi-domain environment, such as what you are planning.
The replication is not being
done right on the hh.hrm.lan domain and I think starting over is my
best bet.
Click to expand...

Not necessarily. Usually its just a configuration issue. If you were to
reinstall it and made the same configuration mistake, it will never go away!




Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I am already doing a delegation to my child and it isn't working. I had
this setup a few months back and it was fine. I am not sure what happened,
but now it is not working right.

When I do transfer the FSMO all I need to transfer is the PDC, RID, and
Infrastructure because my root server has the other 2 right? I did a netdom
and that is what it shows.


"Ace Fekay [MVP]"
 
In
Scott Micale said:
When I do transfer the FSMO all I need to transfer is the
PDC, RID, and Infrastructure because my root server has
the other 2 right? I did a netdom and that is what it
shows.
Click to expand...

The parent domain has its own PDC, RID and Infrastructure master as will the
child domain. There is one each of these masters per domain. Your child
domain cannot hold the PDC, RID or Infrastructure Master for the parent
domain.
In addition there is also a Domain Naming Master and Schema Master, these
two masters are one each per Forest.
 
In
Scott Micale said:
I am already doing a delegation to my child and it isn't working. I
had this setup a few months back and it was fine. I am not sure what
happened, but now it is not working right.

When I do transfer the FSMO all I need to transfer is the PDC, RID,
and Infrastructure because my root server has the other 2 right? I
did a netdom and that is what it shows.
Click to expand...

Well, at this point I do not know what is going on by your description.
Probably something that I would need to remote in to and have the ability to
look at both DNS servers' configuration, preferably from the parent DNS
since Enterprise Admin can make changes in any domain.

Demoting using dcpromo usually automatically takes care of this. If you did
it manually, that's cool too. Don't forget the GC has to be moved manually.


Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Right the parent does the Domain Naming Master and Schema Master and my
child original DC would do the other three. Those 3 would be the ones I
need to transfer to the new child dc.
 
In
Scott Micale said:
Do you want to remote in? I can get you access if you want.
Click to expand...

A little later tonite, if ok. What time zone are you in? Email me privately.
Replace my actual (e-mail address removed) in my email address.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I am in the eastern time zone. I will email you all the details to get in
and give you more info on our network. Thanks a lot. I just don't know
where else to go with this.
"Ace Fekay [MVP]"
 
In
Scott Micale said:
I am in the eastern time zone. I will email you all the details to
get in and give you more info on our network. Thanks a lot. I just
don't know where else to go with this.
Click to expand...

Ok, I'm in the Philly suburbs so Im in the EST zone as well. Look forward to
your email.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Back
Top