DNS server dropping A and PTR records

  • Thread starter Thread starter Phil
  • Start date Start date
P

Phil

I have 4 Win2K servers, one a PDC on domain.com and the other
3 as BDC [child] sub1.domain.com, sub2 and sub3 similarly. I can
see all the PTR records for the various servers and domain names
and A records [hosting approx 40 domains] on one BDC server,
but nearly all of the PTR records are not listed in the DNS server
window. If I re-create the PTR records, sometimes they "exist"
already, other times they don't. I have all my A records set not to
expire and I don't have auto-scavenging set. Any ideas?

It may or may not be related but I am experiencing AD replication
problems which I am fighting, all servers are in a single site, and
I think I have all the SRV records in each of the 4 server's DNS.
Unfortunately, when I added the BCDs one at a time over a period
of weeks / months, they didn't automatically create their respective
entries.

Also, for the 4 servers only, some of the A [host] records are being
deleted. Servername.sub?,domain.com are all fine but the blank A
record without the 'servername' are constantly being deleted, not
just dropped - they're definitely not there when re-created.

The reason for the above config is that all 4 servers are nameservers
on the internet and have external IP addresses, but they also have a
second NIC for the internal IP address. My goal is to have the
servername.sub?.domain.com on internal IP addresses, and the
sub?.domain.com for the public nameservers / MX records etc.

I'd appreciate any hints, running out of ideas here :-)
 
In
Phil said:
I have 4 Win2K servers, one a PDC on domain.com and the
other 3 as BDC [child] sub1.domain.com, sub2 and sub3
similarly. I can
see all the PTR records for the various servers and
domain names
and A records [hosting approx 40 domains] on one BDC
server,
but nearly all of the PTR records are not listed in the
DNS server window. If I re-create the PTR records,
sometimes they "exist" already, other times they don't. I
have all my A records set not to expire and I don't have
auto-scavenging set. Any ideas?

It may or may not be related but I am experiencing AD
replication problems which I am fighting, all servers are
in a single site, and I think I have all the SRV records
in each of the 4 server's DNS. Unfortunately, when I
added the BCDs one at a time over a period
of weeks / months, they didn't automatically create their
respective entries.

Also, for the 4 servers only, some of the A [host]
records are being deleted. Servername.sub?,domain.com are
all fine but the blank A record without the 'servername'
are constantly being deleted, not just dropped - they're
definitely not there when re-created.

The reason for the above config is that all 4 servers are
nameservers on the internet and have external IP
addresses, but they also have a second NIC for the
internal IP address. My goal is to have the
servername.sub?.domain.com on internal IP addresses, and
the sub?.domain.com for the public nameservers / MX
records etc.

I'd appreciate any hints, running out of ideas here :-)
Click to expand...

First there is no such thing as a BDC in Win2k, there are only DCs. There is
one server in each domain that holds the PDC FSMO role, in addition there is
also a RID master and a Infrastructure master in _each_ domain. The child
domain has three FSMO masters, too. Then there are two more operations
masters, the Schema and Naming Master that are forest wide.
That said it is very risky of only have one DC in parent domain. That means
that it in addition to the PDC Role it also holds the RID master, the
infrastructure master in its domain, plus the Domain naming master role and
the schema master role for the forest. If it goes down and cannot be
repaired, you will lose everything in both domains, because the child domain
cannot exist without the parent domain. If you lose the parent DC the parent
domain is gone. I would highly suggest you add a replica DC to the forest
root ASAP.

Now here is what I would do in your situation, In fact, it is exactly what I
do I have two forest root DCs, and two child DCs. The Forest root DCs do all
DNS for the local network, all DCs and clients even the child DCs use the
forest root DCs for DNS. My child DCs have DNS on them to but, they are used
exclusively for all my public zones, there are no private zones or private
records on the child DCs and none of my internal machines use them for DNS.
The child DCs hold all user and computer accounts for all users.
 
Thanks Kevin, yes my terminology is off. I know where to check the FSMO,
RID etc so will check that and I agree, the way I have it setup at the moment
is too exposed to risk. Thanks for the pointer. Phil

Kevin D. Goodknecht Sr. [MVP] wrote:
[snip]
 
Back
Top