How long to synch Delegation record to DNS servers

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi,

I have two DNS servers running on my network. If I create
a delegation records or A record, how long before it
is populated across all DNS servers?

I added a delegation to one server and hit Refresh, has not
happenned yet.

Do
 
In
Hi,

I have two DNS servers running on my network. If I create
a delegation records or A record, how long before it
is populated across all DNS servers?

I added a delegation to one server and hit Refresh, has not
happenned yet.

Do
Click to expand...

Fifteen minutes should be enough but there are other factors to consider.
Are the zones AD Integrated or Primary Secondary?
 
If they are AD-integrated the record will appear
at the next AD replication cycle. By default, these
cycles are every hour, but you can adjust the schedule
in AD sites/services snap-in to force more frequent
updates during the day, which many admins do over faster
links. (The minimum is 15 minutes.)

Steve Duff, MCSE
Ergodic Systems, Inc.
 
In addition to the other responses about replication and zone transfers, I'm
curious what you mean by delegation or create a delegation record? I
understand if you create an A record, and the responses you received
explains that, depending on your setup, but as for delegation, that's
something different, unless of course, you mean something else?

Are you saying that you delegated a child domain's zone from the parent to
the child domain's DNS server(s)? If that's the case, only the child zone
will show up at that server, not the parent zone. The child zone in the
parent zone will show up as a gray folder to signify it's a delegation. If
you go into properties of it, it will show the child zone's DNS server(s)'s
IP. For queries from a client using the child DNS server(s) for a record in
the parent zone, a forwarder is configured from the child's DNS server(s) to
the parent's DNS server(s). Make sense?

So, if this is the case, going by your statement, then if you create an A
record in the parent zone, it will *never* show up in the DNS server hosting
the child zone, since it doesn't have a copy of the parent zone.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Where do I check for this?

Do


Kevin D. Goodknecht said:
In (e-mail address removed) <[email protected]> posted a question
Then Kevin replied below:

Fifteen minutes should be enough but there are other factors to consider.
Are the zones AD Integrated or Primary Secondary?
Click to expand...
 
In
Where do I check for this?

Do
Click to expand...

If the zones are on a DC they can be any of the three types ADI, Primary, or
Secondary.
To verify the type check the zone properties on the General tab.
 
They are Active Directory Integrated.

Do

Kevin D. Goodknecht said:
In (e-mail address removed) <[email protected]> posted a question
Then Kevin replied below:

If the zones are on a DC they can be any of the three types ADI, Primary, or
Secondary.
To verify the type check the zone properties on the General tab.
Click to expand...
 
In
They are Active Directory Integrated.

Do
Click to expand...

They should replicate at least once per hour, you can force replication in
ADS&S, if it appears replication is failing run DCDIAG /fix and DCDIAG /e /v
for further information.
To check for connectivity problems run netdiag /v
 
Kevin, if AD Integrated, normally with AD user/group or other object changes
(AD adds, deletes, modifies, etc), it will replicate within minimum 5
minutes, maximum 15 minutes that is if the DCs are within the same AD site
between the DCs that are in the same domain.

If the DCs that are in the same domain are in different sites, then it
depends on the Site Connector's properties connecting those two sites
together and intervals that were set on the Site connector properties. When
you create a Site connector, by default it's 180 minutes, which can be
changed to the lowest time interval of 15 minutes. That is when replication
will be allowed to occur.

If the two DCs are in different domains (like one is the parent domain and
the other is in a child domain), then the AD Integrated zone will not
replicate to it, since AD Integrated zones are stored in the Domain NC,
which is domain specific (like domain user accounts, domain global groups,
etc).

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In Ace Fekay [MVP] <PleaseSubstituteMyActualFirstName&[email protected]>
posted a question
Then Kevin replied below:
Kevin, if AD Integrated, normally with AD user/group or other object
changes (AD adds, deletes, modifies, etc), it will replicate within
minimum 5 minutes, maximum 15 minutes that is if the DCs are within
the same AD site between the DCs that are in the same domain.

If the DCs that are in the same domain are in different sites, then it
depends on the Site Connector's properties connecting those two sites
together and intervals that were set on the Site connector
properties. When you create a Site connector, by default it's 180
minutes, which can be changed to the lowest time interval of 15
minutes. That is when replication will be allowed to occur.

If the two DCs are in different domains (like one is the parent
domain and the other is in a child domain), then the AD Integrated
zone will not replicate to it, since AD Integrated zones are stored
in the Domain NC, which is domain specific (like domain user
accounts, domain global groups, etc).

--
Click to expand...
I agree Ace, I guess what we really need to know is which domain these two
DCs belong to and a little more information on what the delegation is that
he created.
If he would post the DCDIAG /v /e we would know.
 
Maybe *also* an ipconfig /all from both servers and a copy of the zone files
on each would also help to understand what is being accomplished.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

Kevin D. Goodknecht said:
In Ace Fekay [MVP]
Click to expand...
 
d> I have two DNS servers running on my network. If I create
d> a delegation records or A record, how long before it
d> is populated across all DNS servers?

How long is a piece of string ?

If, by "is populated", you are talking about caching, then the time until the
old data expires from the caches in other servers depends from what TTL you
ascribed to the old data when you created them in the first place.

If, by "is populated", you are talking about database replication, then the
time until the peer server starts to publish the new data depends from the
database replication mechanism that you have chosen to employ and how often
you have configured it to run. (For "zones" stored in Active Directory, check
your Active Directory replication settings. For "zones" replicated by "zone
transfer", check what you have specified in the fields of the "SOA" resource
record.)
 
Back
Top