one way zone transfers

  • Thread starter Thread starter Sam
  • Start date Start date
S

Sam

hi folks

I would think this is really simple but I can't work it out.

We have two site A and B on different subnets connected by a 1MB link. Site
A has a AD DNS server and so does Site B.

When a record is created on site A's DNS server it is replicated to Site B
dns Server as I would expect and the increment increases. However when a
record is created on Site B's DNS server it will not replicate to site A DNS
server?

For easy of trouble shooting zone transfers are set to any server and both
server are named servers and have a records.

Any ideas any one?

Cheers
 
In
Sam said:
hi folks

I would think this is really simple but I can't work it out.

We have two site A and B on different subnets connected by a 1MB
link. Site A has a AD DNS server and so does Site B.

When a record is created on site A's DNS server it is replicated to
Site B dns Server as I would expect and the increment increases.
However when a record is created on Site B's DNS server it will not
replicate to site A DNS server?

For easy of trouble shooting zone transfers are set to any server and
both server are named servers and have a records.

Any ideas any one?

Cheers
Click to expand...

Is the Site B's DNS server a domain controller or are you using
Primary/Secondaries?

I believe you're confusing yourself here, since if these DNS servers are DCs
and the zones are AD Integrated, then there is no "zone transfers" per se,
but rather AD replication is what "shares" this zone info on all DCs,
whether they have DNS installed or not. So if these guys are both DCs with
DNS installed and both are set to AD Integrated, anything created on either
one will show up in the other, but there is a time lag due to AD's
replication latency, which is normal. If in the same site. the lag can be
between 5 - 15 minutes, depending on the number of DCs. If different sites,
then replication is subject to the replciation schedule set on the Site
properties.

This only works with DCs of the SAME domain, not different domains, since
the AD INtegrated zone is stored in the DomainNC of the database, which is
domain specific and does not replicate to other domain controllers in a
DIFFERENT domain.

There are issues with AD Integrated zones and a large number of DCs. Read
here:
282826 - Active Directory-Integrated DNS Zone Serial Number Behavior:
http://support.microsoft.com/?id=282826

If Prim/Sec, then yes, DNS in A will notify DNS in B that there's been a
change. But you won't be able to change it on a seondary. If a client is
using a secondary as it's DNS, then the MNAME record is found in the zone on
the secondary which provides the SOA to send the registration request to,
which would be the DNS server hosting the Primary zone.

Hope that helps.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Sam said:
"Ace Fekay [MVP]"

Yes you are right in that they are both DC and both have DNS
installed as an AD zone. They are both in different sites but
replication is set to 15min on both for testing and are in the same
domain. I have created a host record on server B and have given it
over 24hrs to show in ServerA, but dos not. Where as server A will
replicate in upto 15min to server B. I shall rtead the link and let
you know if it helps me. If i carnt get it to work then i shall have
to put it back to prim/sec somthing i dont really want to do.

Cherrrs anyway
Click to expand...

Hmm, is replication functioning? When you create a user in A, does that user
show up in DC2 after the next replication cycle? If not, then I would say
the problem lies elsewhere. Let me know please if the user shows up.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace Fekay said:
In

Hmm, is replication functioning? When you create a user in A, does that user
show up in DC2 after the next replication cycle? If not, then I would say
the problem lies elsewhere. Let me know please if the user shows up.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

Hello again

Problem one solved. The server in Site A had been given the wrong ip address
for DNS. (has two Nic) Changed that and replication works. However when
running netdiag i still have these errors: -

DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'DOMAINNAME' is incorrect on
all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server 'x.x.x.x'
and other DCs also have some of the names registered.


Looking on microsoft site and carnt seem to see anything and the domainname
looks ok to me in the zones. Any ideas?

Appricate your help

Cheers
 
In
Sam said:
"Ace Fekay [MVP]"
In

Hmm, is replication functioning? When you create a user in A, does
that user show up in DC2 after the next replication cycle? If not,
then I would say the problem lies elsewhere. Let me know please if
the user shows up.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

Hello again

Problem one solved. The server in Site A had been given the wrong ip
address for DNS. (has two Nic) Changed that and replication works.
However when running netdiag i still have these errors: -

DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'DOMAINNAME' is
incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'x.x.x.x' and other DCs also have some of the names registered.


Looking on microsoft site and carnt seem to see anything and the
domainname looks ok to me in the zones. Any ideas?

Appricate your help

Cheers
Click to expand...

Glad you changed the DNS address. If the machine has two NICs, that changes
things a bit. You'll want to make sure the "internal" NIC or the one that is
connected to your AD side, is at the top of the Binding list (in Network &
Dialup COnnections, Adv Menu, Adv Settings). If it shows as the second NIC
in the list, move it to the top.

Make sure in DNS, all the SRV records show and are correct. This is
*important* for AD, replication and everything else in AD. That's what that
error is talking about. Look here:

241515 - How to Verify the Creation of SRV Records for a Domain Controller:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;241515

Also, make sure the IP addresses are correct. With the one with two NICs,
you really don';t want both NICs registering, *especially* with a DC. Causes
obvious problems. I would suggest (if you can) to remove that NIC off the DC
and put it on a member server, if possible, but then I don't know you're
whole infrastructure and why there are two NICs. A resolution for that
machine's name *may* return the wrong IP and they can't get to it.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace Fekay said:
In
Sam said:
"Ace Fekay [MVP]"
In Sam <[email protected]> posted his concerns then I replied down
below:
"Ace Fekay [MVP]"
message In Sam <[email protected]> posted his concerns then I replied down
below:
hi folks

I would think this is really simple but I can't work it out.

We have two site A and B on different subnets connected by a 1MB
link. Site A has a AD DNS server and so does Site B.

When a record is created on site A's DNS server it is replicated
to Site B dns Server as I would expect and the increment
increases. However when a record is created on Site B's DNS
server it will not replicate to site A DNS server?

For easy of trouble shooting zone transfers are set to any server
and both server are named servers and have a records.

Any ideas any one?

Cheers

Is the Site B's DNS server a domain controller or are you using
Primary/Secondaries?

I believe you're confusing yourself here, since if these DNS
servers are DCs and the zones are AD Integrated, then there is no
"zone transfers" per se, but rather AD replication is what
"shares" this zone info on all DCs, whether they have DNS
installed or not. So if these guys are both DCs with DNS installed
and both are set to AD Integrated, anything created on either one
will show up in the
other, but there is a time lag due to AD's replication latency,
which is normal. If in the same site. the lag can be between 5 - 15
minutes, depending on the number of DCs. If different sites, then
replication is subject to the replciation schedule set on the Site
properties.

This only works with DCs of the SAME domain, not different domains,
since the AD INtegrated zone is stored in the DomainNC of the
database, which is domain specific and does not replicate to other
domain controllers in a DIFFERENT domain.

There are issues with AD Integrated zones and a large number of
DCs. Read here:
282826 - Active Directory-Integrated DNS Zone Serial Number
Behavior: http://support.microsoft.com/?id=282826

If Prim/Sec, then yes, DNS in A will notify DNS in B that there's
been a change. But you won't be able to change it on a seondary. If
a client is using a secondary as it's DNS, then the MNAME record is
found in the zone on the secondary which provides the SOA to send
the registration request to, which would be the DNS server hosting
the Primary zone.

Hope that helps.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


Yes you are right in that they are both DC and both have DNS
installed as an AD zone. They are both in different sites but
replication is set to 15min on both for testing and are in the same
domain. I have created a host record on server B and have given it
over 24hrs to show in ServerA, but dos not. Where as server A will
replicate in upto 15min to server B. I shall rtead the link and let
you know if it helps me. If i carnt get it to work then i shall have
to put it back to prim/sec somthing i dont really want to do.

Cherrrs anyway

Hmm, is replication functioning? When you create a user in A, does
that user show up in DC2 after the next replication cycle? If not,
then I would say the problem lies elsewhere. Let me know please if
the user shows up.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

Hello again

Problem one solved. The server in Site A had been given the wrong ip
address for DNS. (has two Nic) Changed that and replication works.
However when running netdiag i still have these errors: -

DNS test . . . . . . . . . . . . . : Failed
[FATAL]: The DNS registration for 'DOMAINNAME' is
incorrect on all DNS servers.
PASS - All the DNS entries for DC are registered on DNS server
'x.x.x.x' and other DCs also have some of the names registered.


Looking on microsoft site and carnt seem to see anything and the
domainname looks ok to me in the zones. Any ideas?

Appricate your help

Cheers
Click to expand...

Glad you changed the DNS address. If the machine has two NICs, that changes
things a bit. You'll want to make sure the "internal" NIC or the one that is
connected to your AD side, is at the top of the Binding list (in Network &
Dialup COnnections, Adv Menu, Adv Settings). If it shows as the second NIC
in the list, move it to the top.

Make sure in DNS, all the SRV records show and are correct. This is
*important* for AD, replication and everything else in AD. That's what that
error is talking about. Look here:

241515 - How to Verify the Creation of SRV Records for a Domain Controller:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;241515

Also, make sure the IP addresses are correct. With the one with two NICs,
you really don';t want both NICs registering, *especially* with a DC. Causes
obvious problems. I would suggest (if you can) to remove that NIC off the DC
and put it on a member server, if possible, but then I don't know you're
whole infrastructure and why there are two NICs. A resolution for that
machine's name *may* return the wrong IP and they can't get to it.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...

A whole load of thanks for your help on this one. Spoke to the other site
about the other card and there is no reason for it to be there. So its gone.
Reregistered the server in the DNS again and checked the bindings. (The
other card was on top) Anyway it all seems to work now and I get no problems
when running Netdiag.

Anyway cheers for your help. I'm sure we may chat again soon.

;-}
 
In
Sam said:
A whole load of thanks for your help on this one. Spoke to the other
site about the other card and there is no reason for it to be there.
So its gone. Reregistered the server in the DNS again and checked the
bindings. (The other card was on top) Anyway it all seems to work now
and I get no problems when running Netdiag.

Anyway cheers for your help. I'm sure we may chat again soon.

;-}
Click to expand...

Very good! Glad it's all together.

If any more probs, feel free to post back and I'm sure I'll be one of the
folks to respond!
:-)

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top