Parent Domain Zone Disappears From External DNS Server

[J.Parsons]

First an explanation of the setup we have:

Domain sstl.co.uk is the primary domain of our organisation and is
available both internally and externally. However, the internal DNS
server (actual members of that Win2K domain that is internal only and
protected behind a firewall) use a unique DNS zone containing the
private address mappings. A second DNS server exists on our DMZ that
is the DC for a sub-domain external.sstl.co.uk. This DNS server is
also the primary of a unique sstl.co.uk zone containing the external
adress mappings.

Recently, the sstl.co.uk zone has been disappearing from the second
server after a reboot although the actual zone file still exists. Once
it is added back into the DNS all is well until another reboot.

I've read lots of things about this, but nothing that really fits the
scenario I have tried to explain. How can I stop the zone
disappearing? It is probably a strange way of trying to solve a
particular issue, but sstl.co.uk is our internal NT domain and must not
be available from outside of our network for security reasons. I can
potentially migrate the external.sstl.co.uk to a different domain/DNS,
say sstl.net, but I want to see if its possible to fix the current
issue.

Cheers

JohnnyP

 

[Ace Fekay [MVP]]

In

First an explanation of the setup we have:

Domain sstl.co.uk is the primary domain of our organisation and is
available both internally and externally. However, the internal DNS
server (actual members of that Win2K domain that is internal only and
protected behind a firewall) use a unique DNS zone containing the
private address mappings. A second DNS server exists on our DMZ that
is the DC for a sub-domain external.sstl.co.uk. This DNS server is
also the primary of a unique sstl.co.uk zone containing the external
adress mappings.

Recently, the sstl.co.uk zone has been disappearing from the second
server after a reboot although the actual zone file still exists.
Once it is added back into the DNS all is well until another reboot.

I've read lots of things about this, but nothing that really fits the
scenario I have tried to explain. How can I stop the zone
disappearing? It is probably a strange way of trying to solve a
particular issue, but sstl.co.uk is our internal NT domain and must
not be available from outside of our network for security reasons. I
can potentially migrate the external.sstl.co.uk to a different
domain/DNS, say sstl.net, but I want to see if its possible to fix
the current issue.

Cheers

JohnnyP

Does the external DNS have a nameserver entry for the internal DNS or the
actual nameserver (the registrar's perhaps?) hosting the external zone?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

 

[JohnnyP]

Hi Ace

There is no nameserver entry in the external DNS tables for sstl.co.uk
that refers to the internal DNS server, nor is there any entry anywhere
for the registrar.

Cheers

JohnnyP

 

[Kevin D. Goodknecht Sr. [MVP]]

First an explanation of the setup we have:

Domain sstl.co.uk is the primary domain of our organisation and is
available both internally and externally. However, the internal DNS
server (actual members of that Win2K domain that is internal only and
protected behind a firewall) use a unique DNS zone containing the
private address mappings. A second DNS server exists on our DMZ that
is the DC for a sub-domain external.sstl.co.uk. This DNS server is
also the primary of a unique sstl.co.uk zone containing the external
adress mappings.

Recently, the sstl.co.uk zone has been disappearing from the second
server after a reboot although the actual zone file still exists.
Once it is added back into the DNS all is well until another reboot.

I've read lots of things about this, but nothing that really fits the
scenario I have tried to explain. How can I stop the zone
disappearing? It is probably a strange way of trying to solve a
particular issue, but sstl.co.uk is our internal NT domain and must
not be available from outside of our network for security reasons. I
can potentially migrate the external.sstl.co.uk to a different
domain/DNS, say sstl.net, but I want to see if its possible to fix
the current issue.

Are any of these Active Directory integrated zones?
Is the one that keeps disappearing a Secondary zone?

 

[Ace Fekay [MVP]]

In

Hi Ace

There is no nameserver entry in the external DNS tables for sstl.co.uk
that refers to the internal DNS server, nor is there any entry
anywhere for the registrar.

Cheers

JohnnyP

How about Kevin's question?

Ace

 

[JohnnyP]

Hi Kevin

None of the zones are AD integrated and the disappearing zone is a
primary zone on the external server, and a unique primary on the
internal server.

Cheers

JohnnyP

 

[Kevin D. Goodknecht Sr. [MVP]]

Hi Kevin

None of the zones are AD integrated and the disappearing zone is a
primary zone on the external server, and a unique primary on the
internal server.

You should verify both zone types, the only time I've seen or heard of this
happening is if there is an AD integrated zone of the same name on another
DC. AD integrated zones are replicated to all Domain Controllers in the same
domain, if there is an ADI zone on one DC, the zone will replicate to all
DCs in the domain and you can't have two zones of the same name on one DNS
server.

 

[Ace Fekay [MVP]]

In

Hi Kevin

None of the zones are AD integrated and the disappearing zone is a
primary zone on the external server, and a unique primary on the
internal server.

Cheers

JohnnyP

Is there a firewall between them or NAT?

Ace

 

[JohnnyP]

I can confirm that they are not AD integrated zones, but I think the
original zone, on the internal server, may have been AD integrated in
the past. The actual primary has been moved to a 2K3 server that is
not yet a DC as we haven't prep'd our 2K domain yet. It was originally
on our 2K DC that is now a 2ndary and soon to be rebuilt as part of an
upgrade process once the domain is prep'd and upgraded to 2K3.

There is a firewall between the two servers in the sense that they hang
of seperate ports. There is no NAT between them.

Cheers

JohnnyP

 

[Ace Fekay [MVP]]

In

I can confirm that they are not AD integrated zones, but I think the
original zone, on the internal server, may have been AD integrated in
the past. The actual primary has been moved to a 2K3 server that is
not yet a DC as we haven't prep'd our 2K domain yet. It was
originally on our 2K DC that is now a 2ndary and soon to be rebuilt
as part of an upgrade process once the domain is prep'd and upgraded
to 2K3.

There is a firewall between the two servers in the sense that they
hang of seperate ports. There is no NAT between them.

Cheers

JohnnyP

You can check if the original zone still exists in AD by using ADSI Edit and
looking under the DomainNC context, Microsoft Services, DNS container.

Check the firewall to ensure all ports are opened. DNS transfers require UDP
53.

Ace