Records deleted from DNS primary didn't get updated on DNS Secondary

  • Thread starter Thread starter Marlon Brown
  • Start date Start date
M

Marlon Brown

In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).

Recently I noticed that a host record that was deleted from the Primary DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.

My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?

b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ? I noticed that is not the case and
it queried the DNS secondary too.
 
Marlon Brown said:
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).

Recently I noticed that a host record that was deleted from the Primary DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.
Click to expand...

That is not surprising -- fairly normal.
My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?
Click to expand...

Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.
b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ?
Click to expand...

That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.

[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]
I noticed that is not the case and
it queried the DNS secondary too.
Click to expand...

Yes.

And you are alway free to specify which to use
when running NSLookp:

nslookup name.domain.com 192.168.50.1

nslookup name.domain.com 192.168.50.2
[/QUOTE]
 
Darn. I see that the server that is supposed to the primary DNS has a serial
number = 3682189.

The one that is the secondary is = 3682190.

That means the serial number of the primary is lower than the Secondary. In
order to fix this, can I just increment the "primary" serial number to
perhaps, 3682191 ?


Let's see
Herb Martin said:
Marlon Brown said:
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).

Recently I noticed that a host record that was deleted from the Primary DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.
Click to expand...

That is not surprising -- fairly normal.
My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?
Click to expand...

Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.
b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ?
Click to expand...

That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.

[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]
I noticed that is not the case and
it queried the DNS secondary too.
Click to expand...

Yes.

And you are alway free to specify which to use
when running NSLookp:

nslookup name.domain.com 192.168.50.1

nslookup name.domain.com 192.168.50.2
Click to expand...
[/QUOTE]
 
Marlon Brown said:
Darn. I see that the server that is supposed to the primary DNS has a serial
number = 3682189.

The one that is the secondary is = 3682190.

That means the serial number of the primary is lower than the Secondary. In
order to fix this, can I just increment the "primary" serial number to
perhaps, 3682191 ?
Click to expand...

Yes. Normally it takes care of this for you if
you use the GUI. It usually only happens if you
mess with the FILES or do a restore from backup.

(Or goof around with the secondary serial number.)

--
Herb Martin

Let's see
Herb Martin said:
Marlon Brown said:
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).

Recently I noticed that a host record that was deleted from the
Click to expand...
Primary
DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.
Click to expand...

That is not surprising -- fairly normal.
My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?
Click to expand...

Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.
b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ?
Click to expand...

That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.

[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]
I noticed that is not the case and
it queried the DNS secondary too.
Click to expand...

Yes.

And you are alway free to specify which to use
when running NSLookp:

nslookup name.domain.com 192.168.50.1

nslookup name.domain.com 192.168.50.2
Click to expand...
Click to expand...
[/QUOTE]
 
Hmmm... but let's see here. Isn't the serial# the one that controls if the
zones will get transferred to the secondary DNS server ? I mean, if the
secondary has a number higher than the primary, that could be because there
is no need to transfer zones at given time. Therefore this not necessarily a
malfunction, but rather a normal behavior ?

Herb Martin said:
Marlon Brown said:
Darn. I see that the server that is supposed to the primary DNS has a serial
number = 3682189.

The one that is the secondary is = 3682190.

That means the serial number of the primary is lower than the Secondary. In
order to fix this, can I just increment the "primary" serial number to
perhaps, 3682191 ?
Click to expand...

Yes. Normally it takes care of this for you if
you use the GUI. It usually only happens if you
mess with the FILES or do a restore from backup.

(Or goof around with the secondary serial number.)

--
Herb Martin

Let's see
Herb Martin said:
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).

Recently I noticed that a host record that was deleted from the Primary
DNS
server and still remained in the Secondary DNS server. Then I did a
NSLOOKUP
from a workstation and sporadically the record appeared as existing. I
mean,
NSLOOKUP sometimes gathered that host record information from the
secondary
DNS server then.

That is not surprising -- fairly normal.

My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS
primary/secondary
server model ?

Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.

b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ?

That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.

[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]

I noticed that is not the case and
it queried the DNS secondary too.

Yes.

And you are alway free to specify which to use
when running NSLookp:

nslookup name.domain.com 192.168.50.1

nslookup name.domain.com 192.168.50.2
Click to expand...
Click to expand...
Click to expand...
 
Marlon Brown said:
Hmmm... but let's see here. Isn't the serial# the one that controls if the
zones will get transferred to the secondary DNS server ? I mean, if the
secondary has a number higher than the primary, that could be because there
is no need to transfer zones at given time. Therefore this not necessarily a
malfunction, but rather a normal behavior ?
Click to expand...

No, it is almost always wrong.

If the zones transferred correctly the numbers
would be EQUAL.

Then the next time a change happened on the
primary it would transfer since Primary would
increment by 1.
 
Back
Top