Andrew said:
I have a domain with Win2k and Win2003 domain controllers.
I would like the Forward Lookup Zones to replicate between the DNS
servers in the domain. My Forward Lookup Zones are all
Active-Directory Integrated. I would have thought they would replicate
automatically.
They will IF AD replicates.
NOTICE though that although it is legal to replicate additional
'zones' the zone that supports AD is usually the one you need to
focus upon -- and every zone is integrated or not into AD separately.
Is there an easy way of doing this, because I've checked the Microsoft
website, and it all seems very complicated.
No, it is very simple with one serious "gotcha" -- you must have
a consistent and complete DNS BEFORE you try to integrate the
"2nd" (or subsequent) DNS server.
AD is dependent on DNS -- if you have an inconsistent set of
DNS servers for the zone supporting the domain and integrate
it into AD you make them each dependent on the other before
AD can replicate correctly.
You may need to point the "2nd" DC/DNS server to just one
of their number UNTIL you can get AD fully replicated.
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server
C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
