SOA - Problem or Not?

  • Thread starter Thread starter -=gu=-
  • Start date Start date
G

-=gu=-

Hello,

I think this is a problem, please help if you can.
I work for a company that has 1 site and 3 DCs. Each one
is also a DNS server. The Forward Lookup Zone for the
domainname.com zone is AD integrated and resides on all 3
servers.
Regular internal users are fine. However some VPN users
get a 53 error when running a batch file that maps their
drives using the net use command. Some vpn'ers can't even
ping servers by name. When I modify the batch file to net
use IP\share (instead of server\share) they are fine, so
I think something's up with my dns.
In any case, all three dns servers say they are the SOA
for the domainname.com zone. I was under the impression
that there was only one SOA per AD integrated zone.
So if there should only be one SOA, and I want it on
ServerA, how do I safely remove the domainname.com zones
from Servers B & C? I'm afraid that if I delete the zone
from them, it will replicate the deletion to ServerA and
then I'll really be hosed.
I have found in the registry where the zone information
resides. Is that where I should delete them on B and C?
Should I delete those keys?
Perhaps though I'm all wet and all three should be the
SOA, but I don't think so. Help?
Thanks! -=gu=-
 
In
-=gu=- said:
Hello,

I think this is a problem, please help if you can.
I work for a company that has 1 site and 3 DCs. Each one
is also a DNS server. The Forward Lookup Zone for the
domainname.com zone is AD integrated and resides on all 3
servers.
Regular internal users are fine. However some VPN users
get a 53 error when running a batch file that maps their
drives using the net use command. Some vpn'ers can't even
ping servers by name. When I modify the batch file to net
use IP\share (instead of server\share) they are fine, so
I think something's up with my dns.
In any case, all three dns servers say they are the SOA
for the domainname.com zone. I was under the impression
that there was only one SOA per AD integrated zone.
So if there should only be one SOA, and I want it on
ServerA, how do I safely remove the domainname.com zones
from Servers B & C? I'm afraid that if I delete the zone
from them, it will replicate the deletion to ServerA and
then I'll really be hosed.
I have found in the registry where the zone information
resides. Is that where I should delete them on B and C?
Should I delete those keys?
Perhaps though I'm all wet and all three should be the
SOA, but I don't think so. Help?
Thanks! -=gu=-
Click to expand...

An Active Directory DNS zone will always use the DNS name of the DC it is on
as SOA primary name server. This is how the multi-master behavior of Active
Directory works, each DC is a master.
 
In
-=gu=- said:
Hello,

I think this is a problem, please help if you can.
I work for a company that has 1 site and 3 DCs. Each one
is also a DNS server. The Forward Lookup Zone for the
domainname.com zone is AD integrated and resides on all 3
servers.
Regular internal users are fine. However some VPN users
get a 53 error when running a batch file that maps their
drives using the net use command. Some vpn'ers can't even
ping servers by name. When I modify the batch file to net
use IP\share (instead of server\share) they are fine, so
I think something's up with my dns.
In any case, all three dns servers say they are the SOA
for the domainname.com zone. I was under the impression
that there was only one SOA per AD integrated zone.
So if there should only be one SOA, and I want it on
ServerA, how do I safely remove the domainname.com zones
from Servers B & C? I'm afraid that if I delete the zone
from them, it will replicate the deletion to ServerA and
then I'll really be hosed.
I have found in the registry where the zone information
resides. Is that where I should delete them on B and C?
Should I delete those keys?
Perhaps though I'm all wet and all three should be the
SOA, but I don't think so. Help?
Thanks! -=gu=-
Click to expand...


Don't delete anything. I would suggest for your VPN users to use a HOSTS
file with the necessary internal names and IP addresses. This is pretty much
a known issue with VPN users and the HOSTS file is a work around.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Ace, thanks for your input. I'll try that and post back
the results. BTW, VPN has been working perfectly for
years, it just started doing this on a couple of users
when we purchased all new laptops. So the only changes
were the hardware and going to xp pro instead of 2000 pro.
And it only happens on a handful of users. I can't
recreate the problem at my house, because it works
perfectly for me.
 
In
-=gu=- said:
Ace, thanks for your input. I'll try that and post back
the results. BTW, VPN has been working perfectly for
years, it just started doing this on a couple of users
when we purchased all new laptops. So the only changes
were the hardware and going to xp pro instead of 2000 pro.
And it only happens on a handful of users. I can't
recreate the problem at my house, because it works
perfectly for me.
Click to expand...


Hmm, do you think a virus? The QHOST virus alters the HOSTS file and can
give similar probs. Just conjecture... other than that, not sure.
--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================
 
Back
Top