Version numbers out of sync

  • Thread starter Thread starter William C. Hull
  • Start date Start date
W

William C. Hull

We are kind of new at the DNS business with Microsoft DNS and we are seeing
a situation where we have secondary zones on some servers whose version
numbers are higher than their source zone. If the source zone is supposed
to be the one updated by a change within the zone how is it that the
secondaries are getting versions that are higher. When this happens the
secondaries will not update until the secondary zone is either rebuilt or
the version on the primary is manually adjusted upward.

What I would like to know is what causes this?

Thanks,

Bill
 
In William C. Hull
We are kind of new at the DNS business with Microsoft DNS and we are
seeing a situation where we have secondary zones on some servers
whose version numbers are higher than their source zone. If the
source zone is supposed to be the one updated by a change within the
zone how is it that the secondaries are getting versions that are
higher. When this happens the secondaries will not update until the
secondary zone is either rebuilt or the version on the primary is
manually adjusted upward.

What I would like to know is what causes this?

Thanks,

Bill
Click to expand...

Normally see this with AD Integrated zones and not Primary/Secondaries. Are
your zones AD Integrated? IF so, this is normal since both servers are
registering/changing info, even though the info might be the same, since
it;s re-registering but the data didn';t change but the version appears it
has.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Ace,

Thanks for the reply. Yes, we basically almost all of our zones that are
Primary are also Active Directory Integrated with secondaries on other
server. I understand how two AD Integrated zones might not have any update
but appear to be updated because active directory is always trying to keep
everything in sync but I still don't understand how the secondaries get
HIGHER numbers then the primaries. I thought that was the whole point.
Primaries get updated and then the secondaries get updated during a zone
transfer. Since secondaries are supposed to come from a primary then it
seems logical that the version number of the secondaries would be no higher
than the highest numbered primary. Our secondaries get higher than the
primaries and then they become stale as zone transfers won't work because of
the higher version number. Increase the version number on the primaries to
one more than the highest secondaries version and zone transfers resume.

Bill


"Ace Fekay [MVP]"
 
In William C. Hull
Ace,

Thanks for the reply. Yes, we basically almost all of our zones that
are Primary are also Active Directory Integrated with secondaries on
other server. I understand how two AD Integrated zones might not
have any update but appear to be updated because active directory is
always trying to keep everything in sync but I still don't understand
how the secondaries get HIGHER numbers then the primaries. I thought
that was the whole point. Primaries get updated and then the
secondaries get updated during a zone transfer. Since secondaries
are supposed to come from a primary then it seems logical that the
version number of the secondaries would be no higher than the highest
numbered primary. Our secondaries get higher than the primaries and
then they become stale as zone transfers won't work because of the
higher version number. Increase the version number on the primaries
to one more than the highest secondaries version and zone transfers
resume.

Bill
Click to expand...
That's strange.

This is the only info I have on it, but just applies to AD Integrated. Maybe
someone else may have some more info for you.

282826 - Active Directory-Integrated DNS Zone Serial Number Behavior [zone
version numbers drift and are different]:
http://support.microsoft.com/?id=282826


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
William,
How many domain controllers are the primary zones replicating between?
Is it possible that DNS server A gets a dozen updates on the primary zone,
notifies secondary server B which updates the records and version number,
and then a few minutes later the data from primary server A is replicated to
primary server C and in the meantime you compared the version number between
B and C?

(I am also checking to see if we have any other known issues.)

--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MVP]"
In William C. Hull
<[email protected]> posted their
thoughts, then I offered mine
Ace,

Thanks for the reply. Yes, we basically almost all of our zones that
are Primary are also Active Directory Integrated with secondaries on
other server. I understand how two AD Integrated zones might not
have any update but appear to be updated because active directory is
always trying to keep everything in sync but I still don't understand
how the secondaries get HIGHER numbers then the primaries. I thought
that was the whole point. Primaries get updated and then the
secondaries get updated during a zone transfer. Since secondaries
are supposed to come from a primary then it seems logical that the
version number of the secondaries would be no higher than the highest
numbered primary. Our secondaries get higher than the primaries and
then they become stale as zone transfers won't work because of the
higher version number. Increase the version number on the primaries
to one more than the highest secondaries version and zone transfers
resume.

Bill
Click to expand...
That's strange.

This is the only info I have on it, but just applies to AD Integrated. Maybe
someone else may have some more info for you.

282826 - Active Directory-Integrated DNS Zone Serial Number Behavior [zone
version numbers drift and are different]:
http://support.microsoft.com/?id=282826


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...
 
Michael,

Thanks for the reply.

Pretty much we have two DC's that are running the primary active directory
integrated zones and perhaps 3 secondaries. I think I understand what you
are saying however it just doesn't seem to fit here. My two primaries are
pretty much in sync with each other version wise but the secondary, when it
is out of wack is generally significantly off. Also, and this is the part I
don't understand so help me out here, it was my thought that a secondary
zone did not increment the version number only accept the version number of
the primary zone that performed the zone transfer. I also thought that
during a zone transfer the secondary zone would only accept a transfer from
a zone containing a higher version.

Part of the problem is that we never seem to know when things get out of
sync. I had one zone today that the was off by at least 50 versions numbers
from the two primaries and the primaries were almost in sync with each
other. The odd part is that the version numbers of the secondaries are
always higher then the primaries.

Any help would be appreciated.

Bill



Michael Snyder said:
William,
How many domain controllers are the primary zones replicating between?
Is it possible that DNS server A gets a dozen updates on the primary zone,
notifies secondary server B which updates the records and version number,
and then a few minutes later the data from primary server A is replicated to
primary server C and in the meantime you compared the version number between
B and C?

(I am also checking to see if we have any other known issues.)

--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.

"Ace Fekay [MVP]"
In William C. Hull
<[email protected]> posted their
thoughts, then I offered mine
Ace,

Thanks for the reply. Yes, we basically almost all of our zones that
are Primary are also Active Directory Integrated with secondaries on
other server. I understand how two AD Integrated zones might not
have any update but appear to be updated because active directory is
always trying to keep everything in sync but I still don't understand
how the secondaries get HIGHER numbers then the primaries. I thought
that was the whole point. Primaries get updated and then the
secondaries get updated during a zone transfer. Since secondaries
are supposed to come from a primary then it seems logical that the
version number of the secondaries would be no higher than the highest
numbered primary. Our secondaries get higher than the primaries and
then they become stale as zone transfers won't work because of the
higher version number. Increase the version number on the primaries
to one more than the highest secondaries version and zone transfers
resume.

Bill
Click to expand...
That's strange.

This is the only info I have on it, but just applies to AD Integrated. Maybe
someone else may have some more info for you.

282826 - Active Directory-Integrated DNS Zone Serial Number Behavior [zone
version numbers drift and are different]:
http://support.microsoft.com/?id=282826


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
Click to expand...
Click to expand...
 
William,
In W2k, over various service packs we have fixed several bugs involving
serial numbers. Are all of your DCs and secondaries running the latest
service pack?

If so, we would like to investigate more to understand and solve any
remaining problems that we have with serial numbers.

As far as secondary operation, you are correct, I wasn't thinking through
the operation clearly. If your secondary zone has a higher number than any
of your primary zones, there is a bug.

To monitor things, you could set up a script that targets important zones on
each server and then compares the Serial Number values.
dnscmd <server name> /enumrecords <zone name> . /Type SOA

--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.

"William C. Hull"
 
Michael,

I believe we are at SP3 for Windows 2000. We have not applied SP4 because
we are in roll out of our Active Directory domain environment and did not
want to muddy the water by having to regression test everything with a new
SP. If there is a fix in SP 4 that addresses this issue then perhaps I can
change minds. I would pretty much need to have some sort of reference to a
fix to do this though. Is there is something in SP4 was there a separate
hot fix that could be applied? I would probably have a better chance with
an unsupported hot fix specific to DNS then the full release.

Bill

P.S. Sort of off the subject but are you aware of any issues relating to
DHCP where the DHCP database gets out a whack? We recently ran a
verification of all of our scopes and found that may had were out of whack
and we had to reconcile them which added dummy address record for IP
addresses to the database. We have been running complete verifications more
frequently now on our database and it is still getting out of whack and we
don't have a clue as to why. We have been working with a consultant on this
and he has reported that another client of his firm is having the same
problem down in Tenn.
 
BTW, I am still checking with the server guys on this. Of the top of their
heads, they think that a few issues were fixed in SP4, but they need to look
to make sure and to check if we have hotfixes available. Hopefully should
have an answer for you this week.

--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.
"William C. Hull"
 
Can you set all of your secondary servers to point to just one of your
primary servers? That is the recommended configuration.

After checking, we weren't able to find any known issues in SP3...if you are
still having a problem after making the recommended change (above), we
should add more monitoring to find out what is causing this problem.

Thanks

--
Michael Snyder
Active Directory Admin Tool Test

This posting is provided "AS IS" with no warranties, and confers no rights.
"William C. Hull"
 
Back
Top