Zone "Disappears"

  • Thread starter Thread starter Charlie
  • Start date Start date
C

Charlie

I have a DC/DNS server in a child domain that has been
delegated authority for said child domain's (active
directory-integrated) zone. I also have the child domain
DNS server running as a secondary of the parent domain's
zone, rather than simply forwarding to the parent DNS
server.
Everything seems to work except that the secondary zone
just disappears when I reboot the server. There are no
event log messages on the child DC/DNS or the parent.
Does this make sense?
Thanks.
 
In
Charlie said:
I have a DC/DNS server in a child domain that has been
delegated authority for said child domain's (active
directory-integrated) zone. I also have the child domain
DNS server running as a secondary of the parent domain's
zone, rather than simply forwarding to the parent DNS
server.
Everything seems to work except that the secondary zone
just disappears when I reboot the server. There are no
event log messages on the child DC/DNS or the parent.
Does this make sense?
Thanks.

Remove the secondary of the parent in the child zone. That is why the child
zone is probably disappearing because it believes it's a child of the parent
sedonary zone.

Proper delegation involves delegating to the child domain's DNS server, then
in the child domain's DNS server, forward back to the parent. From the
parent, forward to the ISP. They are the basic rules of delegation.

For more information:
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Delegating zones - Glue records and glue chasing:
http://www.microsoft.com/technet/tr...oddocs/server/sag_DNS_imp_DelegatingZones.asp

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
-----Original Message-----
In Charlie <[email protected]> posted their thoughts, then I
offered mine

Remove the secondary of the parent in the child zone. That is why the child
zone is probably disappearing because it believes it's a child of the parent
sedonary zone.

Proper delegation involves delegating to the child domain's DNS server, then
in the child domain's DNS server, forward back to the parent. From the
parent, forward to the ISP. They are the basic rules of delegation.

For more information:
255248 - HOW TO Create a Child Domain in Active Directory and Delegate the
DNS Namespace to the Child Domain:
http://support.microsoft.com/?id=255248

Delegating zones - Glue records and glue chasing:
http://www.microsoft.com/technet/treeview/default.asp? url=/technet/prodtechnol/windowsserver2003/proddocs/server/
sag_DNS_imp_DelegatingZones.asp

Hope that helps.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================


.
Yes, I thought this might be unrelated to my other post,
but maybe not.

First of all, it is the secondary copy of the parent zone
that disappears from the child domain DNS/DC, not the
child zone. To rule out a problem with the DNS service or
Windows on the child DNS/DC I created a secondary of an AD-
integrated zone from outside the forest (I have a test
W2K3 forest that I was able to use). That secondary zone
did not disappear, which suggests the problem is related
to the method I have used.

That said, here is what I am afraid will happen if I try
to forward to the parent DNS: I won't be able to use an
on-demand VPN tunnel because there will be no way of
establishing the connection. Each office has one public
IP address assigned by the ISP on the Internet-facing
router interface, internally I use private IP addresses.
The public IP addresses are not static. I rely on DDNS
records for resolving to the correct public address. So
as far as I can see I would be caught in a catch 22 when
the child DNS tries to make the connection to the parent
DNS. In any case, it seems like a persistent connection
would be needed since the child DSN would constantly be
forwarding to the parent if I have users connecting to the
Internet a lot.

I guess it would be nice to be able to upgrade to W2K3
because I would be able to take advantage of conditional
forwarding. I could forward to the parent DNS just for
the parent zone and to the ISP DNS for everything on the
Web. I assume that would solve the problem.
For now, it looks like I need a persistent VPN connection
which I can establish from the parent. I guess I just
don't like that idea.
Thanks.
 
In
Charlie said:
First of all, it is the secondary copy of the parent zone
that disappears from the child domain DNS/DC, not the
child zone. To rule out a problem with the DNS service or
Windows on the child DNS/DC I created a secondary of an AD-
integrated zone from outside the forest (I have a test
W2K3 forest that I was able to use). That secondary zone
did not disappear, which suggests the problem is related
to the method I have used.

That said, here is what I am afraid will happen if I try
to forward to the parent DNS: I won't be able to use an
on-demand VPN tunnel because there will be no way of
establishing the connection. Each office has one public
IP address assigned by the ISP on the Internet-facing
router interface, internally I use private IP addresses.
The public IP addresses are not static. I rely on DDNS
records for resolving to the correct public address. So
as far as I can see I would be caught in a catch 22 when
the child DNS tries to make the connection to the parent
DNS. In any case, it seems like a persistent connection
would be needed since the child DSN would constantly be
forwarding to the parent if I have users connecting to the
Internet a lot.

I guess it would be nice to be able to upgrade to W2K3
because I would be able to take advantage of conditional
forwarding. I could forward to the parent DNS just for
the parent zone and to the ISP DNS for everything on the
Web. I assume that would solve the problem.
For now, it looks like I need a persistent VPN connection
which I can establish from the parent. I guess I just
don't like that idea.
Thanks.

In a business scenario, that is the proper way. It does cost more, but
you're paying for needed services to ensure productivity. Kind of the old
saying, 'you get what you pay for'.

As for the zone disappearing, like I said, I believe it;s based on the fact
that the zone is basically the same as the other zone in the same tree.

Don;t really need conditional forwarding in a delegation scenario. Just
forward everything to the root. This way it will resolce other child domains
(if you have any). The root forwards to the ISP.

It's basically 'best practices".

:-)

Good luck.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top