Strange Windows 2000 DNS issues

Ok, I have been working on this for a while but haven't found anything about it. My goal was to use Active Directory Integrated DNS. I have a Forest Root Domain Controller with DNS on it and a Child Domain Controller (New Tree) also with DNS on it.

Windows Networking 2246 This topic was started by ,


data/avatar/default/avatar40.webp

8 Posts
Location -
Joined 2002-12-26
Ok, I have been working on this for a while but haven't found anything about it. My goal was to use Active Directory Integrated DNS. I have a Forest Root Domain Controller with DNS on it and a Child Domain Controller (New Tree) also with DNS on it. I found some conflicting information on how to install this as there are articles that say to only point the DNS server to itself for the DNS IP properties. Well, if you do that then you can't promote the child to a domain controller unless you have DNS server already setup with the proper zone info. So what I did was installed DNS as standard primary for the zone of the Forest Root on the Forest Root server and DNS standard secondary on the Child server. For the Child Tree zone I setup the zone as standard primary on the Child server and standard secondary on the Root Server. I then made sure both were listed in the name servers tab in DNS properties on both server and enabled zone transfers to only those on the name servers list (also enabled notify to those listed). Then I promoted them to domain controllers (obviously root first) and the DNS zone information was properly transfered to eachother. I had everything replicating and working correctly at this point with no event log errors. At this point I figured it would be ok to change the DNS zones to Active Directory Integrated, so I did so and also had no errors. Problem is that when I add a host entry on one server, it never adds it to the other server. I can force replication and never get any errors what so ever, but it for some reason just decides to ignore that little part about replicating DNS. I've tried it with Secure Updates Only and also without requiring secure updates; still doesn't work. Anyone know why? Maybe I installed it totally wrong but it didn't seem to work any other way.... had many a times where replication didn't work at all, even using the default dcpromo stuff. Seems Microsoft documentation on a new tree with a different DNS name is lacking.
 
I also noticed something else strange, though not sure if this has anything to do with it. Each server changes the Start of Authority entry to itself for every zone, no matter what I put in for it. I figured that the Start of Authority for my Root Domain should be the Root Domain Controller and the Start of the Authority for the Child Tree should be that domain controller. I go in and manually change it on each server, but as soon as I exit and go back to it, each server says it is the Start of Authority for both zones. Please tell me what I'm doing wrong....

Participate on our website and join the conversation

You have already an account on our website? Use the link below to login.
Login
Create a new user account. Registration is free and takes only a few seconds.
Register
This topic is archived. New comments cannot be posted and votes cannot be cast.

Responses to this topic


data/avatar/default/avatar01.webp

738 Posts
Location -
Joined 2002-12-11
First
 
Windows 2000 AD Integrated DNS Servers are all seen as SOA
 
Second
 
The problems with your zone transfers ...
 
Are the DNS servers listed in NAME SERVERS tab, and are they allowed to do ZONE TRANSFERS (Right Click the Forward Lookup Zone to see these settings)
 
Also are the SERIAL NUMBERS way off?
 
Third
 
Secure Updates Only mean that transfers occur only with computers listed in AD.
 
Its the holidays and my brain is soaking in egg nogg , hope i didnt confuse you more

data/avatar/default/avatar40.webp

8 Posts
Location -
Joined 2002-12-26
OP
First - Good to know... so no problem there.
 
Second - Yes, I absolutely have both servers listed in the name servers tab and I have the allow zone transfers with only with those servers listed in the named servers selected. (on both servers)
 
Also I remembered the serial numbers were way off, but then I just checked and some of them are and some aren't now. I have 3 zones: Forest Root Zone - 7 off, Child Tree Zone - 1 off, Reverse Lookup Zone - 112 off. Though none of the changes has been passed on.
 
Third - Ok, so no problem there either.
 
Now I guess there is only one problem then.... the DNS entries aren't getting replicated. I am a little confused on the method that is supposed to be used. Should I even need zone transfers? I thought if it is active directory integrated, then it should be replicated with the active directory. Not sure about that.... so I did the zone transfers anyway. BTW, these DCs both have SP3. Does that help to figure out why the DNS info isn't replicating? Thanks.

data/avatar/default/avatar40.webp

8 Posts
Location -
Joined 2002-12-26
OP
I just double checked the hosts and lmhosts file. I haven't changed anything for these as it has the standard localhost entry and there is no lmhosts file. This is very strange... I just can't believe that there is nothing in the event log about it.... it just doesn't replicate the data. I appreciate the help!

data/avatar/default/avatar01.webp

738 Posts
Location -
Joined 2002-12-11
http://support.microsoft.com/default.aspx?scid=KB;en-us;q287156
(Troubleshooting Windows 2000 Domain Name System Dynamic Update Problems)
 
http://support.microsoft.com/default.aspx?scid=KB;en-us;q298448
(Windows 2000 DNS and AD Tech Resources)
 
http://www.serverwatch.com/tutorials/article.php/1476601
(Windows 2000 DNS Troubleshooting)
 
Links to start with .....
 
Zone SERIALS should be in diferences of 1 at the most. I believe though in DNS AD mode, they should all be equal (?) until a change is made in the DNS table. I would also start using NSLOOKUP and DNSCMD to start troubleshooting.
 
Happy Holidays n G'Luck
 
APK, yeah you could say I have some sort of experience with Microsoft products

data/avatar/default/avatar01.webp

738 Posts
Location -
Joined 2002-12-11
Well quite honestly, its one of those "give back to the community" kind of deals. I remember coming to ntcompatible back when Windows 2000 went from Beta 3 to RC1 and I needed help with my old school Voodoo2 to do some GLIDE. And I have always returned for more
 
Other than that I have always appreciated the "professionalism" (not to sound uptight and IBM-ish, if ya know what I mean ) of the site and its forums.
 
And the reason I know a "tad" about QoS is that I am engineering a WLAN for a college. And I need to distribute a secure multimedia multicast to numerous heterogenous wireless devices (its ok to laugh at me for that one, I did)
 
Well thats DS3Circuit and his story ... thank you for welcoming me to NTcompatible forums APK, I'm sure we will learn alot from each other.