Strange Windows 2000 DNS issues
Ok, I have been working on this for a while but haven't found anything about it. My goal was to use Active Directory Integrated DNS. I have a Forest Root Domain Controller with DNS on it and a Child Domain Controller (New Tree) also with DNS on it.
Ok, I have been working on this for a while but haven't found anything about it. My goal was to use Active Directory Integrated DNS. I have a Forest Root Domain Controller with DNS on it and a Child Domain Controller (New Tree) also with DNS on it. I found some conflicting information on how to install this as there are articles that say to only point the DNS server to itself for the DNS IP properties. Well, if you do that then you can't promote the child to a domain controller unless you have DNS server already setup with the proper zone info. So what I did was installed DNS as standard primary for the zone of the Forest Root on the Forest Root server and DNS standard secondary on the Child server. For the Child Tree zone I setup the zone as standard primary on the Child server and standard secondary on the Root Server. I then made sure both were listed in the name servers tab in DNS properties on both server and enabled zone transfers to only those on the name servers list (also enabled notify to those listed). Then I promoted them to domain controllers (obviously root first) and the DNS zone information was properly transfered to eachother. I had everything replicating and working correctly at this point with no event log errors. At this point I figured it would be ok to change the DNS zones to Active Directory Integrated, so I did so and also had no errors. Problem is that when I add a host entry on one server, it never adds it to the other server. I can force replication and never get any errors what so ever, but it for some reason just decides to ignore that little part about replicating DNS. I've tried it with Secure Updates Only and also without requiring secure updates; still doesn't work. Anyone know why? Maybe I installed it totally wrong but it didn't seem to work any other way.... had many a times where replication didn't work at all, even using the default dcpromo stuff. Seems Microsoft documentation on a new tree with a different DNS name is lacking.
I also noticed something else strange, though not sure if this has anything to do with it. Each server changes the Start of Authority entry to itself for every zone, no matter what I put in for it. I figured that the Start of Authority for my Root Domain should be the Root Domain Controller and the Start of the Authority for the Child Tree should be that domain controller. I go in and manually change it on each server, but as soon as I exit and go back to it, each server says it is the Start of Authority for both zones. Please tell me what I'm doing wrong....
I also noticed something else strange, though not sure if this has anything to do with it. Each server changes the Start of Authority entry to itself for every zone, no matter what I put in for it. I figured that the Start of Authority for my Root Domain should be the Root Domain Controller and the Start of the Authority for the Child Tree should be that domain controller. I go in and manually change it on each server, but as soon as I exit and go back to it, each server says it is the Start of Authority for both zones. Please tell me what I'm doing wrong....
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
First
Windows 2000 AD Integrated DNS Servers are all seen as SOA
Second
The problems with your zone transfers ...
Are the DNS servers listed in NAME SERVERS tab, and are they allowed to do ZONE TRANSFERS (Right Click the Forward Lookup Zone to see these settings)
Also are the SERIAL NUMBERS way off?
Third
Secure Updates Only mean that transfers occur only with computers listed in AD.
Its the holidays and my brain is soaking in egg nogg , hope i didnt confuse you more
Windows 2000 AD Integrated DNS Servers are all seen as SOA
Second
The problems with your zone transfers ...
Are the DNS servers listed in NAME SERVERS tab, and are they allowed to do ZONE TRANSFERS (Right Click the Forward Lookup Zone to see these settings)
Also are the SERIAL NUMBERS way off?
Third
Secure Updates Only mean that transfers occur only with computers listed in AD.
Its the holidays and my brain is soaking in egg nogg , hope i didnt confuse you more
First - Good to know... so no problem there.
Second - Yes, I absolutely have both servers listed in the name servers tab and I have the allow zone transfers with only with those servers listed in the named servers selected. (on both servers)
Also I remembered the serial numbers were way off, but then I just checked and some of them are and some aren't now. I have 3 zones: Forest Root Zone - 7 off, Child Tree Zone - 1 off, Reverse Lookup Zone - 112 off. Though none of the changes has been passed on.
Third - Ok, so no problem there either.
Now I guess there is only one problem then.... the DNS entries aren't getting replicated. I am a little confused on the method that is supposed to be used. Should I even need zone transfers? I thought if it is active directory integrated, then it should be replicated with the active directory. Not sure about that.... so I did the zone transfers anyway. BTW, these DCs both have SP3. Does that help to figure out why the DNS info isn't replicating? Thanks.
Second - Yes, I absolutely have both servers listed in the name servers tab and I have the allow zone transfers with only with those servers listed in the named servers selected. (on both servers)
Also I remembered the serial numbers were way off, but then I just checked and some of them are and some aren't now. I have 3 zones: Forest Root Zone - 7 off, Child Tree Zone - 1 off, Reverse Lookup Zone - 112 off. Though none of the changes has been passed on.
Third - Ok, so no problem there either.
Now I guess there is only one problem then.... the DNS entries aren't getting replicated. I am a little confused on the method that is supposed to be used. Should I even need zone transfers? I thought if it is active directory integrated, then it should be replicated with the active directory. Not sure about that.... so I did the zone transfers anyway. BTW, these DCs both have SP3. Does that help to figure out why the DNS info isn't replicating? Thanks.
I just double checked the hosts and lmhosts file. I haven't changed anything for these as it has the standard localhost entry and there is no lmhosts file. This is very strange... I just can't believe that there is nothing in the event log about it.... it just doesn't replicate the data. I appreciate the help!
http://support.microsoft.com/default.aspx?scid=KB;en-us;q287156
(Troubleshooting Windows 2000 Domain Name System Dynamic Update Problems)
http://support.microsoft.com/default.aspx?scid=KB;en-us;q298448
(Windows 2000 DNS and AD Tech Resources)
http://www.serverwatch.com/tutorials/article.php/1476601
(Windows 2000 DNS Troubleshooting)
Links to start with .....
Zone SERIALS should be in diferences of 1 at the most. I believe though in DNS AD mode, they should all be equal (?) until a change is made in the DNS table. I would also start using NSLOOKUP and DNSCMD to start troubleshooting.
Happy Holidays n G'Luck
APK, yeah you could say I have some sort of experience with Microsoft products
(Troubleshooting Windows 2000 Domain Name System Dynamic Update Problems)
http://support.microsoft.com/default.aspx?scid=KB;en-us;q298448
(Windows 2000 DNS and AD Tech Resources)
http://www.serverwatch.com/tutorials/article.php/1476601
(Windows 2000 DNS Troubleshooting)
Links to start with .....
Zone SERIALS should be in diferences of 1 at the most. I believe though in DNS AD mode, they should all be equal (?) until a change is made in the DNS table. I would also start using NSLOOKUP and DNSCMD to start troubleshooting.
Happy Holidays n G'Luck
APK, yeah you could say I have some sort of experience with Microsoft products
Well quite honestly, its one of those "give back to the community" kind of deals. I remember coming to ntcompatible back when Windows 2000 went from Beta 3 to RC1 and I needed help with my old school Voodoo2 to do some GLIDE. And I have always returned for more
Other than that I have always appreciated the "professionalism" (not to sound uptight and IBM-ish, if ya know what I mean ) of the site and its forums.
And the reason I know a "tad" about QoS is that I am engineering a WLAN for a college. And I need to distribute a secure multimedia multicast to numerous heterogenous wireless devices (its ok to laugh at me for that one, I did)
Well thats DS3Circuit and his story ... thank you for welcoming me to NTcompatible forums APK, I'm sure we will learn alot from each other.
Other than that I have always appreciated the "professionalism" (not to sound uptight and IBM-ish, if ya know what I mean ) of the site and its forums.
And the reason I know a "tad" about QoS is that I am engineering a WLAN for a college. And I need to distribute a secure multimedia multicast to numerous heterogenous wireless devices (its ok to laugh at me for that one, I did)
Well thats DS3Circuit and his story ... thank you for welcoming me to NTcompatible forums APK, I'm sure we will learn alot from each other.