Re: [ActiveDir] DNS zones expiring

[Al Mulnick]

I've seen that work Ok if used with forwarding.  I think I'd prefer stub zones though.

On 9/15/06, HBooGz <[EMAIL PROTECTED] > wrote:

Thanks Al.

I will monitor the link and check to see if any latency or packet loss occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns delgation ?

On 9/15/06, Al Mulnick < [EMAIL PROTECTED]> wrote:

>From what I've seen, the timeout can also be attributed to the transfer failing for whatever reason.  If, during the transfer the entire zone is not copied, then you hit an error.

This sounds like some network issues or you're behind in your patching.  Have you verified that there are no network issues going on?  Maybe a saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers.  In my case they were network related, but it's odd that they drop and don't come back.  Might be a good time to verify that your patches are up to date on those machines.

On 9/15/06, HBooGz < [EMAIL PROTECTED]> wrote:

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works as it should.

I have the "allow all servers listed under nameservers" selected for zone transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its own without any pattern and i have to manually reload. Needless to say, not very efficient

I'm open to other ways to architect the DNS structure for a single parent with single child.

what are the "recommended" steps for this type of DNS setup ? Domain delgation ? all AD-integrated ?

On 9/14/06, Akomolafe, Deji < [EMAIL PROTECTED]> wrote:

Here's what I'd do:

 

Ensure that there is no NATting going on between the 2 DNS servers. Verify this by doing something like "telnet PrimaryDNSServer 53" from the secondary server and then going to the Primary server and doing "netstat |find ":53" and making sure that you could see the real IP address of the secondary server on the list.

 

If that checks out, then I'd:

Go to the DNS console on the Primary server and verify that the secondary server is on the list of servers allowed to transfer that particular zone.

 

If that checks out, then I'd:

Attempt a manual transfer at the secondary server by going to the DNS console on the secondary server, right-clicking on the zone and selecting "Reload from master" first. If that fails, then I'd try "Transfer from master".

 

If that fails, then I'd pray very hard.... then enable DNS logging ..... then pray some more and open up the log file after a while. Then I'd post back here with whatever is interesting.

 

Sincerely,
   _____                               
  (, /  |  /)               /)     /)  
    /---| (/_  ______   ___// _   //  _
 ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/                             /)     
                               (/      
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

---

From: HBooGz
Sent: Thu 9/14/2006 2:14 PM

To: ActiveDir@mail.activedir.org

Subject: Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily...=)

Event Type:    Error
Event Source:    DNS
Event Category:    None
Event ID:    6527
Date:        9/14/2006
Time:        10:08:04 AM
User:        N/A
Computer:    PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .

On 9/14/06, Akomolafe, Deji < [EMAIL PROTECTED]> wrote:

I guess if you have "Widows", then someone must have "expired" :)[1]

 

What is the exact error message?

 

[1] Please don't take offense. I'm just in a laughing mood :)

 

Sincerely,
   _____                               
  (, /  |  /)               /)     /)  
    /---| (/_  ______   ___// _   //  _
 ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/                             /)     
                               (/      
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

---

From: HBooGz
Sent: Thu 9/14/2006 8:12 AM

To: mailto:ActiveDir@mail.activedir.org

Subject: [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated). On the parent Domain Controllers/DNS servers i've added that zone as a secondary zone. I've noticed this dns setup has worked better for me in the past than a full AD-Integrated setup. After migrating over to Widows 2003, every day i get an event log message on the parent DNS server log indicating that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,


--
HBooGz:\>

--
HBooGz:\>

--

HBooGz:\>

--

HBooGz:\>