DNS zone is erased on primary server when running secondary server
joyo222
network setup:
a single domain, a top-level domain name (it was named this before I got
here), dynamic updates on top-lvl domains are enabled in GPO, I have 2 domain
controllers, and both were running DNS. Everything's running pretty
smoothly. No errors pop up on netdiag or dcdiag. But I recently removed the
secondary DNS server & here's why.
Every time I re-booted the DC running the secondary zones, it would list
itself as the Start of Authority instead of the actual DC running
AD-integrated primary zones. Not only that, but MUCH worse, it would
completely erase the zones on the primary DNS server (which is also the PDC &
RID op. master). I had to copy the *.dns files from the secondary zones and
use them to re-create the zones on the primary DNS server. Plus, I had to go
to all the servers & restart netlogon to get things semi- back to normal. I
ended up just removing the secondary DNS server for now until I can figure
out what it's doing.
There must be something messed up somewhere inside my AD, but I can't think
of where to look to fix this. All of my SRV records appear to be correct.
The only thing I can think of is that the DC running the secondary DNS server
was actually the 1st DC in the domain. I'm trying to phase it out &
eventually replace it because the box is about 6 yrs old. But could that be
why it's replacing itself as the SOA upon reboot?
Also, I haven't yet experimented w/ putting DNS on a non-DC member server
(that might be one solution to this weirdness).
Thanks in advance for any help, and please let me know if I can post any
more info to help w/ the diagnosis!
Todd J Heron
Your symptons indicate the secondary zone must have been named the same name
as the AD-integrated zone for the domain name. You cannot make a secondary
zone of an AD-Integarted Primary zone. When you do that, it erases all the
DNS data inside the AD-integrated zone name. As to why it is listing itself
as SOA, not usre. I would uninstall DNS from it as a start to
troubleshooting, and enure only AD-Integarted DNS servers are listing
themselves as the SOA.
--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights
Todd J Heron
from it as a start to troubleshooting, and ensure only AD-Integrated DNS
Todd J Heron
"cancelled" those messages uploaded to the Microsoft news server.
The creation of the secondary zone with the same name as the AD-integrated
deleted the data inside the AD-integrated zone. This new secondary zone
replicated through AD effectively overwriting the existing zone data (the A
records, etc...). If this secondary zone actually has valid records in it,
and is pointing to itself as for it's 'Preferred DNS server' under TCP/IP
properties, then convert it into AD-integrated, and leave it alone for a
while (let it "cook"). It should replicate the missing data back to the
other AD/DNS servers since it has a greater serial number.
joyo222
"Todd J Heron" wrote:
Great, thanks for the info. So...if I want to make my 2nd DC a DNS server
as well for redundancy, I need to make the forward zone on it an
AD-integrated primary zone w/ the same name? Or, I need to make it a
secondary zone w/ a different name? Sorry for the confusion, but I'm still
learning.
Todd J Heron
news:49BBE31D-621E-436E...@microsoft.com...
>So...if I want to make my 2nd DC a DNS server as well for redundancy, I
>need to make the forward zone on it an
>AD-integrated primary zone w/ the same name? Or, I need to make it a
>secondary zone w/ a different name? Sorry for the >confusion, but I'm
>still learning.
For new servers, if it's a DC already, just install the DNS service. You
don't configure anything becuase the AD-integrated zone on it will
automagically populate with records after a few minutes.
Kevin D. Goodknecht Sr. [MVP]
joyo222 <joy...@discussions.microsoft.com> posted this:
If the zone is AD integrated on one DC, it will be AD integrated on all DCs.
You can't have a AD integrated zone on one DC and a secondary zone of the
same name on another.
All AD integrated zones will list themselves on the SOA record as the
primary. This is because all AD integrated zones are master zones.
Delete the secondary zone, and let the AD integraed replicate to your second
DC. Don't create the zone on the second DC as either a secondary, primary or
AD integrated. If you will give it about thirty minutes or less the zone
will replicate without further action from you.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================