I inherited a 2003 Domain with 2 sites and 1 Child Domain. I quickly
discovered that DNS was not set up properly. Instead of creating one zone
for our entire public domain, and then creating Host records for WWW, MAIL,
FTP, etc, there was a Forward Lookup Zone for each Host, and then a Host
record for that Host in it's own personal Forward Lookup Zone.

While this technically worked, it annoyed me. I deleted all of the Zones,
and then created one Zone for our Public Domain. I then created Host A
records for each host within this Zone. Everything worked fine...for about 3
months.

All of a sudden no one internally could access any of our public hosts. I
checked DNS and was surprised to discover that the old DNS zones that I
deleted had mysteriously reappeared. When I clicked one of them I recieved an
error.."The Zone is not loaded by DNS". I deleted the zones, and everything
stared working fine....for about 3 months. It has happened roughly every 3
months for almost a year now.

Background

Root Domain
2003 Native with 3 DC's.
1 DC resides in seperate Site seperated by a WAN link.
Local DNS is Active Directory Integrated replicating with Entire Forest.
Public DNS is AD Integrated replicating with the Root Domain Only.
When the Zones reappear, they only show up in this Domain. Child Domain is
not affected.

Child Domain
Is not affected by issue. They have their own Public Name Space and do not
use ours.
Local DNS is AD Integrated, replicating with Entire Forest.

There are no errors in the Event Log.

Any insight into this problem would be much appreciated.

In news:A7CBB398-51BB-46CD-8909-E4D3B0F89393@microsoft.com,
Travis <Travis@discussions.microsoft.com> stated, which I commented on
below:
> I inherited a 2003 Domain with 2 sites and 1 Child Domain. I quickly
> discovered that DNS was not set up properly. Instead of creating one
> zone for our entire public domain, and then creating Host records
> for WWW, MAIL, FTP, etc, there was a Forward Lookup Zone for each
> Host, and then a Host record for that Host in it's own personal
> Forward Lookup Zone.

This is not uncommon. However, it is designed to accomodate externally
hosted sites that the ISP is hosting the records on changing IPs. If this
were the case, we could create a zone called www under your zone, then only
provide the IP address(es) of the nameservers that host the zone so it will
always go to those nameservers to resolve it.

>
> While this technically worked, it annoyed me. I deleted all of the
> Zones, and then created one Zone for our Public Domain. I then
> created Host A records for each host within this Zone. Everything
> worked fine...for about 3 months.
>
> All of a sudden no one internally could access any of our public
> hosts. I checked DNS and was surprised to discover that the old DNS
> zones that I deleted had mysteriously reappeared. When I clicked one
> of them I recieved an error.."The Zone is not loaded by DNS". I
> deleted the zones, and everything stared working fine....for about 3
> months. It has happened roughly every 3 months for almost a year now.

I'm surprised it's 3 months, that is if the zone was an AD integrated zone,
it would have been much sooner, like almost right away, unless DNS is not
configured properly which would affect AD replication.

>
> Background
>
> Root Domain
> 2003 Native with 3 DC's.
> 1 DC resides in seperate Site seperated by a WAN link.
> Local DNS is Active Directory Integrated replicating with Entire
> Forest. Public DNS is AD Integrated replicating with the Root Domain
> Only.
> When the Zones reappear, they only show up in this Domain. Child
> Domain is not affected.

Is that in the DomainDnsZones or in the DomainNC partition? Which button is
selected under replication scope? The middle button (DomainDnsZones or the
bottom button (DomainNC)?


>
> Child Domain
> Is not affected by issue. They have their own Public Name Space and
> do not use ours.
> Local DNS is AD Integrated, replicating with Entire Forest.

This statement confuses me. Is the whole forest zone (including child zones
under it) set to Forest wide replication scope?

>
> There are no errors in the Event Log.
>
> Any insight into this problem would be much appreciated.

What I'm thinking is that the replication scope may have been duped. To
verify this, I would suggest to use ADSIEdit, and add the DomainNC,
DomainDnsZones and ForestDnsZones partitions, and look at the zone names, if
they exist in all three. See if there are any duplicates. Here's a link on
how to do it if not familiar with it:

kbAlertz- (867464) - Explains how to use ADSI Edit to resolve app partitions
issues:
http://www.kbalertz.com/kb_867464.aspx

Let us know how you make out.

--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...