with Zone tranfers keep breaking

30/08/2006, 19h55

Here is a setup of our current system.

Forrest A ---- Domain A ---- Server A

Forrest B ---- Domain A ----Server A (main server), B, and C.

Forrest A keeps having trouble with the DNS staying updated. When it tries
to replicate the zone info it gets an error "Unable to locate a logon
server." The server Forrest A wants is Server C in Forrest B. Question is
why doesnt Server A or B answer the request? Also is there a way to make it
look for Server A instead of C?
We rebooted Server C and it works fine for now, but what will happen if C
dies and goes offline permanatly? We could really appreciate some here.
Thanks.

31/08/2006, 14h36

Hi

Are you working with Secondary Zones?
Did you configured Server A,B and C to allow zone transfer?
Do you have any FW between these servers?

Why don't you use Conditional Forwarding?

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
> Here is a setup of our current system.
>
> Forrest A ---- Domain A ---- Server A
>
> Forrest B ---- Domain A ----Server A (main server), B, and C.
>
> Forrest A keeps having trouble with the DNS staying updated. When it tries
> to replicate the zone info it gets an error "Unable to locate a logon
> server." The server Forrest A wants is Server C in Forrest B. Question is
> why doesnt Server A or B answer the request? Also is there a way to make
> it look for Server A instead of C?
> We rebooted Server C and it works fine for now, but what will happen if C
> dies and goes offline permanatly? We could really appreciate some
> here. Thanks.
>

31/08/2006, 21h23

I believe they are all primary zones.
All servers are setup to do Zone transfers.
We are not using any forwarders if thats what FW is.
What is conditional forwarding?

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
> Hi
>
> Are you working with Secondary Zones?
> Did you configured Server A,B and C to allow zone transfer?
> Do you have any FW between these servers?
>
> Why don't you use Conditional Forwarding?
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>> Here is a setup of our current system.
>>
>> Forrest A ---- Domain A ---- Server A
>>
>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>
>> Forrest A keeps having trouble with the DNS staying updated. When it
>> tries to replicate the zone info it gets an error "Unable to locate a
>> logon server." The server Forrest A wants is Server C in Forrest B.
>> Question is why doesnt Server A or B answer the request? Also is there a
>> way to make it look for Server A instead of C?
>> We rebooted Server C and it works fine for now, but what will happen if C
>> dies and goes offline permanatly? We could really appreciate some
>> here. Thanks.
>>
>
>

01/09/2006, 00h33

Ok.

>I believe they are all primary zones.

All zones Primary Zones AD Integrated? I'm asking this because you can only
have one single standard Primary Zone configured on one server and all other
servers that need that Standard Primary Zone will have to be setup with
secondary zone.
For example (In forest B) if ServerA as a Standard Primary Zone, then
ServerB and C would need to have secondary Zones configured. In this
scenario If you configure ServerB and C with primary zones, that means that
all zones will be independent from each other.
You can confirm this on the Zone properties.

Assuming that you have Primary Zone AD Integrated:
Let me see if I get this right:
On Forest A you have a DNS server configured with a Primary Zone
Then you add a Secondary zone From ForestB, you configured that secondary
Zone to load from ForestB-ServerA,B and C.
That Zone only updates when ServerC is online Correct?

Check:
-Go to ForestA DNS ServerA and right click on that secondary zone and choose
properties, on the general tab, confirm that you have the correct
IPAddresses for the servers (A,B and C) in ForestB.
-Then go to EACH Server in forestB (Server A, B and C), right Click on the
Zone choose Zone Transfers Tab, make sure that in EACH server you have the
option "Allow Zone Transfers" Selected and the option "Only to the following
Servers" and that you have the Correct IPAddress for ServerA In ForestA,
this has to be done in EACH DNS Server in ForestB.

FW=Firewall, I asked this because if you have those servers (From ForestB)
in different locations they might have one Different FW to each, and that FW
might prevent Zone transfer. Check Ports 53 TCP/UDP.

Conditional Forwarding (Only in windows 2003):
Defines where Specific queries for especific Domains are forwarded, this is
a very popular method used in different forests configuration scenario
(Note: You can't use Secondary Zones and Conditional Forwarding to the Same
Domain in the Same server, you can only use one of both methods in each
server).

http://technet2.microsoft.com/Window....mspx?mfr=true

http://www.windowsnetworking.com/art...rver_2003.html

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
news

zHJg.13112$%j7.12508@newssvr29.news.prodigy. net...
>I believe they are all primary zones.
> All servers are setup to do Zone transfers.
> We are not using any forwarders if thats what FW is.
> What is conditional forwarding?
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
>> Hi
>>
>> Are you working with Secondary Zones?
>> Did you configured Server A,B and C to allow zone transfer?
>> Do you have any FW between these servers?
>>
>> Why don't you use Conditional Forwarding?
>>
>> --
>> I hope that the information above s you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>>> Here is a setup of our current system.
>>>
>>> Forrest A ---- Domain A ---- Server A
>>>
>>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>>
>>> Forrest A keeps having trouble with the DNS staying updated. When it
>>> tries to replicate the zone info it gets an error "Unable to locate a
>>> logon server." The server Forrest A wants is Server C in Forrest B.
>>> Question is why doesnt Server A or B answer the request? Also is there a
>>> way to make it look for Server A instead of C?
>>> We rebooted Server C and it works fine for now, but what will happen if
>>> C dies and goes offline permanatly? We could really appreciate some
>>> here. Thanks.
>>>
>>
>>
>
>

01/09/2006, 13h58

Ok here is how it looks and yes DNS Integration is turned on the primaries.

Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary

Forrest B --- Server A --- DNS Primary with Forrest A Secondary

Forrest B --- Server B --- DNS Primary with Forrest A Secondary

Forrest B --- Server C --- DNS Primary with Forrest A Secondary

Forrest A is in 192.168.123.x subnet
Forrest B with Server A, and C is in 192.168.1.x Subnet
Forrest B with Server B is in 192.168.18.x Subnet.

There is only one firewall but its not in the path of communication between
these 3 subnets. They all link up to a Routing Switch.

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl...
> Ok.
>
>>I believe they are all primary zones.
>
> All zones Primary Zones AD Integrated? I'm asking this because you can
> only have one single standard Primary Zone configured on one server and
> all other servers that need that Standard Primary Zone will have to be
> setup with secondary zone.
> For example (In forest B) if ServerA as a Standard Primary Zone, then
> ServerB and C would need to have secondary Zones configured. In this
> scenario If you configure ServerB and C with primary zones, that means
> that all zones will be independent from each other.
> You can confirm this on the Zone properties.
>
> Assuming that you have Primary Zone AD Integrated:
> Let me see if I get this right:
> On Forest A you have a DNS server configured with a Primary Zone
> Then you add a Secondary zone From ForestB, you configured that secondary
> Zone to load from ForestB-ServerA,B and C.
> That Zone only updates when ServerC is online Correct?
>
> Check:
> -Go to ForestA DNS ServerA and right click on that secondary zone and
> choose properties, on the general tab, confirm that you have the correct
> IPAddresses for the servers (A,B and C) in ForestB.
> -Then go to EACH Server in forestB (Server A, B and C), right Click on the
> Zone choose Zone Transfers Tab, make sure that in EACH server you have the
> option "Allow Zone Transfers" Selected and the option "Only to the
> following Servers" and that you have the Correct IPAddress for ServerA In
> ForestA, this has to be done in EACH DNS Server in ForestB.
>
> FW=Firewall, I asked this because if you have those servers (From ForestB)
> in different locations they might have one Different FW to each, and that
> FW might prevent Zone transfer. Check Ports 53 TCP/UDP.
>
> Conditional Forwarding (Only in windows 2003):
> Defines where Specific queries for especific Domains are forwarded, this
> is a very popular method used in different forests configuration scenario
> (Note: You can't use Secondary Zones and Conditional Forwarding to the
> Same Domain in the Same server, you can only use one of both methods in
> each server).
>
> http://technet2.microsoft.com/Window....mspx?mfr=true
>
> http://www.windowsnetworking.com/art...rver_2003.html
>
>
>
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
> news

zHJg.13112$%j7.12508@newssvr29.news.prodigy. net...
>>I believe they are all primary zones.
>> All servers are setup to do Zone transfers.
>> We are not using any forwarders if thats what FW is.
>> What is conditional forwarding?
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
>>> Hi
>>>
>>> Are you working with Secondary Zones?
>>> Did you configured Server A,B and C to allow zone transfer?
>>> Do you have any FW between these servers?
>>>
>>> Why don't you use Conditional Forwarding?
>>>
>>> --
>>> I hope that the information above s you
>>>
>>> Good Luck
>>> Jorge Silva
>>> MCSA
>>> Systems Administrator
>>>
>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>>>> Here is a setup of our current system.
>>>>
>>>> Forrest A ---- Domain A ---- Server A
>>>>
>>>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>>>
>>>> Forrest A keeps having trouble with the DNS staying updated. When it
>>>> tries to replicate the zone info it gets an error "Unable to locate a
>>>> logon server." The server Forrest A wants is Server C in Forrest B.
>>>> Question is why doesnt Server A or B answer the request? Also is there
>>>> a way to make it look for Server A instead of C?
>>>> We rebooted Server C and it works fine for now, but what will happen if
>>>> C dies and goes offline permanatly? We could really appreciate some
>>>> here. Thanks.
>>>>
>>>
>>>
>>
>>
>
>

01/09/2006, 17h11

> Ok here is how it looks and yes DNS Integration is turned on the
> primaries.
what do you mean with this? The DNS is Active Directory Integrated? Are you
sure?
If yes, you only need to check allow zone transfer in each server, FW
defenitions (if any), and that the servers are reachable (for example by
ping).

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om...
> Ok here is how it looks and yes DNS Integration is turned on the
> primaries.
>
> Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary
>
> Forrest B --- Server A --- DNS Primary with Forrest A Secondary
>
> Forrest B --- Server B --- DNS Primary with Forrest A Secondary
>
> Forrest B --- Server C --- DNS Primary with Forrest A Secondary
>
> Forrest A is in 192.168.123.x subnet
> Forrest B with Server A, and C is in 192.168.1.x Subnet
> Forrest B with Server B is in 192.168.18.x Subnet.
>
> There is only one firewall but its not in the path of communication
> between these 3 subnets. They all link up to a Routing Switch.
>
>
>
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl...
>> Ok.
>>
>>>I believe they are all primary zones.
>>
>> All zones Primary Zones AD Integrated? I'm asking this because you can
>> only have one single standard Primary Zone configured on one server and
>> all other servers that need that Standard Primary Zone will have to be
>> setup with secondary zone.
>> For example (In forest B) if ServerA as a Standard Primary Zone, then
>> ServerB and C would need to have secondary Zones configured. In this
>> scenario If you configure ServerB and C with primary zones, that means
>> that all zones will be independent from each other.
>> You can confirm this on the Zone properties.
>>
>> Assuming that you have Primary Zone AD Integrated:
>> Let me see if I get this right:
>> On Forest A you have a DNS server configured with a Primary Zone
>> Then you add a Secondary zone From ForestB, you configured that secondary
>> Zone to load from ForestB-ServerA,B and C.
>> That Zone only updates when ServerC is online Correct?
>>
>> Check:
>> -Go to ForestA DNS ServerA and right click on that secondary zone and
>> choose properties, on the general tab, confirm that you have the correct
>> IPAddresses for the servers (A,B and C) in ForestB.
>> -Then go to EACH Server in forestB (Server A, B and C), right Click on
>> the Zone choose Zone Transfers Tab, make sure that in EACH server you
>> have the option "Allow Zone Transfers" Selected and the option "Only to
>> the following Servers" and that you have the Correct IPAddress for
>> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB.
>>
>> FW=Firewall, I asked this because if you have those servers (From
>> ForestB) in different locations they might have one Different FW to each,
>> and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP.
>>
>> Conditional Forwarding (Only in windows 2003):
>> Defines where Specific queries for especific Domains are forwarded, this
>> is a very popular method used in different forests configuration scenario
>> (Note: You can't use Secondary Zones and Conditional Forwarding to the
>> Same Domain in the Same server, you can only use one of both methods in
>> each server).
>>
>> http://technet2.microsoft.com/Window....mspx?mfr=true
>>
>> http://www.windowsnetworking.com/art...rver_2003.html
>>
>>
>>
>>
>> --
>> I hope that the information above s you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>> news

zHJg.13112$%j7.12508@newssvr29.news.prodigy. net...
>>>I believe they are all primary zones.
>>> All servers are setup to do Zone transfers.
>>> We are not using any forwarders if thats what FW is.
>>> What is conditional forwarding?
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
>>>> Hi
>>>>
>>>> Are you working with Secondary Zones?
>>>> Did you configured Server A,B and C to allow zone transfer?
>>>> Do you have any FW between these servers?
>>>>
>>>> Why don't you use Conditional Forwarding?
>>>>
>>>> --
>>>> I hope that the information above s you
>>>>
>>>> Good Luck
>>>> Jorge Silva
>>>> MCSA
>>>> Systems Administrator
>>>>
>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>>>>> Here is a setup of our current system.
>>>>>
>>>>> Forrest A ---- Domain A ---- Server A
>>>>>
>>>>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>>>>
>>>>> Forrest A keeps having trouble with the DNS staying updated. When it
>>>>> tries to replicate the zone info it gets an error "Unable to locate a
>>>>> logon server." The server Forrest A wants is Server C in Forrest B.
>>>>> Question is why doesnt Server A or B answer the request? Also is there
>>>>> a way to make it look for Server A instead of C?
>>>>> We rebooted Server C and it works fine for now, but what will happen
>>>>> if C dies and goes offline permanatly? We could really appreciate some
>>>>> here. Thanks.
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

01/09/2006, 17h51

Yes they are AD Integrated. Yes we told each server to allow zone transfers
to each other. There is no FW in the way of transfers.

Whats happening however is the DNS server in Forrest A has decided the only
Server it will use for authentication is Server C in Forrest B. If C is
unavailable it will not do zone transfers and it breaks the link therefore
causing havoc. It is my understanding that if C is unavailable then it
should transfer with the others but it wont. It gives the error "Logon
server unavaible." Server A in Forrest B is the main server not C. So to me
it doesnt make any sence.

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:%23txPFFezGHA.4092@TK2MSFTNGP04.phx.gbl...
>> Ok here is how it looks and yes DNS Integration is turned on the
>> primaries.
> what do you mean with this? The DNS is Active Directory Integrated? Are
> you sure?
> If yes, you only need to check allow zone transfer in each server, FW
> defenitions (if any), and that the servers are reachable (for example by
> ping).
>
>
>
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
> news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om...
>> Ok here is how it looks and yes DNS Integration is turned on the
>> primaries.
>>
>> Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary
>>
>> Forrest B --- Server A --- DNS Primary with Forrest A Secondary
>>
>> Forrest B --- Server B --- DNS Primary with Forrest A Secondary
>>
>> Forrest B --- Server C --- DNS Primary with Forrest A Secondary
>>
>> Forrest A is in 192.168.123.x subnet
>> Forrest B with Server A, and C is in 192.168.1.x Subnet
>> Forrest B with Server B is in 192.168.18.x Subnet.
>>
>> There is only one firewall but its not in the path of communication
>> between these 3 subnets. They all link up to a Routing Switch.
>>
>>
>>
>>
>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>> news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl...
>>> Ok.
>>>
>>>>I believe they are all primary zones.
>>>
>>> All zones Primary Zones AD Integrated? I'm asking this because you can
>>> only have one single standard Primary Zone configured on one server and
>>> all other servers that need that Standard Primary Zone will have to be
>>> setup with secondary zone.
>>> For example (In forest B) if ServerA as a Standard Primary Zone, then
>>> ServerB and C would need to have secondary Zones configured. In this
>>> scenario If you configure ServerB and C with primary zones, that means
>>> that all zones will be independent from each other.
>>> You can confirm this on the Zone properties.
>>>
>>> Assuming that you have Primary Zone AD Integrated:
>>> Let me see if I get this right:
>>> On Forest A you have a DNS server configured with a Primary Zone
>>> Then you add a Secondary zone From ForestB, you configured that
>>> secondary Zone to load from ForestB-ServerA,B and C.
>>> That Zone only updates when ServerC is online Correct?
>>>
>>> Check:
>>> -Go to ForestA DNS ServerA and right click on that secondary zone and
>>> choose properties, on the general tab, confirm that you have the correct
>>> IPAddresses for the servers (A,B and C) in ForestB.
>>> -Then go to EACH Server in forestB (Server A, B and C), right Click on
>>> the Zone choose Zone Transfers Tab, make sure that in EACH server you
>>> have the option "Allow Zone Transfers" Selected and the option "Only to
>>> the following Servers" and that you have the Correct IPAddress for
>>> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB.
>>>
>>> FW=Firewall, I asked this because if you have those servers (From
>>> ForestB) in different locations they might have one Different FW to
>>> each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP.
>>>
>>> Conditional Forwarding (Only in windows 2003):
>>> Defines where Specific queries for especific Domains are forwarded, this
>>> is a very popular method used in different forests configuration
>>> scenario (Note: You can't use Secondary Zones and Conditional Forwarding
>>> to the Same Domain in the Same server, you can only use one of both
>>> methods in each server).
>>>
>>> http://technet2.microsoft.com/Window....mspx?mfr=true
>>>
>>> http://www.windowsnetworking.com/art...rver_2003.html
>>>
>>>
>>>
>>>
>>> --
>>> I hope that the information above s you
>>>
>>> Good Luck
>>> Jorge Silva
>>> MCSA
>>> Systems Administrator
>>>
>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>> news

zHJg.13112$%j7.12508@newssvr29.news.prodigy. net...
>>>>I believe they are all primary zones.
>>>> All servers are setup to do Zone transfers.
>>>> We are not using any forwarders if thats what FW is.
>>>> What is conditional forwarding?
>>>>
>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
>>>>> Hi
>>>>>
>>>>> Are you working with Secondary Zones?
>>>>> Did you configured Server A,B and C to allow zone transfer?
>>>>> Do you have any FW between these servers?
>>>>>
>>>>> Why don't you use Conditional Forwarding?
>>>>>
>>>>> --
>>>>> I hope that the information above s you
>>>>>
>>>>> Good Luck
>>>>> Jorge Silva
>>>>> MCSA
>>>>> Systems Administrator
>>>>>
>>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>>>>>> Here is a setup of our current system.
>>>>>>
>>>>>> Forrest A ---- Domain A ---- Server A
>>>>>>
>>>>>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>>>>>
>>>>>> Forrest A keeps having trouble with the DNS staying updated. When it
>>>>>> tries to replicate the zone info it gets an error "Unable to locate a
>>>>>> logon server." The server Forrest A wants is Server C in Forrest B.
>>>>>> Question is why doesnt Server A or B answer the request? Also is
>>>>>> there a way to make it look for Server A instead of C?
>>>>>> We rebooted Server C and it works fine for now, but what will happen
>>>>>> if C dies and goes offline permanatly? We could really appreciate
>>>>>> some here. Thanks.
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

01/09/2006, 21h23

well this wierd...
The secondary zone will transfer normally if one of the Name Servers is
down.

- Can you please confirm that in DNS Server in Forest A Secondary Zone you
have NS records for SrvA,B and C from ForestB?
- also confirm the SOA record (I think that must be to ServerC).

-When you shutdown the serverC, run dnscmd /clearcache, and ipconfig
/flushdns, then restart the DNS server on ForestA does the same behavior
happens?

-What errors are you seeing in DNS event Viewer?

- If everything Ok then if you can, do a test.
On ServerA in Forest A
-Delete the secondary zone.
-IMPORTANT -> Go to System32\DNS and delete the zone that refers to this
secondary zone.
-Restart DNS service.
-Recriate the Secondary Zone, but don't use the ServerC From ForestB, use
only ServerA and B From ForestB.
-After the Zone has been loaded, check the SOA owner.
-Manually create a A record in the DNS Zone (on ServerA or B) , then go to
ServerA (ForestA), and choose transfer from master, see if updates.
-Then shutdown one of the servers (A or B), make a new change and choose
transfer from master, see if iot works.

I want to you, but I never saw something familiar with this, In my
expirience Secondary Zones always worked fine with no problems. I also
searched on web but I didn't found anything similar to this.

Zone transfers from a secondary DNS server fail
http://technet2.microsoft.com/Window....mspx?mfr=true
Troubleshooting zone problems
http://technet2.microsoft.com/Window....mspx?mfr=true

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
news:AyZJg.333$MF1.170@newssvr25.news.prodigy.net. ..
> Yes they are AD Integrated. Yes we told each server to allow zone
> transfers to each other. There is no FW in the way of transfers.
>
> Whats happening however is the DNS server in Forrest A has decided the
> only Server it will use for authentication is Server C in Forrest B. If C
> is unavailable it will not do zone transfers and it breaks the link
> therefore causing havoc. It is my understanding that if C is unavailable
> then it should transfer with the others but it wont. It gives the error
> "Logon server unavaible." Server A in Forrest B is the main server not C.
> So to me it doesnt make any sence.
>
> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
> news:%23txPFFezGHA.4092@TK2MSFTNGP04.phx.gbl...
>>> Ok here is how it looks and yes DNS Integration is turned on the
>>> primaries.
>> what do you mean with this? The DNS is Active Directory Integrated? Are
>> you sure?
>> If yes, you only need to check allow zone transfer in each server, FW
>> defenitions (if any), and that the servers are reachable (for example by
>> ping).
>>
>>
>>
>>
>> --
>> I hope that the information above s you
>>
>> Good Luck
>> Jorge Silva
>> MCSA
>> Systems Administrator
>>
>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>> news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om...
>>> Ok here is how it looks and yes DNS Integration is turned on the
>>> primaries.
>>>
>>> Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary
>>>
>>> Forrest B --- Server A --- DNS Primary with Forrest A Secondary
>>>
>>> Forrest B --- Server B --- DNS Primary with Forrest A Secondary
>>>
>>> Forrest B --- Server C --- DNS Primary with Forrest A Secondary
>>>
>>> Forrest A is in 192.168.123.x subnet
>>> Forrest B with Server A, and C is in 192.168.1.x Subnet
>>> Forrest B with Server B is in 192.168.18.x Subnet.
>>>
>>> There is only one firewall but its not in the path of communication
>>> between these 3 subnets. They all link up to a Routing Switch.
>>>
>>>
>>>
>>>
>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>> news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl...
>>>> Ok.
>>>>
>>>>>I believe they are all primary zones.
>>>>
>>>> All zones Primary Zones AD Integrated? I'm asking this because you can
>>>> only have one single standard Primary Zone configured on one server and
>>>> all other servers that need that Standard Primary Zone will have to be
>>>> setup with secondary zone.
>>>> For example (In forest B) if ServerA as a Standard Primary Zone, then
>>>> ServerB and C would need to have secondary Zones configured. In this
>>>> scenario If you configure ServerB and C with primary zones, that means
>>>> that all zones will be independent from each other.
>>>> You can confirm this on the Zone properties.
>>>>
>>>> Assuming that you have Primary Zone AD Integrated:
>>>> Let me see if I get this right:
>>>> On Forest A you have a DNS server configured with a Primary Zone
>>>> Then you add a Secondary zone From ForestB, you configured that
>>>> secondary Zone to load from ForestB-ServerA,B and C.
>>>> That Zone only updates when ServerC is online Correct?
>>>>
>>>> Check:
>>>> -Go to ForestA DNS ServerA and right click on that secondary zone and
>>>> choose properties, on the general tab, confirm that you have the
>>>> correct IPAddresses for the servers (A,B and C) in ForestB.
>>>> -Then go to EACH Server in forestB (Server A, B and C), right Click on
>>>> the Zone choose Zone Transfers Tab, make sure that in EACH server you
>>>> have the option "Allow Zone Transfers" Selected and the option "Only to
>>>> the following Servers" and that you have the Correct IPAddress for
>>>> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB.
>>>>
>>>> FW=Firewall, I asked this because if you have those servers (From
>>>> ForestB) in different locations they might have one Different FW to
>>>> each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP.
>>>>
>>>> Conditional Forwarding (Only in windows 2003):
>>>> Defines where Specific queries for especific Domains are forwarded,
>>>> this is a very popular method used in different forests configuration
>>>> scenario (Note: You can't use Secondary Zones and Conditional
>>>> Forwarding to the Same Domain in the Same server, you can only use one
>>>> of both methods in each server).
>>>>
>>>> http://technet2.microsoft.com/Window....mspx?mfr=true
>>>>
>>>> http://www.windowsnetworking.com/art...rver_2003.html
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> I hope that the information above s you
>>>>
>>>> Good Luck
>>>> Jorge Silva
>>>> MCSA
>>>> Systems Administrator
>>>>
>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>>> news

zHJg.13112$%j7.12508@newssvr29.news.prodigy. net...
>>>>>I believe they are all primary zones.
>>>>> All servers are setup to do Zone transfers.
>>>>> We are not using any forwarders if thats what FW is.
>>>>> What is conditional forwarding?
>>>>>
>>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
>>>>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl...
>>>>>> Hi
>>>>>>
>>>>>> Are you working with Secondary Zones?
>>>>>> Did you configured Server A,B and C to allow zone transfer?
>>>>>> Do you have any FW between these servers?
>>>>>>
>>>>>> Why don't you use Conditional Forwarding?
>>>>>>
>>>>>> --
>>>>>> I hope that the information above s you
>>>>>>
>>>>>> Good Luck
>>>>>> Jorge Silva
>>>>>> MCSA
>>>>>> Systems Administrator
>>>>>>
>>>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message
>>>>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m...
>>>>>>> Here is a setup of our current system.
>>>>>>>
>>>>>>> Forrest A ---- Domain A ---- Server A
>>>>>>>
>>>>>>> Forrest B ---- Domain A ----Server A (main server), B, and C.
>>>>>>>
>>>>>>> Forrest A keeps having trouble with the DNS staying updated. When it
>>>>>>> tries to replicate the zone info it gets an error "Unable to locate
>>>>>>> a logon server." The server Forrest A wants is Server C in Forrest
>>>>>>> B. Question is why doesnt Server A or B answer the request? Also is
>>>>>>> there a way to make it look for Server A instead of C?
>>>>>>> We rebooted Server C and it works fine for now, but what will happen
>>>>>>> if C dies and goes offline permanatly? We could really appreciate
>>>>>>> some here. Thanks.
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

02/09/2006, 02h14

Chris Peikert wrote:
> Yes they are AD Integrated. Yes we told each server to allow zone
> transfers
> to each other. There is no FW in the way of transfers.

If all the zones are AD integrated, zone transfers have no function, an ADI
zone in Forest A will not replicate to Forest B. You would have to create a
Secondary of Forest A zones on Forest B DNS.
Instead of using Secondary zones, you should use conditional forwarding for
the zones in other forests. Alternately you can use stub zones but
conditional forwarders don't have to rely on any transfer of records.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

02/09/2006, 11h36

Hi Kevin

> If all the zones are AD integrated, zone transfers have no function, an
> ADI
> zone in Forest A will not replicate to Forest B. You would have to create
> a
> Secondary of Forest A zones on Forest B DNS.
> Instead of using Secondary zones, you should use conditional forwarding
> for
> the zones in other forests. Alternately you can use stub zones but
> conditional forwarders don't have to rely on any transfer of records.

That's true and I agree, and that's why I recommended Conditional
Forwarding,
What is weird beside that is that zone transfer should be working... Right?

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:OdUGj0izGHA.2208@TK2MSFTNGP03.phx.gbl...
> Chris Peikert wrote:
>> Yes they are AD Integrated. Yes we told each server to allow zone
>> transfers
>> to each other. There is no FW in the way of transfers.
>
> If all the zones are AD integrated, zone transfers have no function, an
> ADI
> zone in Forest A will not replicate to Forest B. You would have to create
> a
> Secondary of Forest A zones on Forest B DNS.
> Instead of using Secondary zones, you should use conditional forwarding
> for
> the zones in other forests. Alternately you can use stub zones but
> conditional forwarders don't have to rely on any transfer of records.
>
>
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>

02/09/2006, 15h58

Jorge Silva wrote:
> Hi Kevin
>
>> If all the zones are AD integrated, zone transfers have no function,
>> an ADI
>> zone in Forest A will not replicate to Forest B. You would have to
>> create a
>> Secondary of Forest A zones on Forest B DNS.
>> Instead of using Secondary zones, you should use conditional
>> forwarding for
>> the zones in other forests. Alternately you can use stub zones but
>> conditional forwarders don't have to rely on any transfer of records.
>
> That's true and I agree, and that's why I recommended Conditional
> Forwarding,
> What is weird beside that is that zone transfer should be working...
> Right?

If he were using Secondary zones that might, but he has stated he has no
secondary zones. All are Primary ADI zones.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

02/09/2006, 16h15

-Hooo... my God I think I need some clarification here.... Maybe I'm
confused...

-But I though his problem was that he configured a Secondary Zone on his
ForestA for the existent Primary Zone on ForestB!!!

-Is this not correct?

-And the Problem was that although he had configured that Secondary Zone to
load from 3 different Servers (that have the Primary AD Integrated), when
one of the servers (ServerC) is shutdown the zone fails to load from the
other two available servers!!!

-Is this wrong?

I'm not trying to say what is best for this scenerio, all I'm trying to say
is that in any case (if correct configurations) the secondary zone should
transfer....

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eg$Q7AqzGHA.4312@TK2MSFTNGP02.phx.gbl...
> Jorge Silva wrote:
>> Hi Kevin
>>
>>> If all the zones are AD integrated, zone transfers have no function,
>>> an ADI
>>> zone in Forest A will not replicate to Forest B. You would have to
>>> create a
>>> Secondary of Forest A zones on Forest B DNS.
>>> Instead of using Secondary zones, you should use conditional
>>> forwarding for
>>> the zones in other forests. Alternately you can use stub zones but
>>> conditional forwarders don't have to rely on any transfer of records.
>>
>> That's true and I agree, and that's why I recommended Conditional
>> Forwarding,
>> What is weird beside that is that zone transfer should be working...
>> Right?
>
> If he were using Secondary zones that might, but he has stated he has no
> secondary zones. All are Primary ADI zones.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>

06/09/2006, 21h39

Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a secondary zone
for each DNS server in Forrest B and vise versa for Forrest B. Just like the
diagram i made earlier in the discussions. The problem is for some odd
reason the Secondary zones tend to break if the one server that Server A in
Forrest A wants goes offline. I do not know much about conditional
forwarding or how to do it instead of Secondary Zones. I am lucky to get DNS
working period.

"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:%233GVWKqzGHA.4452@TK2MSFTNGP05.phx.gbl...
> -Hooo... my God I think I need some clarification here.... Maybe I'm
> confused...
>
> -But I though his problem was that he configured a Secondary Zone on his
> ForestA for the existent Primary Zone on ForestB!!!
>
> -Is this not correct?
>
> -And the Problem was that although he had configured that Secondary Zone
> to load from 3 different Servers (that have the Primary AD Integrated),
> when one of the servers (ServerC) is shutdown the zone fails to load from
> the other two available servers!!!
>
> -Is this wrong?
>
>
>
> I'm not trying to say what is best for this scenerio, all I'm trying to
> say is that in any case (if correct configurations) the secondary zone
> should transfer....
>
>
>
> --
> I hope that the information above s you
>
> Good Luck
> Jorge Silva
> MCSA
> Systems Administrator
>
> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
> news:eg$Q7AqzGHA.4312@TK2MSFTNGP02.phx.gbl...
>> Jorge Silva wrote:
>>> Hi Kevin
>>>
>>>> If all the zones are AD integrated, zone transfers have no function,
>>>> an ADI
>>>> zone in Forest A will not replicate to Forest B. You would have to
>>>> create a
>>>> Secondary of Forest A zones on Forest B DNS.
>>>> Instead of using Secondary zones, you should use conditional
>>>> forwarding for
>>>> the zones in other forests. Alternately you can use stub zones but
>>>> conditional forwarders don't have to rely on any transfer of records.
>>>
>>> That's true and I agree, and that's why I recommended Conditional
>>> Forwarding,
>>> What is weird beside that is that zone transfer should be working...
>>> Right?
>>
>> If he were using Secondary zones that might, but he has stated he has no
>> secondary zones. All are Primary ADI zones.
>>
>> --
>> Best regards,
>> Kevin D. Goodknecht Sr. [MVP]
>> Hope This s
>> ===================================
>> When responding to posts, please "Reply to Group"
>> via your newsreader so that others may learn and
>> benefit from your issue, to respond directly to
>> me remove the nospam. from my email address.
>> ===================================
>> http://www.lonestaramerica.com/
>> http://support.wftx.us/
>> http://message.wftx.us/
>> ===================================
>> Use Outlook Express?... Get OE_Quotefix:
>> It will strip signature out and more
>> http://home.in.tum.de/~jain/software/oe-quotefix/
>> ===================================
>> Keep a back up of your OE settings and folders
>> with OEBackup:
>> http://www.oe.com/OEBackup/Default.aspx
>> ===================================
>>
>>
>
>
>

07/09/2006, 04h12

Chris Peikert wrote:
> Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a
> secondary zone for each DNS server in Forrest B and vise versa for
> Forrest B. Just like the diagram i made earlier in the discussions.
> The problem is for some odd reason the Secondary zones tend to break
> if the one server that Server A in Forrest A wants goes offline. I do
> not know much about conditional forwarding or how to do it instead of
> Secondary Zones. I am lucky to get DNS working period.

If the Primary goes offline, it starts a countdown clock on the secondary,
when the Expire time on the SOA record expires, the zone expires and will no
longer answer with authority. By default the Expire time on a MS DNS
Server's zone is 1 day. Meaning, if the link breaks you have less than one
day to fix it, depending on when the last time the secondary refreshed its
data.
If you're running secondary zones I'd recommend increasing the Expire time
to 2 weeks, the RFC recommended expire time is 2 to 4 weeks for public
zones.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oe.com/OEBackup/Default.aspx
===================================

07/09/2006, 10h59

Ok, Kevin I agree with you but the problem is that he only have problems
when ServerC is down and that shouldn't be a problem, because you can
refresh from other available secondary.

--
I hope that the information above s you

Good Luck
Jorge Silva
MCSA
Systems Administrator

"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:eBEK8ti0GHA.4016@TK2MSFTNGP02.phx.gbl...
> Chris Peikert wrote:
>> Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a
>> secondary zone for each DNS server in Forrest B and vise versa for
>> Forrest B. Just like the diagram i made earlier in the discussions.
>> The problem is for some odd reason the Secondary zones tend to break
>> if the one server that Server A in Forrest A wants goes offline. I do
>> not know much about conditional forwarding or how to do it instead of
>> Secondary Zones. I am lucky to get DNS working period.
>
> If the Primary goes offline, it starts a countdown clock on the secondary,
> when the Expire time on the SOA record expires, the zone expires and will
> no
> longer answer with authority. By default the Expire time on a MS DNS
> Server's zone is 1 day. Meaning, if the link breaks you have less than one
> day to fix it, depending on when the last time the secondary refreshed its
> data.
> If you're running secondary zones I'd recommend increasing the Expire time
> to 2 weeks, the RFC recommended expire time is 2 to 4 weeks for public
> zones.
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This s
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oe.com/OEBackup/Default.aspx
> ===================================
>
>

08/09/2006, 13h50

Jorge Silva wrote:
> Ok, Kevin I agree with you but the problem is that he only have
> problems when ServerC is down and that shouldn't be a problem,
> because you can refresh from other available secondary.

The Problem with running a secondary zone with two different AD Integrated
servers as Masters. The secondary will do a refresh check to the master,
since all AD integrated zones list the server they are on as the Master Name
Server (MNAME) the secondary will refuse zone transfers from one or the
other depending on which one is listed on its (the Secondary) MNAME record.
I've been testing these scenarios for quite some time and found that
Secondary won't refresh its records from a Name server that has a zone with
a different MNAME in the zone.
As for zone updates, a client will send its updates to the server listed on
the MNAME record, which is why ADI zones always list themselves as Masters.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This s
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========

30/08/2006, 19h55	#1
Chris Peikert Messages: n/a Hébergeur:	with Zone tranfers keep breaking Here is a setup of our current system. Forrest A ---- Domain A ---- Server A Forrest B ---- Domain A ----Server A (main server), B, and C. Forrest A keeps having trouble with the DNS staying updated. When it tries to replicate the zone info it gets an error "Unable to locate a logon server." The server Forrest A wants is Server C in Forrest B. Question is why doesnt Server A or B answer the request? Also is there a way to make it look for Server A instead of C? We rebooted Server C and it works fine for now, but what will happen if C dies and goes offline permanatly? We could really appreciate some here. Thanks.

31/08/2006, 14h36	#2
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Hi Are you working with Secondary Zones? Did you configured Server A,B and C to allow zone transfer? Do you have any FW between these servers? Why don't you use Conditional Forwarding? -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... > Here is a setup of our current system. > > Forrest A ---- Domain A ---- Server A > > Forrest B ---- Domain A ----Server A (main server), B, and C. > > Forrest A keeps having trouble with the DNS staying updated. When it tries > to replicate the zone info it gets an error "Unable to locate a logon > server." The server Forrest A wants is Server C in Forrest B. Question is > why doesnt Server A or B answer the request? Also is there a way to make > it look for Server A instead of C? > We rebooted Server C and it works fine for now, but what will happen if C > dies and goes offline permanatly? We could really appreciate some > here. Thanks. >

31/08/2006, 21h23	#3
Chris Peikert Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking I believe they are all primary zones. All servers are setup to do Zone transfers. We are not using any forwarders if thats what FW is. What is conditional forwarding? "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... > Hi > > Are you working with Secondary Zones? > Did you configured Server A,B and C to allow zone transfer? > Do you have any FW between these servers? > > Why don't you use Conditional Forwarding? > > -- > I hope that the information above s you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message > news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >> Here is a setup of our current system. >> >> Forrest A ---- Domain A ---- Server A >> >> Forrest B ---- Domain A ----Server A (main server), B, and C. >> >> Forrest A keeps having trouble with the DNS staying updated. When it >> tries to replicate the zone info it gets an error "Unable to locate a >> logon server." The server Forrest A wants is Server C in Forrest B. >> Question is why doesnt Server A or B answer the request? Also is there a >> way to make it look for Server A instead of C? >> We rebooted Server C and it works fine for now, but what will happen if C >> dies and goes offline permanatly? We could really appreciate some >> here. Thanks. >> > >

01/09/2006, 00h33	#4
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Ok. >I believe they are all primary zones. All zones Primary Zones AD Integrated? I'm asking this because you can only have one single standard Primary Zone configured on one server and all other servers that need that Standard Primary Zone will have to be setup with secondary zone. For example (In forest B) if ServerA as a Standard Primary Zone, then ServerB and C would need to have secondary Zones configured. In this scenario If you configure ServerB and C with primary zones, that means that all zones will be independent from each other. You can confirm this on the Zone properties. Assuming that you have Primary Zone AD Integrated: Let me see if I get this right: On Forest A you have a DNS server configured with a Primary Zone Then you add a Secondary zone From ForestB, you configured that secondary Zone to load from ForestB-ServerA,B and C. That Zone only updates when ServerC is online Correct? Check: -Go to ForestA DNS ServerA and right click on that secondary zone and choose properties, on the general tab, confirm that you have the correct IPAddresses for the servers (A,B and C) in ForestB. -Then go to EACH Server in forestB (Server A, B and C), right Click on the Zone choose Zone Transfers Tab, make sure that in EACH server you have the option "Allow Zone Transfers" Selected and the option "Only to the following Servers" and that you have the Correct IPAddress for ServerA In ForestA, this has to be done in EACH DNS Server in ForestB. FW=Firewall, I asked this because if you have those servers (From ForestB) in different locations they might have one Different FW to each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP. Conditional Forwarding (Only in windows 2003): Defines where Specific queries for especific Domains are forwarded, this is a very popular method used in different forests configuration scenario (Note: You can't use Secondary Zones and Conditional Forwarding to the Same Domain in the Same server, you can only use one of both methods in each server). http://technet2.microsoft.com/Window....mspx?mfr=true http://www.windowsnetworking.com/art...rver_2003.html -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message newszHJg.13112$%j7.12508@newssvr29.news.prodigy. net... >I believe they are all primary zones. > All servers are setup to do Zone transfers. > We are not using any forwarders if thats what FW is. > What is conditional forwarding? > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... >> Hi >> >> Are you working with Secondary Zones? >> Did you configured Server A,B and C to allow zone transfer? >> Do you have any FW between these servers? >> >> Why don't you use Conditional Forwarding? >> >> -- >> I hope that the information above s you >> >> Good Luck >> Jorge Silva >> MCSA >> Systems Administrator >> >> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >>> Here is a setup of our current system. >>> >>> Forrest A ---- Domain A ---- Server A >>> >>> Forrest B ---- Domain A ----Server A (main server), B, and C. >>> >>> Forrest A keeps having trouble with the DNS staying updated. When it >>> tries to replicate the zone info it gets an error "Unable to locate a >>> logon server." The server Forrest A wants is Server C in Forrest B. >>> Question is why doesnt Server A or B answer the request? Also is there a >>> way to make it look for Server A instead of C? >>> We rebooted Server C and it works fine for now, but what will happen if >>> C dies and goes offline permanatly? We could really appreciate some >>> here. Thanks. >>> >> >> > >

01/09/2006, 13h58	#5
Chris Peikert Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Ok here is how it looks and yes DNS Integration is turned on the primaries. Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary Forrest B --- Server A --- DNS Primary with Forrest A Secondary Forrest B --- Server B --- DNS Primary with Forrest A Secondary Forrest B --- Server C --- DNS Primary with Forrest A Secondary Forrest A is in 192.168.123.x subnet Forrest B with Server A, and C is in 192.168.1.x Subnet Forrest B with Server B is in 192.168.18.x Subnet. There is only one firewall but its not in the path of communication between these 3 subnets. They all link up to a Routing Switch. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl... > Ok. > >>I believe they are all primary zones. > > All zones Primary Zones AD Integrated? I'm asking this because you can > only have one single standard Primary Zone configured on one server and > all other servers that need that Standard Primary Zone will have to be > setup with secondary zone. > For example (In forest B) if ServerA as a Standard Primary Zone, then > ServerB and C would need to have secondary Zones configured. In this > scenario If you configure ServerB and C with primary zones, that means > that all zones will be independent from each other. > You can confirm this on the Zone properties. > > Assuming that you have Primary Zone AD Integrated: > Let me see if I get this right: > On Forest A you have a DNS server configured with a Primary Zone > Then you add a Secondary zone From ForestB, you configured that secondary > Zone to load from ForestB-ServerA,B and C. > That Zone only updates when ServerC is online Correct? > > Check: > -Go to ForestA DNS ServerA and right click on that secondary zone and > choose properties, on the general tab, confirm that you have the correct > IPAddresses for the servers (A,B and C) in ForestB. > -Then go to EACH Server in forestB (Server A, B and C), right Click on the > Zone choose Zone Transfers Tab, make sure that in EACH server you have the > option "Allow Zone Transfers" Selected and the option "Only to the > following Servers" and that you have the Correct IPAddress for ServerA In > ForestA, this has to be done in EACH DNS Server in ForestB. > > FW=Firewall, I asked this because if you have those servers (From ForestB) > in different locations they might have one Different FW to each, and that > FW might prevent Zone transfer. Check Ports 53 TCP/UDP. > > Conditional Forwarding (Only in windows 2003): > Defines where Specific queries for especific Domains are forwarded, this > is a very popular method used in different forests configuration scenario > (Note: You can't use Secondary Zones and Conditional Forwarding to the > Same Domain in the Same server, you can only use one of both methods in > each server). > > http://technet2.microsoft.com/Window....mspx?mfr=true > > http://www.windowsnetworking.com/art...rver_2003.html > > > > > -- > I hope that the information above s you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message > newszHJg.13112$%j7.12508@newssvr29.news.prodigy. net... >>I believe they are all primary zones. >> All servers are setup to do Zone transfers. >> We are not using any forwarders if thats what FW is. >> What is conditional forwarding? >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... >>> Hi >>> >>> Are you working with Secondary Zones? >>> Did you configured Server A,B and C to allow zone transfer? >>> Do you have any FW between these servers? >>> >>> Why don't you use Conditional Forwarding? >>> >>> -- >>> I hope that the information above s you >>> >>> Good Luck >>> Jorge Silva >>> MCSA >>> Systems Administrator >>> >>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >>>> Here is a setup of our current system. >>>> >>>> Forrest A ---- Domain A ---- Server A >>>> >>>> Forrest B ---- Domain A ----Server A (main server), B, and C. >>>> >>>> Forrest A keeps having trouble with the DNS staying updated. When it >>>> tries to replicate the zone info it gets an error "Unable to locate a >>>> logon server." The server Forrest A wants is Server C in Forrest B. >>>> Question is why doesnt Server A or B answer the request? Also is there >>>> a way to make it look for Server A instead of C? >>>> We rebooted Server C and it works fine for now, but what will happen if >>>> C dies and goes offline permanatly? We could really appreciate some >>>> here. Thanks. >>>> >>> >>> >> >> > >

01/09/2006, 17h11	#6
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking > Ok here is how it looks and yes DNS Integration is turned on the > primaries. what do you mean with this? The DNS is Active Directory Integrated? Are you sure? If yes, you only need to check allow zone transfer in each server, FW defenitions (if any), and that the servers are reachable (for example by ping). -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om... > Ok here is how it looks and yes DNS Integration is turned on the > primaries. > > Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary > > Forrest B --- Server A --- DNS Primary with Forrest A Secondary > > Forrest B --- Server B --- DNS Primary with Forrest A Secondary > > Forrest B --- Server C --- DNS Primary with Forrest A Secondary > > Forrest A is in 192.168.123.x subnet > Forrest B with Server A, and C is in 192.168.1.x Subnet > Forrest B with Server B is in 192.168.18.x Subnet. > > There is only one firewall but its not in the path of communication > between these 3 subnets. They all link up to a Routing Switch. > > > > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl... >> Ok. >> >>>I believe they are all primary zones. >> >> All zones Primary Zones AD Integrated? I'm asking this because you can >> only have one single standard Primary Zone configured on one server and >> all other servers that need that Standard Primary Zone will have to be >> setup with secondary zone. >> For example (In forest B) if ServerA as a Standard Primary Zone, then >> ServerB and C would need to have secondary Zones configured. In this >> scenario If you configure ServerB and C with primary zones, that means >> that all zones will be independent from each other. >> You can confirm this on the Zone properties. >> >> Assuming that you have Primary Zone AD Integrated: >> Let me see if I get this right: >> On Forest A you have a DNS server configured with a Primary Zone >> Then you add a Secondary zone From ForestB, you configured that secondary >> Zone to load from ForestB-ServerA,B and C. >> That Zone only updates when ServerC is online Correct? >> >> Check: >> -Go to ForestA DNS ServerA and right click on that secondary zone and >> choose properties, on the general tab, confirm that you have the correct >> IPAddresses for the servers (A,B and C) in ForestB. >> -Then go to EACH Server in forestB (Server A, B and C), right Click on >> the Zone choose Zone Transfers Tab, make sure that in EACH server you >> have the option "Allow Zone Transfers" Selected and the option "Only to >> the following Servers" and that you have the Correct IPAddress for >> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB. >> >> FW=Firewall, I asked this because if you have those servers (From >> ForestB) in different locations they might have one Different FW to each, >> and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP. >> >> Conditional Forwarding (Only in windows 2003): >> Defines where Specific queries for especific Domains are forwarded, this >> is a very popular method used in different forests configuration scenario >> (Note: You can't use Secondary Zones and Conditional Forwarding to the >> Same Domain in the Same server, you can only use one of both methods in >> each server). >> >> http://technet2.microsoft.com/Window....mspx?mfr=true >> >> http://www.windowsnetworking.com/art...rver_2003.html >> >> >> >> >> -- >> I hope that the information above s you >> >> Good Luck >> Jorge Silva >> MCSA >> Systems Administrator >> >> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >> newszHJg.13112$%j7.12508@newssvr29.news.prodigy. net... >>>I believe they are all primary zones. >>> All servers are setup to do Zone transfers. >>> We are not using any forwarders if thats what FW is. >>> What is conditional forwarding? >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... >>>> Hi >>>> >>>> Are you working with Secondary Zones? >>>> Did you configured Server A,B and C to allow zone transfer? >>>> Do you have any FW between these servers? >>>> >>>> Why don't you use Conditional Forwarding? >>>> >>>> -- >>>> I hope that the information above s you >>>> >>>> Good Luck >>>> Jorge Silva >>>> MCSA >>>> Systems Administrator >>>> >>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >>>>> Here is a setup of our current system. >>>>> >>>>> Forrest A ---- Domain A ---- Server A >>>>> >>>>> Forrest B ---- Domain A ----Server A (main server), B, and C. >>>>> >>>>> Forrest A keeps having trouble with the DNS staying updated. When it >>>>> tries to replicate the zone info it gets an error "Unable to locate a >>>>> logon server." The server Forrest A wants is Server C in Forrest B. >>>>> Question is why doesnt Server A or B answer the request? Also is there >>>>> a way to make it look for Server A instead of C? >>>>> We rebooted Server C and it works fine for now, but what will happen >>>>> if C dies and goes offline permanatly? We could really appreciate some >>>>> here. Thanks. >>>>> >>>> >>>> >>> >>> >> >> > >

01/09/2006, 17h51	#7
Chris Peikert Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Yes they are AD Integrated. Yes we told each server to allow zone transfers to each other. There is no FW in the way of transfers. Whats happening however is the DNS server in Forrest A has decided the only Server it will use for authentication is Server C in Forrest B. If C is unavailable it will not do zone transfers and it breaks the link therefore causing havoc. It is my understanding that if C is unavailable then it should transfer with the others but it wont. It gives the error "Logon server unavaible." Server A in Forrest B is the main server not C. So to me it doesnt make any sence. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:%23txPFFezGHA.4092@TK2MSFTNGP04.phx.gbl... >> Ok here is how it looks and yes DNS Integration is turned on the >> primaries. > what do you mean with this? The DNS is Active Directory Integrated? Are > you sure? > If yes, you only need to check allow zone transfer in each server, FW > defenitions (if any), and that the servers are reachable (for example by > ping). > > > > > -- > I hope that the information above s you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message > news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om... >> Ok here is how it looks and yes DNS Integration is turned on the >> primaries. >> >> Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary >> >> Forrest B --- Server A --- DNS Primary with Forrest A Secondary >> >> Forrest B --- Server B --- DNS Primary with Forrest A Secondary >> >> Forrest B --- Server C --- DNS Primary with Forrest A Secondary >> >> Forrest A is in 192.168.123.x subnet >> Forrest B with Server A, and C is in 192.168.1.x Subnet >> Forrest B with Server B is in 192.168.18.x Subnet. >> >> There is only one firewall but its not in the path of communication >> between these 3 subnets. They all link up to a Routing Switch. >> >> >> >> >> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >> news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl... >>> Ok. >>> >>>>I believe they are all primary zones. >>> >>> All zones Primary Zones AD Integrated? I'm asking this because you can >>> only have one single standard Primary Zone configured on one server and >>> all other servers that need that Standard Primary Zone will have to be >>> setup with secondary zone. >>> For example (In forest B) if ServerA as a Standard Primary Zone, then >>> ServerB and C would need to have secondary Zones configured. In this >>> scenario If you configure ServerB and C with primary zones, that means >>> that all zones will be independent from each other. >>> You can confirm this on the Zone properties. >>> >>> Assuming that you have Primary Zone AD Integrated: >>> Let me see if I get this right: >>> On Forest A you have a DNS server configured with a Primary Zone >>> Then you add a Secondary zone From ForestB, you configured that >>> secondary Zone to load from ForestB-ServerA,B and C. >>> That Zone only updates when ServerC is online Correct? >>> >>> Check: >>> -Go to ForestA DNS ServerA and right click on that secondary zone and >>> choose properties, on the general tab, confirm that you have the correct >>> IPAddresses for the servers (A,B and C) in ForestB. >>> -Then go to EACH Server in forestB (Server A, B and C), right Click on >>> the Zone choose Zone Transfers Tab, make sure that in EACH server you >>> have the option "Allow Zone Transfers" Selected and the option "Only to >>> the following Servers" and that you have the Correct IPAddress for >>> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB. >>> >>> FW=Firewall, I asked this because if you have those servers (From >>> ForestB) in different locations they might have one Different FW to >>> each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP. >>> >>> Conditional Forwarding (Only in windows 2003): >>> Defines where Specific queries for especific Domains are forwarded, this >>> is a very popular method used in different forests configuration >>> scenario (Note: You can't use Secondary Zones and Conditional Forwarding >>> to the Same Domain in the Same server, you can only use one of both >>> methods in each server). >>> >>> http://technet2.microsoft.com/Window....mspx?mfr=true >>> >>> http://www.windowsnetworking.com/art...rver_2003.html >>> >>> >>> >>> >>> -- >>> I hope that the information above s you >>> >>> Good Luck >>> Jorge Silva >>> MCSA >>> Systems Administrator >>> >>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>> newszHJg.13112$%j7.12508@newssvr29.news.prodigy. net... >>>>I believe they are all primary zones. >>>> All servers are setup to do Zone transfers. >>>> We are not using any forwarders if thats what FW is. >>>> What is conditional forwarding? >>>> >>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... >>>>> Hi >>>>> >>>>> Are you working with Secondary Zones? >>>>> Did you configured Server A,B and C to allow zone transfer? >>>>> Do you have any FW between these servers? >>>>> >>>>> Why don't you use Conditional Forwarding? >>>>> >>>>> -- >>>>> I hope that the information above s you >>>>> >>>>> Good Luck >>>>> Jorge Silva >>>>> MCSA >>>>> Systems Administrator >>>>> >>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >>>>>> Here is a setup of our current system. >>>>>> >>>>>> Forrest A ---- Domain A ---- Server A >>>>>> >>>>>> Forrest B ---- Domain A ----Server A (main server), B, and C. >>>>>> >>>>>> Forrest A keeps having trouble with the DNS staying updated. When it >>>>>> tries to replicate the zone info it gets an error "Unable to locate a >>>>>> logon server." The server Forrest A wants is Server C in Forrest B. >>>>>> Question is why doesnt Server A or B answer the request? Also is >>>>>> there a way to make it look for Server A instead of C? >>>>>> We rebooted Server C and it works fine for now, but what will happen >>>>>> if C dies and goes offline permanatly? We could really appreciate >>>>>> some here. Thanks. >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >

01/09/2006, 21h23	#8
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking well this wierd... The secondary zone will transfer normally if one of the Name Servers is down. - Can you please confirm that in DNS Server in Forest A Secondary Zone you have NS records for SrvA,B and C from ForestB? - also confirm the SOA record (I think that must be to ServerC). -When you shutdown the serverC, run dnscmd /clearcache, and ipconfig /flushdns, then restart the DNS server on ForestA does the same behavior happens? -What errors are you seeing in DNS event Viewer? - If everything Ok then if you can, do a test. On ServerA in Forest A -Delete the secondary zone. -IMPORTANT -> Go to System32\DNS and delete the zone that refers to this secondary zone. -Restart DNS service. -Recriate the Secondary Zone, but don't use the ServerC From ForestB, use only ServerA and B From ForestB. -After the Zone has been loaded, check the SOA owner. -Manually create a A record in the DNS Zone (on ServerA or B) , then go to ServerA (ForestA), and choose transfer from master, see if updates. -Then shutdown one of the servers (A or B), make a new change and choose transfer from master, see if iot works. I want to you, but I never saw something familiar with this, In my expirience Secondary Zones always worked fine with no problems. I also searched on web but I didn't found anything similar to this. Zone transfers from a secondary DNS server fail http://technet2.microsoft.com/Window....mspx?mfr=true Troubleshooting zone problems http://technet2.microsoft.com/Window....mspx?mfr=true -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message news:AyZJg.333$MF1.170@newssvr25.news.prodigy.net. .. > Yes they are AD Integrated. Yes we told each server to allow zone > transfers to each other. There is no FW in the way of transfers. > > Whats happening however is the DNS server in Forrest A has decided the > only Server it will use for authentication is Server C in Forrest B. If C > is unavailable it will not do zone transfers and it breaks the link > therefore causing havoc. It is my understanding that if C is unavailable > then it should transfer with the others but it wont. It gives the error > "Logon server unavaible." Server A in Forrest B is the main server not C. > So to me it doesnt make any sence. > > "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message > news:%23txPFFezGHA.4092@TK2MSFTNGP04.phx.gbl... >>> Ok here is how it looks and yes DNS Integration is turned on the >>> primaries. >> what do you mean with this? The DNS is Active Directory Integrated? Are >> you sure? >> If yes, you only need to check allow zone transfer in each server, FW >> defenitions (if any), and that the servers are reachable (for example by >> ping). >> >> >> >> >> -- >> I hope that the information above s you >> >> Good Luck >> Jorge Silva >> MCSA >> Systems Administrator >> >> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >> news:U7WJg.20027$kO3.9100@newssvr12.news.prodigy.c om... >>> Ok here is how it looks and yes DNS Integration is turned on the >>> primaries. >>> >>> Forrest A --- Server A---DNS Primary with Forrest B DNS Secondary >>> >>> Forrest B --- Server A --- DNS Primary with Forrest A Secondary >>> >>> Forrest B --- Server B --- DNS Primary with Forrest A Secondary >>> >>> Forrest B --- Server C --- DNS Primary with Forrest A Secondary >>> >>> Forrest A is in 192.168.123.x subnet >>> Forrest B with Server A, and C is in 192.168.1.x Subnet >>> Forrest B with Server B is in 192.168.18.x Subnet. >>> >>> There is only one firewall but its not in the path of communication >>> between these 3 subnets. They all link up to a Routing Switch. >>> >>> >>> >>> >>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>> news:O$2DzXVzGHA.4932@TK2MSFTNGP02.phx.gbl... >>>> Ok. >>>> >>>>>I believe they are all primary zones. >>>> >>>> All zones Primary Zones AD Integrated? I'm asking this because you can >>>> only have one single standard Primary Zone configured on one server and >>>> all other servers that need that Standard Primary Zone will have to be >>>> setup with secondary zone. >>>> For example (In forest B) if ServerA as a Standard Primary Zone, then >>>> ServerB and C would need to have secondary Zones configured. In this >>>> scenario If you configure ServerB and C with primary zones, that means >>>> that all zones will be independent from each other. >>>> You can confirm this on the Zone properties. >>>> >>>> Assuming that you have Primary Zone AD Integrated: >>>> Let me see if I get this right: >>>> On Forest A you have a DNS server configured with a Primary Zone >>>> Then you add a Secondary zone From ForestB, you configured that >>>> secondary Zone to load from ForestB-ServerA,B and C. >>>> That Zone only updates when ServerC is online Correct? >>>> >>>> Check: >>>> -Go to ForestA DNS ServerA and right click on that secondary zone and >>>> choose properties, on the general tab, confirm that you have the >>>> correct IPAddresses for the servers (A,B and C) in ForestB. >>>> -Then go to EACH Server in forestB (Server A, B and C), right Click on >>>> the Zone choose Zone Transfers Tab, make sure that in EACH server you >>>> have the option "Allow Zone Transfers" Selected and the option "Only to >>>> the following Servers" and that you have the Correct IPAddress for >>>> ServerA In ForestA, this has to be done in EACH DNS Server in ForestB. >>>> >>>> FW=Firewall, I asked this because if you have those servers (From >>>> ForestB) in different locations they might have one Different FW to >>>> each, and that FW might prevent Zone transfer. Check Ports 53 TCP/UDP. >>>> >>>> Conditional Forwarding (Only in windows 2003): >>>> Defines where Specific queries for especific Domains are forwarded, >>>> this is a very popular method used in different forests configuration >>>> scenario (Note: You can't use Secondary Zones and Conditional >>>> Forwarding to the Same Domain in the Same server, you can only use one >>>> of both methods in each server). >>>> >>>> http://technet2.microsoft.com/Window....mspx?mfr=true >>>> >>>> http://www.windowsnetworking.com/art...rver_2003.html >>>> >>>> >>>> >>>> >>>> -- >>>> I hope that the information above s you >>>> >>>> Good Luck >>>> Jorge Silva >>>> MCSA >>>> Systems Administrator >>>> >>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>>> newszHJg.13112$%j7.12508@newssvr29.news.prodigy. net... >>>>>I believe they are all primary zones. >>>>> All servers are setup to do Zone transfers. >>>>> We are not using any forwarders if thats what FW is. >>>>> What is conditional forwarding? >>>>> >>>>> "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message >>>>> news:eJ9dCKQzGHA.4816@TK2MSFTNGP06.phx.gbl... >>>>>> Hi >>>>>> >>>>>> Are you working with Secondary Zones? >>>>>> Did you configured Server A,B and C to allow zone transfer? >>>>>> Do you have any FW between these servers? >>>>>> >>>>>> Why don't you use Conditional Forwarding? >>>>>> >>>>>> -- >>>>>> I hope that the information above s you >>>>>> >>>>>> Good Luck >>>>>> Jorge Silva >>>>>> MCSA >>>>>> Systems Administrator >>>>>> >>>>>> "Chris Peikert" <c.peikert@co.matagorda.tx.us> wrote in message >>>>>> news:palJg.4478$yO7.3130@newssvr14.news.prodigy.co m... >>>>>>> Here is a setup of our current system. >>>>>>> >>>>>>> Forrest A ---- Domain A ---- Server A >>>>>>> >>>>>>> Forrest B ---- Domain A ----Server A (main server), B, and C. >>>>>>> >>>>>>> Forrest A keeps having trouble with the DNS staying updated. When it >>>>>>> tries to replicate the zone info it gets an error "Unable to locate >>>>>>> a logon server." The server Forrest A wants is Server C in Forrest >>>>>>> B. Question is why doesnt Server A or B answer the request? Also is >>>>>>> there a way to make it look for Server A instead of C? >>>>>>> We rebooted Server C and it works fine for now, but what will happen >>>>>>> if C dies and goes offline permanatly? We could really appreciate >>>>>>> some here. Thanks. >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >

02/09/2006, 02h14	#9
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Chris Peikert wrote: > Yes they are AD Integrated. Yes we told each server to allow zone > transfers > to each other. There is no FW in the way of transfers. If all the zones are AD integrated, zone transfers have no function, an ADI zone in Forest A will not replicate to Forest B. You would have to create a Secondary of Forest A zones on Forest B DNS. Instead of using Secondary zones, you should use conditional forwarding for the zones in other forests. Alternately you can use stub zones but conditional forwarders don't have to rely on any transfer of records. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

02/09/2006, 11h36	#10
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Hi Kevin > If all the zones are AD integrated, zone transfers have no function, an > ADI > zone in Forest A will not replicate to Forest B. You would have to create > a > Secondary of Forest A zones on Forest B DNS. > Instead of using Secondary zones, you should use conditional forwarding > for > the zones in other forests. Alternately you can use stub zones but > conditional forwarders don't have to rely on any transfer of records. That's true and I agree, and that's why I recommended Conditional Forwarding, What is weird beside that is that zone transfer should be working... Right? -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:OdUGj0izGHA.2208@TK2MSFTNGP03.phx.gbl... > Chris Peikert wrote: >> Yes they are AD Integrated. Yes we told each server to allow zone >> transfers >> to each other. There is no FW in the way of transfers. > > If all the zones are AD integrated, zone transfers have no function, an > ADI > zone in Forest A will not replicate to Forest B. You would have to create > a > Secondary of Forest A zones on Forest B DNS. > Instead of using Secondary zones, you should use conditional forwarding > for > the zones in other forests. Alternately you can use stub zones but > conditional forwarders don't have to rely on any transfer of records. > > > > > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > >

02/09/2006, 15h58	#11
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Jorge Silva wrote: > Hi Kevin > >> If all the zones are AD integrated, zone transfers have no function, >> an ADI >> zone in Forest A will not replicate to Forest B. You would have to >> create a >> Secondary of Forest A zones on Forest B DNS. >> Instead of using Secondary zones, you should use conditional >> forwarding for >> the zones in other forests. Alternately you can use stub zones but >> conditional forwarders don't have to rely on any transfer of records. > > That's true and I agree, and that's why I recommended Conditional > Forwarding, > What is weird beside that is that zone transfer should be working... > Right? If he were using Secondary zones that might, but he has stated he has no secondary zones. All are Primary ADI zones. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

02/09/2006, 16h15	#12
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking -Hooo... my God I think I need some clarification here.... Maybe I'm confused... -But I though his problem was that he configured a Secondary Zone on his ForestA for the existent Primary Zone on ForestB!!! -Is this not correct? -And the Problem was that although he had configured that Secondary Zone to load from 3 different Servers (that have the Primary AD Integrated), when one of the servers (ServerC) is shutdown the zone fails to load from the other two available servers!!! -Is this wrong? I'm not trying to say what is best for this scenerio, all I'm trying to say is that in any case (if correct configurations) the secondary zone should transfer.... -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:eg$Q7AqzGHA.4312@TK2MSFTNGP02.phx.gbl... > Jorge Silva wrote: >> Hi Kevin >> >>> If all the zones are AD integrated, zone transfers have no function, >>> an ADI >>> zone in Forest A will not replicate to Forest B. You would have to >>> create a >>> Secondary of Forest A zones on Forest B DNS. >>> Instead of using Secondary zones, you should use conditional >>> forwarding for >>> the zones in other forests. Alternately you can use stub zones but >>> conditional forwarders don't have to rely on any transfer of records. >> >> That's true and I agree, and that's why I recommended Conditional >> Forwarding, >> What is weird beside that is that zone transfer should be working... >> Right? > > If he were using Secondary zones that might, but he has stated he has no > secondary zones. All are Primary ADI zones. > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > >

06/09/2006, 21h39	#13
Chris Peikert Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a secondary zone for each DNS server in Forrest B and vise versa for Forrest B. Just like the diagram i made earlier in the discussions. The problem is for some odd reason the Secondary zones tend to break if the one server that Server A in Forrest A wants goes offline. I do not know much about conditional forwarding or how to do it instead of Secondary Zones. I am lucky to get DNS working period. "Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message news:%233GVWKqzGHA.4452@TK2MSFTNGP05.phx.gbl... > -Hooo... my God I think I need some clarification here.... Maybe I'm > confused... > > -But I though his problem was that he configured a Secondary Zone on his > ForestA for the existent Primary Zone on ForestB!!! > > -Is this not correct? > > -And the Problem was that although he had configured that Secondary Zone > to load from 3 different Servers (that have the Primary AD Integrated), > when one of the servers (ServerC) is shutdown the zone fails to load from > the other two available servers!!! > > -Is this wrong? > > > > I'm not trying to say what is best for this scenerio, all I'm trying to > say is that in any case (if correct configurations) the secondary zone > should transfer.... > > > > -- > I hope that the information above s you > > Good Luck > Jorge Silva > MCSA > Systems Administrator > > "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message > news:eg$Q7AqzGHA.4312@TK2MSFTNGP02.phx.gbl... >> Jorge Silva wrote: >>> Hi Kevin >>> >>>> If all the zones are AD integrated, zone transfers have no function, >>>> an ADI >>>> zone in Forest A will not replicate to Forest B. You would have to >>>> create a >>>> Secondary of Forest A zones on Forest B DNS. >>>> Instead of using Secondary zones, you should use conditional >>>> forwarding for >>>> the zones in other forests. Alternately you can use stub zones but >>>> conditional forwarders don't have to rely on any transfer of records. >>> >>> That's true and I agree, and that's why I recommended Conditional >>> Forwarding, >>> What is weird beside that is that zone transfer should be working... >>> Right? >> >> If he were using Secondary zones that might, but he has stated he has no >> secondary zones. All are Primary ADI zones. >> >> -- >> Best regards, >> Kevin D. Goodknecht Sr. [MVP] >> Hope This s >> =================================== >> When responding to posts, please "Reply to Group" >> via your newsreader so that others may learn and >> benefit from your issue, to respond directly to >> me remove the nospam. from my email address. >> =================================== >> http://www.lonestaramerica.com/ >> http://support.wftx.us/ >> http://message.wftx.us/ >> =================================== >> Use Outlook Express?... Get OE_Quotefix: >> It will strip signature out and more >> http://home.in.tum.de/~jain/software/oe-quotefix/ >> =================================== >> Keep a back up of your OE settings and folders >> with OEBackup: >> http://www.oe.com/OEBackup/Default.aspx >> =================================== >> >> > > >

07/09/2006, 04h12	#14
Kevin D. Goodknecht Sr. [MVP] Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Chris Peikert wrote: > Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a > secondary zone for each DNS server in Forrest B and vise versa for > Forrest B. Just like the diagram i made earlier in the discussions. > The problem is for some odd reason the Secondary zones tend to break > if the one server that Server A in Forrest A wants goes offline. I do > not know much about conditional forwarding or how to do it instead of > Secondary Zones. I am lucky to get DNS working period. If the Primary goes offline, it starts a countdown clock on the secondary, when the Expire time on the SOA record expires, the zone expires and will no longer answer with authority. By default the Expire time on a MS DNS Server's zone is 1 day. Meaning, if the link breaks you have less than one day to fix it, depending on when the last time the secondary refreshed its data. If you're running secondary zones I'd recommend increasing the Expire time to 2 weeks, the RFC recommended expire time is 2 to 4 weeks for public zones. -- Best regards, Kevin D. Goodknecht Sr. [MVP] Hope This s =================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from your issue, to respond directly to me remove the nospam. from my email address. =================================== http://www.lonestaramerica.com/ http://support.wftx.us/ http://message.wftx.us/ =================================== Use Outlook Express?... Get OE_Quotefix: It will strip signature out and more http://home.in.tum.de/~jain/software/oe-quotefix/ =================================== Keep a back up of your OE settings and folders with OEBackup: http://www.oe.com/OEBackup/Default.aspx ===================================

07/09/2006, 10h59	#15
Jorge Silva Messages: n/a Hébergeur:	Re: with Zone tranfers keep breaking Ok, Kevin I agree with you but the problem is that he only have problems when ServerC is down and that shouldn't be a problem, because you can refresh from other available secondary. -- I hope that the information above s you Good Luck Jorge Silva MCSA Systems Administrator "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message news:eBEK8ti0GHA.4016@TK2MSFTNGP02.phx.gbl... > Chris Peikert wrote: >> Hell yall got me confused now. Uhhh. Yea Forrest A DNS has a >> secondary zone for each DNS server in Forrest B and vise versa for >> Forrest B. Just like the diagram i made earlier in the discussions. >> The problem is for some odd reason the Secondary zones tend to break >> if the one server that Server A in Forrest A wants goes offline. I do >> not know much about conditional forwarding or how to do it instead of >> Secondary Zones. I am lucky to get DNS working period. > > If the Primary goes offline, it starts a countdown clock on the secondary, > when the Expire time on the SOA record expires, the zone expires and will > no > longer answer with authority. By default the Expire time on a MS DNS > Server's zone is 1 day. Meaning, if the link breaks you have less than one > day to fix it, depending on when the last time the secondary refreshed its > data. > If you're running secondary zones I'd recommend increasing the Expire time > to 2 weeks, the RFC recommended expire time is 2 to 4 weeks for public > zones. > > -- > Best regards, > Kevin D. Goodknecht Sr. [MVP] > Hope This s > =================================== > When responding to posts, please "Reply to Group" > via your newsreader so that others may learn and > benefit from your issue, to respond directly to > me remove the nospam. from my email address. > =================================== > http://www.lonestaramerica.com/ > http://support.wftx.us/ > http://message.wftx.us/ > =================================== > Use Outlook Express?... Get OE_Quotefix: > It will strip signature out and more > http://home.in.tum.de/~jain/software/oe-quotefix/ > =================================== > Keep a back up of your OE settings and folders > with OEBackup: > http://www.oe.com/OEBackup/Default.aspx > =================================== > >