This makes no sense to me. When I follow this guidance I end up with
different Reverse zones on the servers than exist on the PDC which was the
first DNS server. The DNS system is Active Directory Integrated.

I end up with a separate zone for each of the subnets, not the same folder
and subfolder structure as the Reverse zones in the PDC.

I am totally confused here.

dave


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:%23FjGm03MGHA.2916@tk2msftngp13.phx.gbl...
>
> In news:u26UcqzMGHA.2012@TK2MSFTNGP14.phx.gbl,
> dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
>> Network is Server2003, SP1. Three DNS servers,
>> ActiveDirectory-Integrated. One in each location, each being a
>> different subnet. Only the first DNS server established has the
>> reverse lookup zones for the three subnets, 192.168.151.0,
>> 192.168.189.0, and 192.168.160.0. Every time I try to manually add
>> these to the Reverse Lookup Zones on the DNS servers using the wizard
>> it does not come out right. On the first DNS server I have
>> 192.in-addr.arpa. Under that I have a folder for 168 and under that
>> the folders for each of the three subnets.
>> How do I get these Reverse lookup zones setup correctly.?????
>>
>> dave Admin (but not DNS smart)
>
> Right-click Reverse Lookup Zones, New, for each, type in:
> 192.168.151
> 192.168.160
> 192.168.189
>
> next next, choose zone type (Primary or AD Integrated), finish. If these
> are DCs, I would choose AD Integrated.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Having difficulty reading or finding responses to your post?
> Instead of the website you're using, I suggest to use OEx (Outlook Express
> or any other newsreader), and configure a news account, pointing to
> news.microsoft.com. This is a direct link to the Microsoft Public
> Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows
> you to easily find, track threads, cross-post, sort by date, poster's
> name, watched threads or subject.
>
> Not sure how? It's easy:
> How to Configure OEx for Internet News
> http://support.microsoft.com/?id=171164
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Assimilation Imminent. Resistance is Futile.
> Infinite Diversities in Infinite Combinations.
>
> The only thing in life is change. Anything more is a blackhole consuming
> unnecessary energy.
> ===========================
>
>
>
>

In news:up7g5J$NGHA.532@TK2MSFTNGP15.phx.gbl,
dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
> This makes no sense to me. When I follow this guidance I end up with
> different Reverse zones on the servers than exist on the PDC which
> was the first DNS server. The DNS system is Active Directory
> Integrated.
> I end up with a separate zone for each of the subnets, not the same
> folder and subfolder structure as the Reverse zones in the PDC.
>
> I am totally confused here.
>
> dave

I am assuming the DCs are all in the same domain and that you are having NO
problems with AD replication. If you have Sites configured, youwill need to
wait for the site schedule to run for replication happen before you see it
on the other servers. If you are trying to add a zone on one machine, and
the zone exists elsewhere, it will look at it as a conflict and not show up
or just see the old one. The rule with AD Integrated zones is create them on
ONE domain controller, make sure DNS is installed on the other DCs, and the
zone will magically appear (with due patience) after replication happens. If
you are trying to beat the system, that can cause issues.

The method I described will give you the separate zones you want. You may
need to delete all of them and wait for replication to occur so the deletion
is seen by all DCs, then try again. If you are still having problems, I
would use ADSI Edit to check the DomainNC container to see if there is a
conflicting zone signified by a CNF_ prefix. Delete them if they exist and
start from scratch.

Ace

Ace,

Thanks for the , I opened ADSIEDIT but was totally unable to locate
anything like a "DomainNC" container??

Please advise where this might be.

Are you suggesting I delete the reverse lookup zones on the PDC and then
recreate them??

dave Admin


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:uwX8OAEOGHA.2992@tk2msftngp13.phx.gbl...
>
> In news:up7g5J$NGHA.532@TK2MSFTNGP15.phx.gbl,
> dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
>> This makes no sense to me. When I follow this guidance I end up with
>> different Reverse zones on the servers than exist on the PDC which
>> was the first DNS server. The DNS system is Active Directory
>> Integrated.
>> I end up with a separate zone for each of the subnets, not the same
>> folder and subfolder structure as the Reverse zones in the PDC.
>>
>> I am totally confused here.
>>
>> dave
>
> I am assuming the DCs are all in the same domain and that you are having
> NO problems with AD replication. If you have Sites configured, youwill
> need to wait for the site schedule to run for replication happen before
> you see it on the other servers. If you are trying to add a zone on one
> machine, and the zone exists elsewhere, it will look at it as a conflict
> and not show up or just see the old one. The rule with AD Integrated zones
> is create them on ONE domain controller, make sure DNS is installed on the
> other DCs, and the zone will magically appear (with due patience) after
> replication happens. If you are trying to beat the system, that can cause
> issues.
>
> The method I described will give you the separate zones you want. You may
> need to delete all of them and wait for replication to occur so the
> deletion is seen by all DCs, then try again. If you are still having
> problems, I would use ADSI Edit to check the DomainNC container to see if
> there is a conflicting zone signified by a CNF_ prefix. Delete them if
> they exist and start from scratch.
>
> Ace
>
>

In news:%232aPbH8OGHA.916@TK2MSFTNGP10.phx.gbl,
dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
> Ace,
>
> Thanks for the , I opened ADSIEDIT but was totally unable to
> locate anything like a "DomainNC" container??
>
> Please advise where this might be.
>
> Are you suggesting I delete the reverse lookup zones on the PDC and
> then recreate them??
>
> dave Admin

Since this is 2003, you have to add the context for each partition you want
to see. This will explain it:

kbAlertz- (867464) - Explains how to use ADSI Edit to resolve a replication
scope conflict.:
http://www.kbalertz.com/kb_867464.aspx

Ace

Ace.

This is interesting. The article relates to an event ID in the DNS server
log. The DNS server log on the server with this issue is empty, there are
no entries. I double-checked the properties and DNS is setup to record a
log for ALL events. There are also no error events in the DNS Event Viewer.

dave


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:uwagHPBPGHA.1832@TK2MSFTNGP11.phx.gbl...
>
> In news:%232aPbH8OGHA.916@TK2MSFTNGP10.phx.gbl,
> dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
>> Ace,
>>
>> Thanks for the , I opened ADSIEDIT but was totally unable to
>> locate anything like a "DomainNC" container??
>>
>> Please advise where this might be.
>>
>> Are you suggesting I delete the reverse lookup zones on the PDC and
>> then recreate them??
>>
>> dave Admin
>
> Since this is 2003, you have to add the context for each partition you
> want to see. This will explain it:
>
> kbAlertz- (867464) - Explains how to use ADSI Edit to resolve a
> replication scope conflict.:
> http://www.kbalertz.com/kb_867464.aspx
>
> Ace
>
>

In news:uy8CM6HPGHA.812@TK2MSFTNGP10.phx.gbl,
dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
> Ace.
>
> This is interesting. The article relates to an event ID in the DNS
> server log. The DNS server log on the server with this issue is
> empty, there are no entries. I double-checked the properties and DNS
> is setup to record a log for ALL events. There are also no error
> events in the DNS Event Viewer.
> dave

Hmm, I wouldn't necessarily go with whether a log entry is recorded or not
if there are dupes in the zone. Matter of fact, one time I saw the error
popup on the screen when I attempted to change the replication scope of a
zone for a person who needed hel with this. The error showed up as "Name you
are attempting on the network interface it too long". (Close if not exact).
I just stared at that trying to make heads or tails out of it. I looked in
the Event viewer and it showed nothing regarding this thing. I then looked
into ADSIEdit for the DomainNC, DomainDnsZones and ForestDnsZones
application partition, and that's when I saw there were dupes and a bunch of
CNFs. I simply change the zone to non-AD integrated, forced all DCs to
replicate, then deleted ALL the CNFs I found, then reset it to AD integrated
and set the scope I wanted and it worked.

I thought this may be the issue you are seeing and is why I suggested to use
ADSI Edit to at least double check it.

Ace

Ace,

That is interesting and apparently not the issue I had. Finally solved the
ID ten T ( idiot) award. On a tech support site I posted the same issue and
it was suggested that while I had setup the forward zones as AD Integrated
perhaps I had not setup the reverse zones as AD Integrated. I had not, I
had assumed (that's where the idiot comes in) that DNS was either AD
Integrated or not, I now know that is not true. Once I changed the Reverse
zone to AD Integrated and waited overnight for replication, both my problems
disappeared, the Reverse Zones are properly replicating to all DNS servers
and the dynamic updates are no longer "pending" in the DNS tab of DHCP for
the DNS servers that had no reverse zones.

Thanks for all the input, I've learned much

dave Admin


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:uwQSdiOPGHA.1460@TK2MSFTNGP10.phx.gbl...
>
> In news:uy8CM6HPGHA.812@TK2MSFTNGP10.phx.gbl,
> dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
>> Ace.
>>
>> This is interesting. The article relates to an event ID in the DNS
>> server log. The DNS server log on the server with this issue is
>> empty, there are no entries. I double-checked the properties and DNS
>> is setup to record a log for ALL events. There are also no error
>> events in the DNS Event Viewer.
>> dave
>
> Hmm, I wouldn't necessarily go with whether a log entry is recorded or not
> if there are dupes in the zone. Matter of fact, one time I saw the error
> popup on the screen when I attempted to change the replication scope of a
> zone for a person who needed hel with this. The error showed up as "Name
> you are attempting on the network interface it too long". (Close if not
> exact). I just stared at that trying to make heads or tails out of it. I
> looked in the Event viewer and it showed nothing regarding this thing. I
> then looked into ADSIEdit for the DomainNC, DomainDnsZones and
> ForestDnsZones application partition, and that's when I saw there were
> dupes and a bunch of CNFs. I simply change the zone to non-AD integrated,
> forced all DCs to replicate, then deleted ALL the CNFs I found, then reset
> it to AD integrated and set the scope I wanted and it worked.
>
> I thought this may be the issue you are seeing and is why I suggested to
> use ADSI Edit to at least double check it.
>
> Ace
>
>

In news:eQdE1JgPGHA.2704@TK2MSFTNGP15.phx.gbl,
dave Admin <dmackler@mds.acsol.net> stated, which I commented on below:
> Ace,
>
> That is interesting and apparently not the issue I had. Finally
> solved the ID ten T ( idiot) award. On a tech support site I posted
> the same issue and it was suggested that while I had setup the
> forward zones as AD Integrated perhaps I had not setup the reverse
> zones as AD Integrated. I had not, I had assumed (that's where the
> idiot comes in) that DNS was either AD Integrated or not, I now know
> that is not true. Once I changed the Reverse zone to AD Integrated
> and waited overnight for replication, both my problems disappeared,
> the Reverse Zones are properly replicating to all DNS servers and the
> dynamic updates are no longer "pending" in the DNS tab of DHCP for
> the DNS servers that had no reverse zones.
> Thanks for all the input, I've learned much
>
> dave Admin

Hmm, well at least I'm glad you posted that. I wouldn't have realized you
didn't make it AD Integrated, and has assumed so. That was one of the steps
I mentioned as an option way back in the thread.

Glad you figured it out. Curious, what tech site did you post in?

Ace