DNS zones help!

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

I have been stuffed into sorting out a DNS problem (no one at work has dns experience).

I set up a new server for new remote site, DC, DNS, DHCP.... It all works swimmingly (forward (AD int), reverse zones) and is in the live network.

I have a problem at the main site, I have had to move DNS to another machine which is not a DC as the origional one was decommisioned.

I can not turn the new dns server into a dc as it is the file and print server.

Basically the new dns server at the main site is not getting its forward look up zone updated (i origionally copied the AD zone but making the main site dns a secondary zone) with machines that are added to the new remote sites forward look up zone (AD).

I am also having a problem with the reverse look up zone updating at the main site updating from the remote sites reverse look up zones.

Thank you if you can help!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

have you added the servers into the zone transfers tab of the zone seeing as how they are not AD intergrated?

Jiggy

 

Thanks for the reply,

Forgot to mention I set on one of the AD intergrated dns servers, the zone transfer set to "only to server listed on the name servers tab" of which the main site dns server is one.

On Ad intergrated forward look up zones i have 401 records on the main site dns i have 332 (was 392 last night) but i have set DHCP update DNS according to the leases it makes/looses.

 

Hold fire! It suddenly has the same amount of records as the AD intergrated zones. *shrugs* maybe the zone transfer only transfer the records that server made ? Or maybe im just being impatient... either way i can ping the touchscreens at the remote site now by dns!

 

hang on...Im getting confused here....is the zone that you have in the main office a secondary zone or a primary zone?

 

sorry for the confusion, for the record.

remote: ad intergrated, zone transfers

main: primary.

other remote site: ad intergrated, zone transfers

 

well now Im confused....I cant see how an AD zone will replicate to another primary, non AD zone??? My understanding was an AD zone will replicated to another AD zone or a secondary zone but not a primary zone (which makes sense to me). Are you sure the zone at the main site is a primary? Can you manually add a record into the zone at the main site and see if it replicates? Hmmm, maybe I am wrong as you seem certain on the layout / design of your DNS servers....

"wanders off to do some googling on AD"

 

ok its not working... Just to check

(im learning dns as i go.. which is a bad idea)

on the main site i join a computerA to the network and it registers in DNS.
When the main site dns gets a zone transfer it will overwrite the whole zone and so computerA wont be in the forward look up zone?
The reverse lookup zone for the subnet the computer joins does not get any zone transfers so computerA would still be listed in the reverse lookup zone?

On the dns im looking at i have e.g. computerA in the reverse lookup zone (automaticaly generated by DHCP) but it is not in the forward lookup zone.

 

yeah, if Im understanding what you are doing correctly I cant see how it would work. An AD integrated zone will not update a standard primary zone. Im pretty sure you will either need do have another DC in the main office with an AD zone setup or you will have to use a secondary zone in the main office. Alternatively you could have no AD int zones and have a single primary zone at the main office and secondarys at the remote offices (prob not a good idea).

Jiggy

 

hey sparky, maybe you could enlighten me as to how this will work as it has been bugging me all day. If he does not have an AD server at the main office (from what I understand the only AD servers are at remote offices), how will the DNS server that he has there get updated? I cant see how an AD DNS intg zone will update a primary zone that is not AD intg.

Not saying you are wrong at all, probably right but could you explain it to me as, if it does work, then Im missing something.

Thanks

Jiggy.

 

thanks for the reply Sparky....what you have said makes sense to me and was how I understood it. My problem with the scenario was that if it started out as a secondary zone and then (presumably) changed to a primary zone...how would it ever replicate??? Surely it would be a different zone as it never came from the AD zone properly in the first case as even though the records were the same, it was still only a secondary zone.

I suspect that some wires have been crossed somewhere on this one (probably mine). I think its time to go in search of a Friday night pint

Jiggy.

 

How can you replicate a AD Integrated Zone to a server with No Active Directory?
AD Integrated Zones must be replicated to and from Domain Controllers running DNS do they not?

 

You need to deploy a new DC at the main site, install DNS, and once you have the zone set to replicate to 'All DNS servers in the Active Directory forest’ like Sparky said, your main site will have full, AD replicated DNS.

 

Bah, I have to go back and do some reading then.
From my understanding, Active Directory Integrated zones are stored within the Active Directory Database. The only servers with an active directory database are domain controllers, therefore AD integrated zones can only be replicated between Domain controllers running DNS.

If you can somehow replicate AD zone data to a non AD server, that's something they did not cover in my training kit.
Now standard primary and secondary zones, can be put on any server regardless of it being a DC or not.

 

Seems i sparked some questions

for the record the main site has a DC (mailserver) and the DNS is installed on the f+p server. All sites are part of the same namespace and domain. Yer i know this is a stupid set up, its giving me a stupid headache...

Well i talked to our support company and confused the hell out of the helpdesk person... *shrugs* got a call back from senior support. They confirmed that the main site dns zone would not update the AD zone, but didnt confirm whether a zone transfer syncs the information or overwrites it. All that was agreed i need to nag my boss to make the f+p server a DC otherwise its going to be a world of pain..... It was my boss and colleage who agreed to install it like this to make this mess in the first place!!!! argh....

Also, you can only make DNS have an AD intergrated zone if its on a DC and i didnt notice an option on another site which has a win2000 server as DC and DNS to make that an AD intergrated zone and auto update without having to enter the name servers.