Replication failure

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi,
we have a Windows 2000 domain.
The domain has a 'root' server and domain namend xxx. The domain is a single
labeled domain.
We have also am.xxx, as.xxx and eu.xxx domains.
All DCs are patched with the regkey from KB article 300684.
Now we have AD replication problems. And it seems that the root of the
problems are a DNS misconfiguration.
The DNS zone xxx. on the root server is differnt from the one on eg. the
eu.xxx DCs.
The zone will not be replicated to the subdomains.
I don't know what the formely admin has done here. I think he updated the
zone on the subdomains by hand.
All DCs in all subdomains have the root server as first DNS server in their
network properties. Therefore all DCs will register correct to the DNS zone
on the root server, but it will not be replicated.

Any ideas what I can do?

Thanks
Florian

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Florian Schalk <FlorianSchalk@discussions.microsoft.com> wrote:
> Hi,
> we have a Windows 2000 domain.
> The domain has a 'root' server and domain namend xxx. The domain is a
> single labeled domain.
> We have also am.xxx, as.xxx and eu.xxx domains.
> All DCs are patched with the regkey from KB article 300684.
> Now we have AD replication problems. And it seems that the root of the
> problems are a DNS misconfiguration.
> The DNS zone xxx. on the root server is differnt from the one on eg.
> the eu.xxx DCs.
> The zone will not be replicated to the subdomains.
> I don't know what the formely admin has done here. I think he updated
> the zone on the subdomains by hand.
> All DCs in all subdomains have the root server as first DNS server in
> their network properties. Therefore all DCs will register correct to
> the DNS zone on the root server, but it will not be replicated.
>
> Any ideas what I can do?

Under Win2k, DNS replication does not extend past the domain NC partition.
What this means, zones on the root DC/DNS replicate only to DCs in the root
domain, not to any child domains.

You can resolve this by deleting the child subdomains on the root (xxx)
zone, then create delegations named am, as, and eu in the xxx zone, make
these delegations to their respective child DNS servers. Then on all the
child DNS servers forward to the xxx DNS server and check the box "Do not
use recursion" on the child forwarder tab.
An alternate to forwarding the child DNS servers to the root DNS server is
to create a secondary of the xxx (root) zone on all child DNS servers. This
makes all DNS server in all domains capable of resolving all child domains
in addtion to the root domain.


If this were Win2k3 and all DCs were Win2k3, you would set the root domain
zone to replicate to all DNS servers in the forest. But, under Wink2 your
options are limited to my recommendations.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23MHJb%230nFHA.3316@TK2MSFTNGP14.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which I
then commented about below:
> Under Win2k, DNS replication does not extend past the domain NC
> partition. What this means, zones on the root DC/DNS replicate only
> to DCs in the root domain, not to any child domains.
>
> You can resolve this by deleting the child subdomains on the root
> (xxx) zone, then create delegations named am, as, and eu in the xxx
> zone, make these delegations to their respective child DNS servers.
> Then on all the child DNS servers forward to the xxx DNS server and
> check the box "Do not use recursion" on the child forwarder tab.
> An alternate to forwarding the child DNS servers to the root DNS
> server is to create a secondary of the xxx (root) zone on all child
> DNS servers. This makes all DNS server in all domains capable of
> resolving all child domains in addtion to the root domain.
>
>
> If this were Win2k3 and all DCs were Win2k3, you would set the root
> domain zone to replicate to all DNS servers in the forest. But, under
> Wink2 your options are limited to my recommendations.

Kevin, I'm not entirely convinced that all DNS functions properly work with
single label names. 300684 is designed to allow updates into a single label
zone, but DNS is still DNS, which is hierarchal, where a single label name
doesn't have a hierarchy. It will treat the delegation as a TLD delegation.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Ace Fekay [MVP]
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
> In news:%23MHJb%230nFHA.3316@TK2MSFTNGP14.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post,
> which I then commented about below:
>> Under Win2k, DNS replication does not extend past the domain NC
>> partition. What this means, zones on the root DC/DNS replicate only
>> to DCs in the root domain, not to any child domains.
>>
>> You can resolve this by deleting the child subdomains on the root
>> (xxx) zone, then create delegations named am, as, and eu in the xxx
>> zone, make these delegations to their respective child DNS servers.
>> Then on all the child DNS servers forward to the xxx DNS server and
>> check the box "Do not use recursion" on the child forwarder tab.
>> An alternate to forwarding the child DNS servers to the root DNS
>> server is to create a secondary of the xxx (root) zone on all child
>> DNS servers. This makes all DNS server in all domains capable of
>> resolving all child domains in addtion to the root domain.
>>
>>
>> If this were Win2k3 and all DCs were Win2k3, you would set the root
>> domain zone to replicate to all DNS servers in the forest. But, under
>> Wink2 your options are limited to my recommendations.
>
> Kevin, I'm not entirely convinced that all DNS functions properly
> work with single label names. 300684 is designed to allow updates
> into a single label zone, but DNS is still DNS, which is hierarchal,
> where a single label name doesn't have a hierarchy. It will treat the
> delegation as a TLD delegation.

I agree, but Florian is under the assumption that the zone is replicated
from the parent DC to the child DCs.
IT's too bad the root domain is not multi-labeled, but that still won't
change replication.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:e1rsCe5nFHA.3448@TK2MSFTNGP12.phx.gbl,
Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which I
then commented about below:
> Ace Fekay [MVP]
> <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
>> In news:%23MHJb%230nFHA.3316@TK2MSFTNGP14.phx.gbl,
>> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post,
>> which I then commented about below:
>>> Under Win2k, DNS replication does not extend past the domain NC
>>> partition. What this means, zones on the root DC/DNS replicate only
>>> to DCs in the root domain, not to any child domains.
>>>
>>> You can resolve this by deleting the child subdomains on the root
>>> (xxx) zone, then create delegations named am, as, and eu in the xxx
>>> zone, make these delegations to their respective child DNS servers.
>>> Then on all the child DNS servers forward to the xxx DNS server and
>>> check the box "Do not use recursion" on the child forwarder tab.
>>> An alternate to forwarding the child DNS servers to the root DNS
>>> server is to create a secondary of the xxx (root) zone on all child
>>> DNS servers. This makes all DNS server in all domains capable of
>>> resolving all child domains in addtion to the root domain.
>>>
>>>
>>> If this were Win2k3 and all DCs were Win2k3, you would set the root
>>> domain zone to replicate to all DNS servers in the forest. But,
>>> under Wink2 your options are limited to my recommendations.
>>
>> Kevin, I'm not entirely convinced that all DNS functions properly
>> work with single label names. 300684 is designed to allow updates
>> into a single label zone, but DNS is still DNS, which is hierarchal,
>> where a single label name doesn't have a hierarchy. It will treat the
>> delegation as a TLD delegation.
>
> I agree, but Florian is under the assumption that the zone is
> replicated from the parent DC to the child DCs.
> IT's too bad the root domain is not multi-labeled, but that still
> won't change replication.

True. I hope it works for Florian.

Ace

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Thank you both for your answers.
There still exists delegations for eu,as and am on the root DNS. And this
seems to work.
So, can I delete the root DNS zone from the child DCs without any harm?
Maybe the former administrator has copied the zone to the child DCs and they
are not replicated.

greetings
Florian

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

PS.
or maybe first it was a secondery zone and later the administrator has
changed this to an AD integrated zone.
If I understood this right, this can be happend, right?

Florian



"Ace Fekay [MVP]" schrieb:

> In news:e1rsCe5nFHA.3448@TK2MSFTNGP12.phx.gbl,
> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post, which I
> then commented about below:
> > Ace Fekay [MVP]
> > <PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote:
> >> In news:%23MHJb%230nFHA.3316@TK2MSFTNGP14.phx.gbl,
> >> Kevin D. Goodknecht Sr. [MVP] <admin@nospam.WFTX.US> made this post,
> >> which I then commented about below:
> >>> Under Win2k, DNS replication does not extend past the domain NC
> >>> partition. What this means, zones on the root DC/DNS replicate only
> >>> to DCs in the root domain, not to any child domains.
> >>>
> >>> You can resolve this by deleting the child subdomains on the root
> >>> (xxx) zone, then create delegations named am, as, and eu in the xxx
> >>> zone, make these delegations to their respective child DNS servers.
> >>> Then on all the child DNS servers forward to the xxx DNS server and
> >>> check the box "Do not use recursion" on the child forwarder tab.
> >>> An alternate to forwarding the child DNS servers to the root DNS
> >>> server is to create a secondary of the xxx (root) zone on all child
> >>> DNS servers. This makes all DNS server in all domains capable of
> >>> resolving all child domains in addtion to the root domain.
> >>>
> >>>
> >>> If this were Win2k3 and all DCs were Win2k3, you would set the root
> >>> domain zone to replicate to all DNS servers in the forest. But,
> >>> under Wink2 your options are limited to my recommendations.
> >>
> >> Kevin, I'm not entirely convinced that all DNS functions properly
> >> work with single label names. 300684 is designed to allow updates
> >> into a single label zone, but DNS is still DNS, which is hierarchal,
> >> where a single label name doesn't have a hierarchy. It will treat the
> >> delegation as a TLD delegation.
> >
> > I agree, but Florian is under the assumption that the zone is
> > replicated from the parent DC to the child DCs.
> > IT's too bad the root domain is not multi-labeled, but that still
> > won't change replication.
>
> True. I hope it works for Florian.
>
> Ace
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

Florian Schalk <FlorianSchalk@discussions.microsoft.com> wrote:
> Thank you both for your answers.
> There still exists delegations for eu,as and am on the root DNS. And
> this seems to work.
> So, can I delete the root DNS zone from the child DCs without any
> harm? Maybe the former administrator has copied the zone to the child
> DCs and they are not replicated.

You can remove the secondary root domain zone, BUT, only if the child DNS
servers forward to the root DNS and have "Do not use recursion" checked.
Personally, I'd leave the secondary root zone on all the Child DNS servers,
then the child DNS servers may forward to a local ISP DNS for external
queries, instead of across a long WAN link.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

 

[Guest]

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:1D22B979-6F00-4861-9384-10C1B5353920@microsoft.com,
Florian Schalk <FlorianSchalk@discussions.microsoft.com> made this post,
which I then commented about below:
> PS.
> or maybe first it was a secondery zone and later the administrator has
> changed this to an AD integrated zone.
> If I understood this right, this can be happend, right?
>
> Florian

If this is Windows 2003, yes, because AD Integration has an option to
replicate the zone forest-wide.

If Win2000, no, because that option does not exist and AD Integrated zones
exist only in each domain's DomainNC (Domain Name Container, or Domain
partition).

So if the admin changed it to AD Integration in a child domain, and this is
Win2000 or Win2003 with the option to leave it in the DomainNC or
DomainDnsZones partition, then the zone in the child is now an SOA and will
never get updated from the parent zone.

It was probably a secondary.

Ace