Skip to main content

DNS Servers not replicating

More
14 years 11 months ago #32968 by FlipRich
I have 3 DNS servers on a domain. Two of them are DC's (although I heard it's not common practice to have DC's as DNS servers) and 1 used to be a DC but has been demoted for over a year now.

The two DC's have matching DNS records but the third one (which used to be a pri. DNS srvr) has outdated records and is not updating. How can I get this server to dynamically update it's records with the other two servers?

FYI, we only use one zone.

Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
More
14 years 11 months ago #32969 by KiLLaBeE
Please confirm my assumption:

The two DCs have Active Directory Integrated DNS (which would explain why they're replicating)

The third DC (that used to be a pri. DNS server) is now a secondary DNS server and has the two other DCs set as its masters.

Am I correct or is the configuration different?

Also, how's your zone transfer settings setup on the DCs?
More
14 years 11 months ago #33011 by FlipRich
--- "The two DCs have Active Directory Integrated DNS (which would explain why they're replicating)"

Yes. One of DC's is now a primary and the other is tertriary. The non-AD server (the one that has mismatched dns records) is the secondary.



--- "Am I correct or is the configuration different?"

Instead of telling you about the past setups, I'll lesson the confusion and let you how it is setup now...

-- Pri. DNS is server is a DC and DNS records are good
-- Sec. DNS server is not a DC and the records are outdated
-- Tert. DNS server is a DC and the DNS records are good.

"Also, how's your zone transfer settings setup on the DCs?"

The only zone transfer i have setup is from the Pri. to the Sec. I assumed I had to do that since the Sec. is not a DC.

Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
More
14 years 11 months ago #33015 by KiLLaBeE

"Also, how's your zone transfer settings setup on the DCs?"

The only zone transfer i have setup is from the Pri. to the Sec. I assumed I had to do that since the Sec. is not a DC.


On the primary DNS server, right-click the zone that you want replicated and choose Properties. Click the Zone Transfers tab and verify that you have that setup correctly:

If the secondary DNS server is listed in the Name Servers tab, then select the option here for "Only to servers listed on the Name Servers tab." If you have the zone setup to just replicate to specific IP addresses, then enter that server's IP address in the section right below it. After you do this, click OK.

Then on the secondary DNS server, right-click the zone and choose Transfer from Master. This should force a zone transfer of only the changes (since the sec. dns server's records are outdated, this means everything). If that doesn't work, then right-click the zone again and choose Reload from Master. This will force a zone transfer of everything on the primary to the secondary.

Also, make sure that the secondary zone still points to the primary DNS server. You implied that many changes have occurred...I'm wondering if some kind of misconfiguration in terms of where the server is trying to pull from is the cause.

Let me know if that helps.

Worst case scenario is you having to deleting the secondary zone and recreating it (since it's just a secondary zone, it'll be fine since it'll just be pulling those records again from the primary zone)
More
14 years 11 months ago #33027 by FlipRich
Hell yeah, all that worked. lol. It's all working and replicating now. thanks KillaBeE. I've never setup a DNS server or even did anything other than looking up records before. I just kind of learned whiel messing with it. lol

I got one more question though. I heard it's best practice to use a non-domain controller as a pri. dns server. Is that true? and if i do decide to set the non-dc to the pri. dns server, will the zone still transfer over regularly or will i have to do manual reloads?

Rich
Network Engineer /CCNP, CCNA-S
Tallahassee, FL
More
14 years 11 months ago #33049 by KiLLaBeE
Glad I could help :-D

I've actually heard the opposite -- that in an Active Directory environment, it's best practice to setup the domain controllers as DNS servers and use Active Directory Integrated (AD-I) zones for DNS, and this Microsoft DNS best practices article backs me up: technet.microsoft.com/en-us/library/cc778439(WS.10).aspx

The reason for it is that AD-I zones provide features and benefits that standard primary/secondary DNS zones do not. One of the biggest benefits that it would offer to you would be that the zone records would automatically replicate with standard AD replication. Rather than having to configure a separate secondary zone that pulls from a primary zone, or worry about zone transfer settings (i.e.: which servers to allow zone transfers to, whether to allow zone transfers to any servers, etc), the replication would be handled with standard AD replication (hence the name Active Directory Integrated).

But to answer your question, if you were to make a zone on a separate DNS server the primary, you would just have to change the IP address that the secondary zone points at to the new server, that way the secondary zone knows to pull information from a different source.
Time to create page: 0.130 seconds