Calling all 2003 admins

Toggle sidebar Toggle sidebar
B

bwatson283

Golden Member
Jul 16, 2006
1,062
0
0
I got a issue with making secondary zone. The stub zones will work fine, but the secondary zones fail to load from master. I dont use software firewall, but i use a hardware firewall and both servers are running off the same switch behind the hardware firewall. Both are running 2003, levels are 2003 at the forest and domain. I am running a Parent->Child realtionship.

Parent-> Master DNS for parent
Child->Master for child, set to forward to the Parent DNS. (With or without didn't solve the issue)

I want to make secondary zone for each. I wasn't even able to make stub zones earlier, so i looked into Replmon and it was having a RPC error. I fixed that and now I can make Stub's but not secondary. Replmon now shows no error and that everything is talking fine.

Probably a noob mistake.


 
T

tronsr71

Member
May 19, 2005
56
0
0
Probably a noob response but........

Why not just use active directory integrated zones?

EDIT: ahhhh.... just noticed you need to be studying for 291, like me. :D
 
S

stash

Diamond Member
Jun 22, 2000
5,468
0
0
What options do you have set on the Zone Transfers tab for the zone on the master server? Specifically, is "enable zone transfers" checked?
 
D

DaiShan

Diamond Member
Jul 5, 2001
9,617
1
0
Originally posted by: stash
What options do you have set on the Zone Transfers tab for the zone on the master server? Specifically, is "enable zone transfers" checked?
Click to expand...

Not sure if I completely understand what the OP is trying to do, but it sounds like a transfer issue to me as well. Make sure that as stash said zone transfers are enabled, and that you have allowed the zones to be transferred to the child by adding it's IP address in the allow field in the zone transfers tab on the Parent
 
N

NogginBoink

Diamond Member
Feb 17, 2002
5,322
0
0
Also ensure you're forwarding TCP/53 on your firewall. Typical DNS queries are UDP but zone transfers will use TCP.

Doh... never mind. I just realized you said both machines are on the same side of the firewall. My bad.
 
B

bwatson283

Golden Member
Jul 16, 2006
1,062
0
0
The "Zone Transfer is set to "All IP's". I have messed with it by only setting ips of the other server but didn't seem to fix it. Ill have more time tommorow to look at it. I am busy studying 294,297 AD tests.
 
S

Smilin

Diamond Member
Mar 4, 2002
7,357
0
0
First things first. Figure out of the secondary is failing to request a transfer or if the primary is failing to deliver it. Take a network trace at the primary and see if the request is coming in. If it is you can concentrate there. If not, take a trace at the secondary and see if the request is not being sent or it's being sent but lost in transit.
 
B

bwatson283

Golden Member
Jul 16, 2006
1,062
0
0
Besides DNS logs/audits and Wireshark (F.K.A. Ethereal), is it netdiag or nslookup that i could use to see the failed attempts with DNS?
 
S

Smilin

Diamond Member
Mar 4, 2002
7,357
0
0
no way to attach a pic to a post here. post it elsewhere and provide a link.

Did you take a Wireshark trace? You can export the text of the frames if you need.

But anywhoo, what was the result? Are zone transfer requests arriving or not?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom