Good Morning,

I am having an issue where I have added a secondary zone to my server running server 2012 from another server running server 2008. Both are domain controllers on separate domains with a trust in place, but on the same IP range and subnet.

When I add the secondary zone in all is fine, I click in properties and it says running, but as soon as a restart the server and go into the properties of the zone it says "zone never loaded", However on the main Forward Lookup Zones screen it says the zone is running. It seems to be working.....

Another issue which is possible related is that the trust only seems to work if the domain run by the server 2008 dc server is up and before the 2012 one.

Apart from that it all seems to be working...Any advice?

I saw your post in that older thread:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/e832e933-1301-4e99-9b06-69555a2943a9/dns-zone-transfers-adintegrated-to-secondary-zone-servers?forum=winserverNIS

I was ready to respond, but saw your new one here so I thought I would post here, instead.

For everyone, what I can say, and note I have not seen this problem before but have seen postings in the past, and I'm just speculating as to what may be causing and stating the base issues I've seen related to communications, is that both UDP 53 and TCP 53 are required for zone transfers and notifications.

I've also seen where an antivirus with network protection features that act like a firewall, or a local firewall will cause issues with transfers.

In addition, if I remember correctly from my old notes, when the DNS server service starts/restarts and it
hosts a secondary zone, it tries to contact the Master and if not able to, it won't load.

Are you seeing any event log errors, perhaps event ID 5501 and event ID 6524?

Are all DNS servers that host a copy of the zone (all DCs in the replication scope that are DNS servers hosting this zone), in the Nameservers tab (NS records)?

If you delete the zone, and re-create it, I assume it will do the initial transfer of the whole zone. Then after you restart it, does the error show up? If that's the case, that may lead to what I stated in my previous paragraph.

Thanks for your response.

No errors in the event log. Basically the zone loads and says running until the server is rebooted and then it no longer says running, it says zone never loaded.

I have given up and put in conditional forwarders in instead which seem to be working fine.

• Marked as answer by Justin GuMicrosoft contingent staff, Moderator Wednesday, November 06, 2013 11:28 AM

Any of the other info I provided help, such as ports, NS records, etc?

If a conditional forwarder works, I would stick with that. It's my preference anyway!

Ace,

The conditional forwarders seem to be working OK. I did have server not authoritive errors on one side (domain A) when setting them up, but it seems to be working. However I am also getting the following when doing nslookups:

Doing an nslookup from domain a to domain b gives an non-authoritive answer

Doing an nslookup from domain b to domain a comes back with an authoritive answer the first time and non authoritive the second

I can't see a difference in how it is setup either end. Any ideas please???? Or is this normal?

Kind Regards,

John

An authoritative answer means it got the answer from itself. If a DNS server hosts a zone or a reference to the zone such as a stub but not forwarders, a query to the zone results in an authoritative answer.

If you get a non-authoritative, that means DNS doesn't host the zone or a reference to the zone and had to look somewhere else.

If you are getting mixed non-authoritative and authoritative from DomainB to DomainA, then something is misconfigured on the DNS servers that you used to run the query against.

So this means domain B is misconfigured some how?

Was domain A correct to give a non authoritative error when setting up the conditional forwarder and to nslookup requests.

Any idea what could be misconfigured?

Ace,

An interesting thing is that domain B cache's the SOA record for domain A, but domain A does not cache the SOA record, only pointer records. Is this an indication of anything?

Kind Regards,

John

Ace,

Are you able to help with this DNS issue at all?https://social.technet.microsoft.com/Forums/windowsserver/en-US/34fb50a2-dfe1-48a6-a0a0-ffcb6b7f879d/dns-host-records-missing?forum=winserveripamdhcpdns#34fb50a2-dfe1-48a6-a0a0-ffcb6b7f879d

Kind Regards,
John