DNS and RODC
I have an RODC in my DMZ. DNS is not updating on that RODC in my DMZ.
If I make it a full DC then DNS updates with no issue. Once I convert it to a RODC its stops updating DNS
I am stuck
D
Dave Kozlowski
December 13th, 2011 10:10am
Please refer following threads, they may help.
RODC DNS replication
RODC in DMZ
~Santosh
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 10:23am
correction
DNS is not replicating to the RODC
when we check the rodc is has about 1000 less records than the RWDC.Dave Kozlowski
December 13th, 2011 12:43pm
Hello,
Please proceed like that:
Make sure that the RODC is pointing to an internal DNS server as primary DNS server
Make sure that needed ports for AD replication are opened in both directions: http://technet.microsoft.com/en-us/library/bb727063.aspx. Use PortQry v2 for checking
Once done, force AD replication and check results.
If this does not help then use Microsoft Skydrive to upload the output of
dcdiag > c:\dcdiag.txt and ipconfig /all > c:\ipconfig .txt
commands on all DCs you have. Once done, post a link here.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 4:10pm
Thanks
Just to be sure I read that primary dns should be the local server and secondary the RWDC.
DaveDave Kozlowski
December 13th, 2011 5:13pm
Thanks
Just to be sure I read that primary dns should be the local server and secondary the RWDC.
Dave
Dave Kozlowski
If all DNS records had correctly been replicated to the RODC, you can use that.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 5:27pm
Thanks
I will check and make sure it points to the internal DNS the follow your suggestion
Dave Kozlowski
December 13th, 2011 5:44pm
think I found it.
The primary is set to 127.0.0.1 and the alternate to the RWDC
Should I set the primary to the rwdc and leave the alternate blank and leave it that way?
Thanks
daveDave Kozlowski
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2011 5:57pm
Hi,
You may try to point the preferred DNS server to RWDC and set alternate DNS server to RODC.
For more information, please refer to the following Microsoft TechNet article:
DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry
http://technet.microsoft.com/en-us/library/ff807362(WS.10).aspx
As a best practice, use Active Directory–integrated DNS zones, which are hosted in the application directory partitions named ForestDNSZones and
DomainDNSZones. In branch offices that have a read-only domain controller (RODC), install a DNS server on each RODC so that client computers in the branch office can still perform DNS lookups when the wide area network (WAN) link to a DNS server in a hub site
is not available.
I also would like to share the following Microsoft TechNet article with you:
Plan DNS Servers for Branch Office Environments
http://technet.microsoft.com/en-us/library/dd737255(WS.10).aspx
Regards,
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact tnmff@microsoft.com.Arthur Li
TechNet Community Support
December 14th, 2011 9:51pm
Made the change to the primary DNS
Reran replication and it sorta worked.
Built DNS tree with lots of records but still missing some.
During the night got an event id 4015 on the RODC. We stopped and restarted the DNS server on the RODC with no changes.
Any way to run a DNS compare to see what is actually missing.
thanks
DaveDave Kozlowski
Free Windows Admin Tool Kit Click here and download it now
December 15th, 2011 9:38am
Hello,
See this Microsoft article about the event ID: http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows+Operating+System&ProdVer=5.2&EvtID=4015&EvtSrc=DNS&LCID=1033
If the problem persists, I would recommend to proceed like that:
Demote the RODC Uninstall DNS Promote again the server as an RODC with DNS installed one Make the RODC points to a healthy RWDC / DNS server as primary DNS server and its private IP address as secondary one
Make sure that needed ports for AD replication are not blocked: http://technet.microsoft.com/en-us/library/bb727063.aspx
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
December 15th, 2011 11:25am
Removed dns on the RODC and waited then reinstall dns on RODC
Replication occurred but still about 600 records difference between the rwdc and the rodc
Anyone with any idea how to proceed.
DaveDave Kozlowski
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2011 10:11am
Removed dns on the RODC and waited then reinstall dns on RODC
Replication occurred but still about 600 records difference between the rwdc and the rodc
Anyone with any idea how to proceed.
Dave
Dave Kozlowski
Please use Microsoft Skydrive to upload the output of these commands on all DCs you have:
ipconfig /all > c:\ipconfig.txt dcdiag > c:\dcdiag.txt
Once done, post a link here.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
December 17th, 2011 11:25am
Hi,
I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know,
and I will be happy to help.
Regards,
Arthur Li
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.Arthur Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
December 21st, 2011 2:55am
problems is I created a RODC with DNS in a dmz
the dc works fine but when I compare DNS records to those inside there are records missing in the RODC.
Any tool to compare both dns servers
Thanks
DaveDave Kozlowski
December 23rd, 2011 11:51am
Hi,
I cannot find a tool to compare the DNS records between DNS Servers.
I would like to confirm what related event errors can you read in Event Viewer?
Based on the current situation, this can be an AD-integrated DNS replication issue. You may refer to the following Microsoft TechNet article for how
to troubleshoot DNS related issue.
Troubleshooting Active Directory—Related DNS Problems
http://technet.microsoft.com/en-us/library/bb727055.aspx
If the issue persists, would you please collect the following information and upload them to me at
v-artli@microsoft.com for our further research?
Dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more than one DC exists)
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
Regards,
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact tnmff@microsoft.com.Arthur Li
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2011 1:16am
Hi,
I cannot find a tool to compare the DNS records between DNS Servers.
I would like to confirm what related event errors can you read in Event Viewer?
Based on the current situation, this can be an AD-integrated DNS replication issue. You may refer to the following Microsoft TechNet article for how
to troubleshoot DNS related issue.
Troubleshooting Active Directory—Related DNS Problems
http://technet.microsoft.com/en-us/library/bb727055.aspx
If the issue persists, would you please collect the following information and upload them to me at
v-artli@microsoft.com for our further research?
Dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more than one DC exists)
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
Regards,
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support,
contact tnmff@microsoft.com.Arthur Li
TechNet Community Support
December 27th, 2011 9:14am
Dave,
In addition, one way to compare the two zones is to manually list all the data in a text file using the command below. However, the file will be kind of large, if you have 1000's of records. You may be able to open each in an Excel file and create a
macro to compare the data by columns or worksheets (post to the Excel forum asking how to do that).
dnscmd /enumrecords domain.com @ > c:\dnsrecords.txt
Also, just to note, this thread is apparently a duplicate to your other thread on this topic?
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/1d64545b-0396-4e41-b76f-7b1e492c7a63/
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
December 29th, 2011 12:35am
Hi Dave,
As a rule of thumb one primary DC / DNS should point to itself (not loopback, its own IP e.g. 192.168.10.10) and all other DC's / DNS should point to this primary DC as primary and in secondary it should point to its own IP.
1. Correct DNS pointing on all DC's including RODC as suggested by me.
2. Make sure all the necessary ports for RODC are opened both ways as suggested earlier.
3. Also make sure that replication traffice does not passes via NAT as netlogon traffice does not passes through NAT.
Once all this is done, please leave the DC's to replicate overnight.
If problem still persists then we can investigate further.
December 29th, 2011 4:48am
Dave,
In addition, one way to compare the two zones is to manually list all the data in a text file using the command below. However, the file will be kind of large, if you have 1000's of records. You may be able to open each in an Excel file and create a
macro to compare the data by columns or worksheets (post to the Excel forum asking how to do that).
dnscmd /enumrecords domain.com @ > c:\dnsrecords.txt
Also, just to note, this thread is apparently a duplicate to your other thread on this topic?
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/1d64545b-0396-4e41-b76f-7b1e492c7a63/
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
December 29th, 2011 8:33am