DNS secondary zone problem
We have a client that has a DNS secondary zone propagation problem. For background they have two domains with a one way trust between, each on separate VLANs with traffic between the DNS servers/DCs fully allowed. Each domain has two combined DC/DNS servers. These DCs were Server 2003 based when their operation was fine, and have been migrated to Server 2008 using (as far as we can tell) the same settings. DNS zone information for the ‘other domain’ is held as secondary files; both forward lookup and reverse lookup zones. Since the subnet of each VLAN is 10 bits, each has been configured as 4 reverse zones. All primary zones are configured to allow zone transfers to any DNS server. In order to explain the problem these we can refer to these 4 DNS servers as follows: Trusted1 and Trusted2 and Untrusted1 and Untrusted2 The primary zones are correct on all DNS servers. The secondary forward zones are correct on the all the DNS servers except Untrusted2. Here the secondary forward lookup zone is not being loaded neither are two (out of the 4 secondary reverse zones). The event log on the server from which (one of the failing) the zone transfers is being requested shows that it has successfully completed the transfer. We have enabled DNS debugging on the requesting server (Untrusted2). This shows the line 03/08/2010 15:08:28 0768 PACKET 0000000002485900 TCP Rcv 172.30.7.142 0000 R Q [0580 REFUSED] AXFR (5)admin(2)sb(5)local(0) Where the ipaddress shown is that of the ‘sending’ DNS server. We have looked at KB953317, but this does not seem to be exactly the same. Any help appreciated.
August 5th, 2010 11:09am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics