DNS secondary zone problem - repost?
In a post made to
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/058e2257-aa41-4220-8242-2b3d1d921ef3 I referred to the above problem. I would be grateful if you could have a look at that posting for furtherinfo. That particular issue has
aparently resolved itself only to be replaced with a similar problem involving a secondary forward zone. Symptoms are the same. The server for the primary zone reports transfer complete in the event log, but the recipient logs
01/09/2010 08:55:12 03E4 PACKET 000000000249E0A0 TCP Rcv 172.30.7.142 0000 R Q [0580 REFUSED] AXFR (5)admin(2)sb(5)local(0) in the debug log. Any help most appreciated.
September 1st, 2010 11:15am
Hi,
the server with error is always Untrusted2 ?
there are errors in event viewer on Untrusted2, section system end/or DNS ?Edoardo Benussi - Microsoft MVP
Management Infrastructure - Systems Administration
https://mvp.support.microsoft.com/Profile/Benussi
Windows Server Italian Forum Moderator
edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
September 1st, 2010 1:33pm
Thanks your response.
The server with the error is in the "untrusted" domain. The other "untrusted DC/DNS server" seems to be getting zone upates. There are no errors in the event log of the failing server. As per previous this problem seems to vary at first it was a reverse
secondary zone, now its a forward secondary zone.
The requesting server logs
Failed transfer of zone admin.sb.local from DNS server at 172.30.7.142. The DNS server at 172.30.7.142 aborted or failed to complete transfer of the zone. Check the DNS server at 172.30.7.142 and ensure it is properly functioning and authoritative
for zone admin.sb.local
172.30.7.142 is authoritative for the zone and has zone transfers to 'ANY' enabled.
Regards,
September 2nd, 2010 11:37am
the only cause for which a packet can be refused in zone transfer between two dns server is that, for some reason, a "secure transfer" is required and transfer is not compliant.
ref:
http://technet.microsoft.com/en-us/library/cc781101(WS.10).aspxEdoardo Benussi - Microsoft MVP
Management Infrastructure - Systems Administration
https://mvp.support.microsoft.com/Profile/Benussi
Windows Server Italian Forum Moderator
edo[at]mvps[dot]org
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2010 3:44pm
Hi Edoardo,
Thabks your response, this issue had us completely stumped, especially its intermittant nature. However our customer has now told me that they were also experiencing other networking problem symptoms since migrating from Server 2003 to 2008. One in
particular started as intermittant but had today gone solid. (This was RDP access across the router connecting the 2 VLANs). They sent us the result of a network sniffer that we asked for and this indicated that packets were getting lost on the router.
Inspection of the (Cisco) router config indicated that it was doing stateful packet inspection. After disabling this the RDP and the DNS problems have gone away. So it would seem that there are slight differences in the protocol sequence between 2003 and 2008
servers.
Regards,
September 6th, 2010 2:05pm