Forward lookup zone name and Active Directory Domain name

I have DNS issues and I am not an expert with DNS.

Should my forward lookup zone name be exactly the same as my Active Directory Domain name?
Also, how many forward lookup zones should I have?
BTW I am getting Event ID: 6702 coming up once a week.

Any help would be much appriciated.
LVL 10
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

bluetabConnect With a Mentor Commented:
I don't know of any reason why you would need the DNS zone or the _msdcs.domain.local zone.  Is this second domain set for replication with the other server?  

The only zone you should need in DNS is the domain.local.  So realistically you should be safe in deleting those other two zones.  
In short yes.  You should only need 1 forward lookup zone, that should be the one for your AD domain.  In regards to Event ID: 6702 here's a Microsoft KB article although it's pretty vague.

Does your AD domain end in .com, .local or something else?  What is your current forward lookup zone?

The forward lookup zone used by the Active Directory does not have to be the same as your NETBIOS domain name, but it has to be the same as the "native" Active directory name.

If you are seting up a new domain you really don't have to worry about which zone's to create. The wizard in Windows 2003 takes care of configuring your DNS server if you use the windows DNS server.

About Event 6702 please see here hor a list of possible causes:
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

wmeerzaAuthor Commented:
Hi, thanks for your quick responses.

My forward lookup zone currently contains the following entries in this order:

This was originally all setup from scratch using the wizards, but problems happened and had to change the primary dns server. It may be wise for me to recreate from scratch again (maybe).
I would recommend removing the zone.  
Go to the zone properties of the domain.local zone.  On the General tab make sure the type is Active Directory-Integrated and that the dynamic updates are Secure Only (zone properties, general tab).  
On the Zone Transfers tab make sure you are not allowing zone transfers (I'm assuming this is your only DNS server)
On the Name Servers tab make sure this is the only DNS server listed (again, I'm assuming this is your only DNS server)
wmeerzaAuthor Commented:
I do have another DNS server on another subnet at our DR site.
eg. Primary DNS ip
Secondary DNS ip
IThe zone transfers are allowed for the secondary DNS server and dynamic updates are Secure only.
Do you still recommend deleteing zone?
wmeerzaAuthor Commented:
Just noted that the does not allow zone transfers in DNS if that helps.
KoeKkConnect With a Mentor Commented:
You should not delete the _msdcs.domain.local zone, it is a critical zone for the active directory. The other zone can be deleted but be sure that you or no one else uses it.
Thanks for catching that KoeKk.  I forgot to verify that before posting.  Just to reiterate what was said here, don't delete the _msdcs.domain.local zone.
wmeerzaAuthor Commented:
Thanks guys, I will make changes over the weekend and let you know how I go on Monday.
All Courses

From novice to tech pro — start learning today.