Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

DS-Integrated peers ?

Posted on 2007-11-16
2
2,517 Views
Last Modified: 2010-04-21
Do I understand the attached message to mean that the DNS server on this machine is looking for another DNS server to sync with?
This is the only one in my newly created domain, there will be another eventually but not right away.  I just need to know if I understand this right.
Will this be resolved by majic when the next DNS server appears on the domain?


Event Type:	Error
Event Source:	DNS
Event Category:	None
Event ID:	6702
Date:		11/15/2007
Time:		4:51:46 PM
User:		N/A
Computer:	MYSERVER
Description:
DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code. 
 
If this DNS server does not have any DS-integrated peers, then this error 
should be ignored. 
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it. 
 
To ensure proper replication: 
1) Find this server's Active Directory replication partners that run the DNS server. 
2) Open DnsManager and connect in turn to each of the replication partners. 
3) On each server, check the host (A record) registration for THIS server. 
4) Delete any A records that do NOT correspond to IP addresses of this server. 
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.) 
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
 
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7c 26 00 00               |&..

Open in new window

0
Comment
Question by:Salad-Dodger
2 Comments
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 50 total points
ID: 20304234
Nod, because the server in question is both a DC and a DNS server, a strong potential exists for other DCs and clients/members to resolve certain records against it that are necessary for authentication and AD-replication, these records are in turn dependent upon the DCs 'A' records being present and upto-date.  

A circular dependency exists because DNS is relying upon AD-replication to transfer zone content between DNS servers and that AD-replication is in-turn dependent upon the DNS server containing the records necessary for any 2 DCs to successfully replicate with one another.  To ensure the 'A' records are present both locally and on other DNS servers that hold the AD-zones, all Windows DNS servers now register their own 'A' records (through dynamic update) against any DNS server listed as an 'NS' record within the AD-zone.  This differs from the normal mechanism of using DHCP Client since that only registers its own 'A' record against the name server configured within the DNS resolver.  This is designed to mitigate a fairly old issue known as the 'island' issue in which DCs configured as DNS servers were often configured to resolve against themselves thereby creating a potential pockets or 'islands' of zone content that was never able to converge since they knew only their own IP address.
0
 
LVL 1

Author Closing Comment

by:Salad-Dodger
ID: 31409659
Sory for the delay, had a password issue,
Thank you for the detail in your answer, that makes sense.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most DNS problems are VERY easily troubleshot and identifiable if you can follow the steps a DNS query takes. I would like to share the step-by-step a DNS query takes from the origin to the destination. _____________________________________________…
If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question