Solved

DNS does not resolve soa record

Posted on 2014-10-26
6
373 Views
Last Modified: 2014-11-04
Hi Experts,
I've a DC server (DC1) and ISP server (ISP1) in my environment. DNS in DC1 is AD-integrated and in ISP1 is secondary.
The issue now is some of the zones in the ISP1 server are unable to reload  from master DC1 and the serial number is not updated. It returns error "zone not loaded by DNS server". I've checked the zone transfers setting in DC1 and it's configured properly. I've tried to re-create the problematic zones in ISP1 but it did not resolved the issue.  I've asked my infra team and they suspected it's due to the SOA record not configured properly in master server DC1. I checked the SOA record is exists in DC1 but I'm unable to nslookup the SOA. Any ideas on how to further check on this issue?

C:\>nslookup
Default Server:  dc1.abc.com
Address:  x.x.x.x

> set type=soa
> fish.com.cn
Server:  dc1.abc.com
Address:  x.x.x.x

fish.com.cn       canonical name = www.fish.com.cn
0
Comment
Question by:SuzenJ
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40405870
You need to go fish.com.cn, then delete the CNAME you've created going to www.fish.com.cn.

You cannot create CNAME  records if there's another record at the same level. At the zone apex you'll have NS and SOA at the very least.

Chris
0
 

Author Comment

by:SuzenJ
ID: 40406087
Thanks Chris for the reply..
So you're suggesting me to delete the CNAME record in DC1 for fish.com.cn going to www.fish.com.cn?? 

But why there is no issue for replication from DC1 with other ad-integrated primary DC servers (for ex: DC2) but the issue only happened in secondary zone server which is ISP1.
In addition, only some zones in ISP1 are having issue to reload from master and not all.

From DC1 AD integrated Primary DNS, I've 1 SOA record, 5 CNAME records, and 100 NS records.
Please confirm if I need to delete the first CNAME records as per below details?

SOA:
Name: (same as parent folder) Type: SOA Data: xxx

CNAME:
Name: (same as parent folder)  Type: Alias (CNAME)  Data: www.fish.com.cn
Name: ibe  Type: Alias (CNAME)  Data: ibe.fish.com
Name: m  Type: Alias (CNAME)  Data: vweb.abc.com
Name: mobile  Type: Alias (CNAME)  Data: vweb.abc.com
Name: www Type: Alias (CNAME) Data: vweb.abc.com
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 40406102
> But why there is no issue for replication from DC1 with other ad-integrated primary DC servers (for ex: DC2) but

Because that replication mechanism doesn't use the DNS protocol at all, instead it replicates using Active Directory.

> In addition, only some zones in ISP1 are having issue to reload from master and not all.

Your usage of the CNAME is illegal (that is, it contravenes all RFCs which dictate how DNS is supposed to work), nothing can be guaranteed while it's in that state.

You are correct that this is the one in error:

Name: (same as parent folder)  Type: Alias (CNAME)  Data: www.fish.com.cn

Chris
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:SuzenJ
ID: 40406155
Thanks Chris..

Sorry as I has missed out some info for the nslookup result earlier. There are 2 CNAME records found not one as per my earlier comment.

C:\>nslookup
Default Server:  dc1.abc.com
Address:  x.x.x.x

> set type=soa
> fish.com.cn
Server:  dc1.abc.com
Address:  x.x.x.x

fish.com.cn       canonical name = www.fish.com.cn
www.fish.com.cn       canonical name = vweb.abc.com

Do i need to remove the record for Name: www Type: Alias (CNAME) Data: vweb.abc.com as well?

I saw one successful zone transfer in ISP1 with 2 host (A) records, 1 SOA, 100 NS for fish.info

Host A:
Name: (same as parent folder)  Type: Host (A)  Data: x.x.x.x  ---->> IP for vweb.abc.com
Name: www  Type: Host (A)  Data: x.x.x.x  ---->> IP for vweb.abc.com

Do I need to create the same Host A record for fish.com.cn?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 40406215
Nope, you only need remove the first one (fish.com.cn -> www.fish.com.cn). The other is harmless.

And yes, if you wish that to resolve you will have to replace the CNAME with an A record. It's only the CNAME that's prohibited.

Chris
0
 

Author Closing Comment

by:SuzenJ
ID: 40423378
Thank you very much Chris!! Once I deleted the CNAME record I'm able to nslookup the SOA record and the zone transfer is working fine now.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question