DNS does not resolve soa record

Hi Experts,
I've a DC server (DC1) and ISP server (ISP1) in my environment. DNS in DC1 is AD-integrated and in ISP1 is secondary.
The issue now is some of the zones in the ISP1 server are unable to reload  from master DC1 and the serial number is not updated. It returns error "zone not loaded by DNS server". I've checked the zone transfers setting in DC1 and it's configured properly. I've tried to re-create the problematic zones in ISP1 but it did not resolved the issue.  I've asked my infra team and they suspected it's due to the SOA record not configured properly in master server DC1. I checked the SOA record is exists in DC1 but I'm unable to nslookup the SOA. Any ideas on how to further check on this issue?

C:\>nslookup
Default Server:  dc1.abc.com
Address:  x.x.x.x

> set type=soa
> fish.com.cn
Server:  dc1.abc.com
Address:  x.x.x.x

fish.com.cn       canonical name = www.fish.com.cn
SuzenJAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:
You need to go fish.com.cn, then delete the CNAME you've created going to www.fish.com.cn.

You cannot create CNAME  records if there's another record at the same level. At the zone apex you'll have NS and SOA at the very least.

Chris
0
SuzenJAuthor Commented:
Thanks Chris for the reply..
So you're suggesting me to delete the CNAME record in DC1 for fish.com.cn going to www.fish.com.cn?? 

But why there is no issue for replication from DC1 with other ad-integrated primary DC servers (for ex: DC2) but the issue only happened in secondary zone server which is ISP1.
In addition, only some zones in ISP1 are having issue to reload from master and not all.

From DC1 AD integrated Primary DNS, I've 1 SOA record, 5 CNAME records, and 100 NS records.
Please confirm if I need to delete the first CNAME records as per below details?

SOA:
Name: (same as parent folder) Type: SOA Data: xxx

CNAME:
Name: (same as parent folder)  Type: Alias (CNAME)  Data: www.fish.com.cn
Name: ibe  Type: Alias (CNAME)  Data: ibe.fish.com
Name: m  Type: Alias (CNAME)  Data: vweb.abc.com
Name: mobile  Type: Alias (CNAME)  Data: vweb.abc.com
Name: www Type: Alias (CNAME) Data: vweb.abc.com
0
Chris DentPowerShell DeveloperCommented:
> But why there is no issue for replication from DC1 with other ad-integrated primary DC servers (for ex: DC2) but

Because that replication mechanism doesn't use the DNS protocol at all, instead it replicates using Active Directory.

> In addition, only some zones in ISP1 are having issue to reload from master and not all.

Your usage of the CNAME is illegal (that is, it contravenes all RFCs which dictate how DNS is supposed to work), nothing can be guaranteed while it's in that state.

You are correct that this is the one in error:

Name: (same as parent folder)  Type: Alias (CNAME)  Data: www.fish.com.cn

Chris
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

SuzenJAuthor Commented:
Thanks Chris..

Sorry as I has missed out some info for the nslookup result earlier. There are 2 CNAME records found not one as per my earlier comment.

C:\>nslookup
Default Server:  dc1.abc.com
Address:  x.x.x.x

> set type=soa
> fish.com.cn
Server:  dc1.abc.com
Address:  x.x.x.x

fish.com.cn       canonical name = www.fish.com.cn
www.fish.com.cn       canonical name = vweb.abc.com

Do i need to remove the record for Name: www Type: Alias (CNAME) Data: vweb.abc.com as well?

I saw one successful zone transfer in ISP1 with 2 host (A) records, 1 SOA, 100 NS for fish.info

Host A:
Name: (same as parent folder)  Type: Host (A)  Data: x.x.x.x  ---->> IP for vweb.abc.com
Name: www  Type: Host (A)  Data: x.x.x.x  ---->> IP for vweb.abc.com

Do I need to create the same Host A record for fish.com.cn?
0
Chris DentPowerShell DeveloperCommented:
Nope, you only need remove the first one (fish.com.cn -> www.fish.com.cn). The other is harmless.

And yes, if you wish that to resolve you will have to replace the CNAME with an A record. It's only the CNAME that's prohibited.

Chris
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SuzenJAuthor Commented:
Thank you very much Chris!! Once I deleted the CNAME record I'm able to nslookup the SOA record and the zone transfer is working fine now.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.