Link to home
Start Free TrialLog in
Avatar of InSearchOf
InSearchOfFlag for United States of America

asked on

DNS Replication

I have eight DC/DNS/DHCP servers. In the DNS properties of each sever I have Zone Transfers enabled to the "Severs specified in the Name server tab. When I compare the serial number in the SOA tab of all my DNS servers I see different serial numbers across the servers. Shouldn't they all have the same version number?
Avatar of footech
footech
Flag of United States of America image

I'm assuming these are all AD-integrated zones.  In that case, the SOA will often (maybe even usually) be different on each server.  AD-integrated zones are multi-master and don't use zone transfers to get the data to other DC/DNS servers.  If you don't have any secondary zones on any of your servers that are getting their info from a DNS where you have the zone as primary, then there's no reason to even have zone transfers enabled.
Avatar of InSearchOf

ASKER

Hmmm. I don't have any secondary zones but the reason I ask is because the DNS entries on one is not the same as the other. Should I not have zone transfers enabled on all my DNS servers? They are AD integrated.
SOLUTION
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Zone transfers are only needed for secondary zones.  Thus if there aren't any secondary zones which pull from DNS servers which have the zones as primary, there's no need to have zone transfers enabled.
If all you have are AD-integrated zones, the information for those is transferred via AD replication, not any zone transfer mechanism.

Give an example of the kind of difference you are seeing between servers.
Thanks for the info.

with regards to the difference I see from one server to the other there are 10 computers at one site that do not show up in the DNS entries on another site.
First verify that the zone in both sites is indeed AD-integrated.
It's possible for records created in one site to not appear in another for a short period of time until replication has occurred.  If you're just looking in the DNS Management console, verify that you have refreshed your view and don't have any filters applied in one view that are different from another view (in other words verify that there actually is a difference in the records and not just your view of them).

If all that's been verified and there is still a difference, then check your AD replication, as it appears something is not working right.
Hmmm. Yes there seems to be a problem replicating to all my DCs but not between the two servers I was using for reference which happen to be replication partners. When I look at the domain computer OU between the two they have the same computer entries. The ones I do not see in the DNS of one are in the domain computer OU but the ones that do not show up in DNS are not pingable by name only by IP. If I force a replication will that fix that?
Yes there seems to be a problem replicating to all my DCs
Can you clarify?
How have you checked replication?
Here are the results when I run DCDIAG:
dcdiag1.txt
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK. Let me take a look at those. Thanks for the info. Much appreciated.
OK. The problem is with AD replication because of network connectivity. The DC in question cannot access or be accessed by some of my DCs in other subnets. The problem seems to be with the VPN tunnel at that location. Thanks for all the help.