Jack Nguyen
asked on
DNS: Zone <ZoneName> secondary servers must respond to queries for the zone.
Hello everyone,
I'm a newbie in this forum and in the server field.
So today the problem I'd like to discuss is DNS role on the server.
Well, I followed and did the Best Practices Analyzer (BPA) instruction (the link below) for resolving the problem that related to the subject. Here is the link included in the BPA log:
http://go.microsoft.com/fwlink/?LinkId=188791
But the problem could not be resolved.
My server version is 2008 R2 Standard SP1
Any help is highly appreciated
Thank you for your consideration
Jack Nguyen
I'm a newbie in this forum and in the server field.
So today the problem I'd like to discuss is DNS role on the server.
Well, I followed and did the Best Practices Analyzer (BPA) instruction (the link below) for resolving the problem that related to the subject. Here is the link included in the BPA log:
http://go.microsoft.com/fwlink/?LinkId=188791
But the problem could not be resolved.
My server version is 2008 R2 Standard SP1
Any help is highly appreciated
Thank you for your consideration
Jack Nguyen
ASKER
Hi yo_bee
Thank you for your feedback!
I'd like to respond as below
>Is this a Windows Domain and is the second DNS server a Domain Controller?
→ It's a Windows Domain and I have the second DNS server (but not set that <ZoneName> on it)
Because after I tried to set that <ZoneName> then the same error came with the Secondary server.
>On the Zone Transfers Tab do you have the settings Allow zone transfer and Only to servers listed on the Name Servers Tab?
→ On the Servers listed on the Name Servers Tab: I listed both the primary and secondary IP Address
And of course, I enabled "Allow zone transfer" and chose as you said already (before my post)
So the problem still is there, not be resolved!
Thank you for your feedback!
I'd like to respond as below
>Is this a Windows Domain and is the second DNS server a Domain Controller?
→ It's a Windows Domain and I have the second DNS server (but not set that <ZoneName> on it)
Because after I tried to set that <ZoneName> then the same error came with the Secondary server.
>On the Zone Transfers Tab do you have the settings Allow zone transfer and Only to servers listed on the Name Servers Tab?
→ On the Servers listed on the Name Servers Tab: I listed both the primary and secondary IP Address
And of course, I enabled "Allow zone transfer" and chose as you said already (before my post)
So the problem still is there, not be resolved!
When you created the second DC did you allow for DNS to also be configured or did you manually create after?
If you did manually create it after did select Secondary Zone ?
If you did manually create it after did select Secondary Zone ?
ASKER
Hi yo_bee
I let the DNS to be configured after run dcpromo for the second DC. Not manually configure.
I let the DNS to be configured after run dcpromo for the second DC. Not manually configure.
The approach I would take here is not so much trying to resolve the issue brought up by the BPA but understanding why you are getting that in the first place. So, with an issue of "A list of secondary DNS servers has been specified on the zone transfers tab, but none of these servers are responding to a DNS query for the zone," my questions to myself would be:
- should I even have anything specified in this list on the zone transfers tab? Why? (If you can't answer why, chances are the answer to the former is "no")
If the answer to the first is "yes", then you can move on to secondary questions such as:
- is the list correct?
- what are my secondary zones?
- etc.
In most (simple) domains you have multiple domain controllers (with the DNS server role installed), and the DNS zones on one DC are replicated to all other DCs without even a thought of secondary zones. The zones are replicated via Active Directory replication processes because the default zones are set as AD-integrated primary zones. Replication via this method is better (more efficient, less complicated to configure) than setting up secondary zones, zone transfers, etc. So unless you know why you have (and need) secondary zones then it's probably best to avoid them.
I think the most important part of yo_bee's question is, "...and is the second DNS server a Domain Controller?", for which I don't see a clear answer (but I would suspect "yes"). AD-integrated primary zones only replicate between DCs that have the DNS role. If you need the info from an AD-integrated primary zone on another DNS server that is not a DC, that's where you can configure for zone transfer (or consider whether it should be made a DC).
EDIT: While I was typing this post, your response came in above indicating clearly that the second server is a DC. I'll clarify my recommendations in another post.
- should I even have anything specified in this list on the zone transfers tab? Why? (If you can't answer why, chances are the answer to the former is "no")
If the answer to the first is "yes", then you can move on to secondary questions such as:
- is the list correct?
- what are my secondary zones?
- etc.
In most (simple) domains you have multiple domain controllers (with the DNS server role installed), and the DNS zones on one DC are replicated to all other DCs without even a thought of secondary zones. The zones are replicated via Active Directory replication processes because the default zones are set as AD-integrated primary zones. Replication via this method is better (more efficient, less complicated to configure) than setting up secondary zones, zone transfers, etc. So unless you know why you have (and need) secondary zones then it's probably best to avoid them.
I think the most important part of yo_bee's question is, "...and is the second DNS server a Domain Controller?", for which I don't see a clear answer (but I would suspect "yes"). AD-integrated primary zones only replicate between DCs that have the DNS role. If you need the info from an AD-integrated primary zone on another DNS server that is not a DC, that's where you can configure for zone transfer (or consider whether it should be made a DC).
EDIT: While I was typing this post, your response came in above indicating clearly that the second server is a DC. I'll clarify my recommendations in another post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi footech,
Thank you for your feedback.
Unfortunately, my VM crashed yesterday,
then I must check/rebuild the VM for checking this case.
I'll reply and update the status soon.
Thank you,
Jack Ng.
Thank you for your feedback.
Unfortunately, my VM crashed yesterday,
then I must check/rebuild the VM for checking this case.
I'll reply and update the status soon.
Thank you,
Jack Ng.
ASKER
Hi footech,
Inside your response as I quoted below is the important point that I missed.
≪If you're just trying to ensure that the DNS zones on the first DC are also on the second DC, if those zones are set as AD-integrated then you don't need to do anything, AD replication will take care of it.≫
→ And of course, this is the solution for my issue too.
Highly appreciated and thank you so much.
Best regards,
Jack Ng.
Inside your response as I quoted below is the important point that I missed.
≪If you're just trying to ensure that the DNS zones on the first DC are also on the second DC, if those zones are set as AD-integrated then you don't need to do anything, AD replication will take care of it.≫
→ And of course, this is the solution for my issue too.
Highly appreciated and thank you so much.
Best regards,
Jack Ng.
Glad I could help.
You may want to check a few items.
On the Zone Transfers Tab do you have the settings Allow zone transfer and Only to servers listed on the Name Servers Tab?