Avatar of IT Dep
IT DepFlag for United States of America

asked on 

Primary DNS zones both changed to stub zones, how to revert back to primary?

So we were running into an issue where DNS was not updating properly, like scavenging was not working.  We were manually deleting a few computers and reregistering them with DNS to fix these issues.  One of the selections made was to change replication away from Windows 2000 compatibility mode to all DNS servers in this forest.  We have a 2012 domain.  Both domain controllers now show our DNS zone as stub AD integrated.  We can not change to primary without losing AD integration. 

DNSWindows OSActive Directory* DNS Zone

Avatar of undefined
Last Comment
footech
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of IT Dep
IT Dep
Flag of United States of America image

ASKER

Yes, I was thinking that we might have to do this, start from scratch.  Just for some background we have 2 DC's, both are the single DNS holders for the primary domain, we have 2 other domains in the forest, and 1 subdomain without our primary (those each have 2 DNS).  We tried a restore from Veeam restore but it failed, then I attempted to restore from a file, that ended up failing and left us with 1 entry.  So I deleted it yet again in complete fear and the restore succeeded and we are back to where we were before it was changed from 2000 compatibility mode.  So now it is time to figure out all the issues the DNS servers are having as we had a lot of stale entries causing major problems... Any good tools you recommend besides DCDIAG for DNS testing?  I feel like this might be a long night.
Avatar of footech
footech
Flag of United States of America image

There should be no issue with changing the replication scope.  The only thing I can think of that would interfere would be conflicting zones that already exist and would just need to be cleared out beforehand.

The DNS tests in DCDIAG will of course help you to ensure you have DNS properly configured for DC function and replication, but that's about where it stops.  I think everything else is down to looking at event logs and nslookup.  I'm not sure exactly what sort of testing you're after.

Outside of a config issue, if the DNS server truly is not functioning properly, then my only recourses would be to remove and re-add the role on the server, or to stand up a new one.

If you need help understanding scavenging, the best article I've come across to explain it is https://web.archive.org/web/20160428150734/https://blogs.technet.microsoft.com/networking/2008/03/19/dont-be-afraid-of-dns-scavenging-just-be-patient/ 

I'd need more details of a specific issue to be able to suggest anything further.
Avatar of IT Dep
IT Dep
Flag of United States of America image

ASKER

Thank you for that link, I think a lot of our issues stemmed from scavenging configuration.  I have been reading a lot about best practices, using secondary zones, and transfers.  DNS is starting to come around, a couple of replication issues left but in much better shape than we were last night, no one would even know there is an issue currently.  At this point I just want to make sure the network is 100% healthy with full replication, records being updates, etc.  Probably no specific issues right now, just some tweaking to do after a long night of DNS zone maintenance.  Thanks for the help!  If I come up with something specific I'll make sure to ask!
Avatar of footech
footech
Flag of United States of America image

I'd say in most setups, having all zones as AD-integrated Primary zones is the way to go.  Without any secondary zones, all the zone transfer settings should be off.

My experiences of turning on DNS scavenging in an existing environment involved monitoring (over the course of weeks) the timestamps on dynamic DNS records to make sure all that should be being updated actually were (if they weren't, delete the record and have the client register it again), before turning on the actual scavenging.  Even for clients/servers configured with a static IP, if they are capable of registering their own record I would have them do it rather than creating a static DNS record.

With clients moving back and forth between wireless and wired connections on a network, you're guaranteed to get some incorrect DNS records at any moment, but scavenging will help to reduce the lifetime those stick around.

Best of luck to you.
Windows OS
Windows OS

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo