First an explanation of the setup we have:

Domain sstl.co.uk is the primary domain of our organisation and is
available both internally and externally. However, the internal DNS
server (actual members of that Win2K domain that is internal only and
protected behind a firewall) use a unique DNS zone containing the
private address mappings. A second DNS server exists on our DMZ that
is the DC for a sub-domain external.sstl.co.uk. This DNS server is
also the primary of a unique sstl.co.uk zone containing the external
adress mappings.

Recently, the sstl.co.uk zone has been disappearing from the second
server after a reboot although the actual zone file still exists. Once
it is added back into the DNS all is well until another reboot.

I've read lots of things about this, but nothing that really fits the
scenario I have tried to explain. How can I stop the zone
disappearing? It is probably a strange way of trying to solve a
particular issue, but sstl.co.uk is our internal NT domain and must not
be available from outside of our network for security reasons. I can
potentially migrate the external.sstl.co.uk to a different domain/DNS,
say sstl.net, but I want to see if its possible to fix the current
issue.

Cheers

JohnnyP

In news:(E-Mail Removed),
(E-Mail Removed) <(E-Mail Removed)> stated, which I commented on
below:
> First an explanation of the setup we have:
>
> Domain sstl.co.uk is the primary domain of our organisation and is
> available both internally and externally. However, the internal DNS
> server (actual members of that Win2K domain that is internal only and
> protected behind a firewall) use a unique DNS zone containing the
> private address mappings. A second DNS server exists on our DMZ that
> is the DC for a sub-domain external.sstl.co.uk. This DNS server is
> also the primary of a unique sstl.co.uk zone containing the external
> adress mappings.
>
> Recently, the sstl.co.uk zone has been disappearing from the second
> server after a reboot although the actual zone file still exists.
> Once it is added back into the DNS all is well until another reboot.
>
> I've read lots of things about this, but nothing that really fits the
> scenario I have tried to explain. How can I stop the zone
> disappearing? It is probably a strange way of trying to solve a
> particular issue, but sstl.co.uk is our internal NT domain and must
> not be available from outside of our network for security reasons. I
> can potentially migrate the external.sstl.co.uk to a different
> domain/DNS, say sstl.net, but I want to see if its possible to fix
> the current issue.
>
> Cheers
>
> JohnnyP

Does the external DNS have a nameserver entry for the internal DNS or the
actual nameserver (the registrar's perhaps?) hosting the external zone?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.

It's easy:
How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only thing in life is change. Anything more is a blackhole consuming
unnecessary energy. - [Me]

Hi Ace

There is no nameserver entry in the external DNS tables for sstl.co.uk
that refers to the internal DNS server, nor is there any entry anywhere
for the registrar.

Cheers

JohnnyP

(E-Mail Removed) wrote:
> First an explanation of the setup we have:
>
> Domain sstl.co.uk is the primary domain of our organisation and is
> available both internally and externally. However, the internal DNS
> server (actual members of that Win2K domain that is internal only and
> protected behind a firewall) use a unique DNS zone containing the
> private address mappings. A second DNS server exists on our DMZ that
> is the DC for a sub-domain external.sstl.co.uk. This DNS server is
> also the primary of a unique sstl.co.uk zone containing the external
> adress mappings.
>
> Recently, the sstl.co.uk zone has been disappearing from the second
> server after a reboot although the actual zone file still exists.
> Once it is added back into the DNS all is well until another reboot.
>
> I've read lots of things about this, but nothing that really fits the
> scenario I have tried to explain. How can I stop the zone
> disappearing? It is probably a strange way of trying to solve a
> particular issue, but sstl.co.uk is our internal NT domain and must
> not be available from outside of our network for security reasons. I
> can potentially migrate the external.sstl.co.uk to a different
> domain/DNS, say sstl.net, but I want to see if its possible to fix
> the current issue.


Are any of these Active Directory integrated zones?
Is the one that keeps disappearing a Secondary zone?

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

In news:(E-Mail Removed),
JohnnyP <(E-Mail Removed)> stated, which I commented on below:
> Hi Ace
>
> There is no nameserver entry in the external DNS tables for sstl.co.uk
> that refers to the internal DNS server, nor is there any entry
> anywhere for the registrar.
>
> Cheers
>
> JohnnyP

How about Kevin's question?

Ace

Hi Kevin

None of the zones are AD integrated and the disappearing zone is a
primary zone on the external server, and a unique primary on the
internal server.

Cheers

JohnnyP

JohnnyP wrote:
> Hi Kevin
>
> None of the zones are AD integrated and the disappearing zone is a
> primary zone on the external server, and a unique primary on the
> internal server.

You should verify both zone types, the only time I've seen or heard of this
happening is if there is an AD integrated zone of the same name on another
DC. AD integrated zones are replicated to all Domain Controllers in the same
domain, if there is an ADI zone on one DC, the zone will replicate to all
DCs in the domain and you can't have two zones of the same name on one DNS
server.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

In news:(E-Mail Removed),
JohnnyP <(E-Mail Removed)> stated, which I commented on below:
> Hi Kevin
>
> None of the zones are AD integrated and the disappearing zone is a
> primary zone on the external server, and a unique primary on the
> internal server.
>
> Cheers
>
> JohnnyP

Is there a firewall between them or NAT?

Ace

I can confirm that they are not AD integrated zones, but I think the
original zone, on the internal server, may have been AD integrated in
the past. The actual primary has been moved to a 2K3 server that is
not yet a DC as we haven't prep'd our 2K domain yet. It was originally
on our 2K DC that is now a 2ndary and soon to be rebuilt as part of an
upgrade process once the domain is prep'd and upgraded to 2K3.

There is a firewall between the two servers in the sense that they hang
of seperate ports. There is no NAT between them.

Cheers

JohnnyP

In news:(E-Mail Removed),
JohnnyP <(E-Mail Removed)> stated, which I commented on below:
> I can confirm that they are not AD integrated zones, but I think the
> original zone, on the internal server, may have been AD integrated in
> the past. The actual primary has been moved to a 2K3 server that is
> not yet a DC as we haven't prep'd our 2K domain yet. It was
> originally on our 2K DC that is now a 2ndary and soon to be rebuilt
> as part of an upgrade process once the domain is prep'd and upgraded
> to 2K3.
>
> There is a firewall between the two servers in the sense that they
> hang of seperate ports. There is no NAT between them.
>
> Cheers
>
> JohnnyP

You can check if the original zone still exists in AD by using ADSI Edit and
looking under the DomainNC context, Microsoft Services, DNS container.

Check the firewall to ensure all ports are opened. DNS transfers require UDP
53.

Ace