AD Integrated Zone Serial Numbers

[Ujoshi]

I'm running 2 ADCs for a single domain, with dns running on both.
They each host an AD integrated zone.
However, they maintain disparate serial numbers.
This is a problem for children which alternately use one as a primary and
the other as a secondary.
How can I make sure that they 'update' each other?

 

[Kevin D. Goodknecht [MVP]]

In

I'm running 2 ADCs for a single domain, with dns running on both.
They each host an AD integrated zone.
However, they maintain disparate serial numbers.
This is a problem for children which alternately use one as a primary
and the other as a secondary.
How can I make sure that they 'update' each other?

The serials should stay the same, Do both DCs have NS records in both zones?
You may have a replication problem, DCDIAG will check that, run DCDIAG /e /v
In TCP/IP properties are the DCs pointing to the other DC as Preferred then
to itself as Alternate DNS only? (no ISP's DNS allowed in the NIC)

 

[Ujoshi]

Thanks for your reply Kevin.

I have checked the network properties and each server refers to the other
first for dns lookups; no other dns server is listed
Both zones already have both servers listed in NS records.
And, dcdiag shows no errors with the parameters you said to use.

I'm still having one server basically 'running away' on updates to the
serial numbers. The separation is about 1 on one server for every 100 on the
other.

Do you have any other suggestions?

Once again, thank you for giving me some ideas on what to look for.

- Umesh

 

[Kevin D. Goodknecht [MVP]]

In

Thanks for your reply Kevin.

I have checked the network properties and each server refers to the
other first for dns lookups; no other dns server is listed

On both of them point them to themselves as Alternate.

Both zones already have both servers listed in NS records.
And, dcdiag shows no errors with the parameters you said to use.

I'm still having one server basically 'running away' on updates to the
serial numbers. The separation is about 1 on one server for every 100
on the other.

So are you saying that when one increments 1 the other increments 100?

try this command to check DNS registration netdiag /test:dns /v

 

[Ujoshi]

In

On both of them point them to themselves as Alternate.

I apologize. I meant that they point to the other as primary and to
themselves as secondary.

So are you saying that when one increments 1 the other increments 100?

The ratio is not exactly 1 for every 100, but it's approximately the general
trend.
Sometimes, the other catches up a little and is behind by only 150 or so.
But otherwise, there's a separation of around 500 by a day's end.

try this command to check DNS registration netdiag /test:dns /v
--

This did not report any errors on either server.

I'm wondering if this may be the case:
These servers are root domain controllers which are not to be used by
anyone.
Perhaps end users of child domains are referring to one of the above as a
secondary.
Would this cause such an effect?

 

[Jonathan de Boyne Pollard]

U> This is a problem for children which alternately use one
U> as a primary and the other as a secondary.

Unless you are very careful and know _exactly_ what you are
doing, don't mix and match different database replication
mechanisms within a single set of peer content DNS servers.

<URL:http://groups.google.com/[email protected]>

 

[Ujoshi]

Thanks for the details. I guess that I'm more worried about the serial
numbers than I need to be!
It /is/ kind of oddball that the serial number is supposed to represent an
actual change to records, but is incremented by replication where no real
change is involved...