Zone Transfer Problem - Need Help

[ky]

Hi,

Our situation is this - we manage our own primary dns
server running on windows 2000 and the secondary dns
server is handled by our isp. for some reason or another
the isp can not pull or dig the records from our dns
server anymore. there has not been any changes done on our
part. i have configured our server to allow zone transfer
to any server but still no success. I am kinda stuck as
far as troubleshooting goes. the thing is our server is
still answering querys and resolving names. please help
and thanks in advance.

-ky

 

[Jonathan de Boyne Pollard]

k> the isp can not pull or dig the records from our dns server anymore.
k> [...]
k> I am kinda stuck as far as troubleshooting goes.

Get your ISP to describe the problem to you properly, and then (if it
isn't obvious to you from that description what the cause of the
problem is) pass on that description to us.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/problem-report-standard-litany.html>

 

[Kevin D. Goodknecht [MVP]]

In

Hi,

Our situation is this - we manage our own primary DNS
server running on windows 2000 and the secondary DNS
server is handled by our ISP. for some reason or another
the ISP can not pull or dig the records from our DNS
server anymore. there has not been any changes done on our
part. i have configured our server to allow zone transfer
to any server but still no success. I am kinda stuck as
far as troubleshooting goes. the thing is our server is
still answering querys and resolving names. please help
and thanks in advance.

-ky

Should I assume you have properly configured your router to forward incoming
connections on the correct public IP on port 53 TCP & UDP to the IP of your
DNS server?
We can only make guesses unless you are willing to post the public domain
name involved here.

If you feel you cannot do that the only suggestion I can make is to use the
tools available at www.dnsreport.com to check your DNS server from the
public view point. Remember, your DNS server can work perfectly well from
your internal view, but the internal view will not work from the public
view.
Many DNS beginners, and this is not a hit on you, do not understand that
anytime you have an internal network using DNS, you cannot use the internal
view and public view in the same DNS zone with MSDNS. I hear that Win2k3 is
capable of this but I have not tested Win2k3 in my network. I will be doing
that within the next six months or so I purchased a retail box last week,
I'm waiting for SP1 to be released.

 

[Ace Fekay [MVP]]

The nslookup message (not this is NOT an error) just states that you have no
reverse PTR entry for you DNS server. Just create a reverse zone and make
sure you have a PTR entry for it.

As far as zone transfers, as Kevin suggested to make sure the necessary
rules are allowed thru your firewall or port remap is correct in your NAT.
If this continues to be an issue, see this below. It maybe applicable:

194129 - Microsoft DNS Fails to Acquire Zone Transfer from BIND Primary:
http://support.microsoft.com/default.aspx?scid=kb;en-us;194129

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

jonathon,

thanks for the response. i think we may have a problem
internally as well. when i go to the dos prompt and do an
nslookup this is what i get:

C:\>nslookup
*** Can't find server name for address 192.xx.xx.xx: Non-
existent domain
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 151.xx.xx.xx: Timed
out
*** Default servers are not available
Default Server: UnKnown
Address: 192.xx.xx.xx

the 151 ip address would be our seconday dns server hosted
by out isp. the 192 would be our internal dns server. i
have checked all the settings on our server and everything
looks fine. i am not sure where else to check.

-ky

-----Original Message-----
k> the isp can not pull or dig the records from our dns server anymore.
k> [...]
k> I am kinda stuck as far as troubleshooting goes.

Get your ISP to describe the problem to you properly, and then (if it
isn't obvious to you from that description what the cause of the
problem is) pass on that description to us.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/pro blem-report-standard-litany.html>
.

 

[Guest]

thanks ace,

i created a reverse lookup zone for the internal network
and now i dont get that erro anymore.

-ky

-----Original Message-----
The nslookup message (not this is NOT an error) just states that you have no
reverse PTR entry for you DNS server. Just create a reverse zone and make
sure you have a PTR entry for it.

As far as zone transfers, as Kevin suggested to make sure the necessary
rules are allowed thru your firewall or port remap is correct in your NAT.
If this continues to be an issue, see this below. It maybe applicable:

194129 - Microsoft DNS Fails to Acquire Zone Transfer from BIND Primary:
http://support.microsoft.com/default.aspx?scid=kb;en- us;194129

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
--
=================================

jonathon,

thanks for the response. i think we may have a problem
internally as well. when i go to the dos prompt and do an
nslookup this is what i get:

C:\>nslookup
*** Can't find server name for address 192.xx.xx.xx: Non-
existent domain
DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 151.xx.xx.xx: Timed
out
*** Default servers are not available
Default Server: UnKnown
Address: 192.xx.xx.xx

the 151 ip address would be our seconday dns server hosted
by out isp. the 192 would be our internal dns server. i
have checked all the settings on our server and everything
looks fine. i am not sure where else to check.

-ky

-----Original Message-----
k> the isp can not pull or dig the records from our dns server anymore.
k> [...]
k> I am kinda stuck as far as troubleshooting goes.

Get your ISP to describe the problem to you properly,

and
then (if it

isn't obvious to you from that description what the

cause
of the

problem is) pass on that description to us.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/pro

blem-report-standard-litany.html>
.

.

 

[Ace Fekay [MVP]]

thanks ace,

i created a reverse lookup zone for the internal network
and now i dont get that erro anymore.

-ky

Ah, now what did I say? This is NOT an error, but rather just a message.


Glad you got it working.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Jonathan de Boyne Pollard]

a> i think we may have a problem internally as well.

You haven't.

a> *** Can't find server name for address 192.xx.xx.xx: Non-existent domain
a> *** Can't find server name for address 151.xx.xx.xx: Timed out
a> *** Default servers are not available

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/nslookup-daft-error-message.html>

Moreover, this is unrelated to the problem that the original
poster had with his ISP.