zone transfers?

[hotgal]

hi

i have a AD zone in my corporate domain and a secondary
zone in my remote domain. the SOA on the AD zone is 1720
while the SOA on the secondary shows 1666. how can I get
the secondary zone to update its information to the
correct information in the AD zone. The information in
the AD zone is correct. I have tried incrementing the
serial number on the AD zone, I tried performing the
Transfer from Master option on the secondary. Is there
anything else I am missing. What should I do to solve
this problem?

Thanks

 

[Kevin D. Goodknecht [MVP]]

In

hi

i have a AD zone in my corporate domain and a secondary
zone in my remote domain. the SOA on the AD zone is 1720
while the SOA on the secondary shows 1666. how can I get
the secondary zone to update its information to the
correct information in the AD zone. The information in
the AD zone is correct. I have tried incrementing the
serial number on the AD zone, I tried performing the
Transfer from Master option on the secondary. Is there
anything else I am missing. What should I do to solve
this problem?

Thanks

Does the zone transfer if you select allow zone transfers to all addresses?

 

[Hot Gal]

Yes the zone is transfering niformation, but the wrong information.

To be a lil more clear ...

Our group is creating a private WAN connected over VPN tunnels using
Netscreen hardware and software. We are using DNS and W2K as the backbone
for our network and resource sharing internally and across the WAN.

The network consists of two LANs and a number of remote users who connect to
one of the hubs. Currently each LAN has a primary DNS server setup to
provide name service within each. In addition we created secondary zones on
each lan to pull the information from the primary on the opposing LAN,
therefore allowing users on each side to access resources by name on either
LAN.

Lan1
Primary A - Secondary A

Lan2
Primary B - Secondary B

This was function reasonably well for a period, however in order to access
high speed connections we changed ISPs and had to reestablish the tunnels.
Once this was complete, we found that the secondary on Lan1 re-established
the zone connections without problem. The secondary on Lan2 did not. We
noticed the following event log errors

1202 - SceCli - an indication that the trust relationship had been broken
6534 - DNS - no explanations found (NetID, MS support). It seems to be
associated with zone information not being received.

The trust failed because the DNS could not identify the trusted network on
the other side of the tunnel. After not finding any errors in the
configuration of the Lan2 secondary or the Lan1 primary, we recreated the
secondary on Lan2. This did not initially work, however after a few hours
the transfer occurred. The information transferred was old however
(secondary index 1666, primary 1749). Over the period of the wait - the Lan1
server indicated successful transfer in the event log, however the Lan2 side
showed the 6534 errors.

My questions

1) The research seemed to suggest that there may be illegal characters in
the primary zone of Lan1, what are these illegal characters, how can we
remove them?

2) That the secondary on Lan1 us receiving and updating without problem is
mystifying - it suggests that the connectivity across the tunnel is there.
What are we missing?

3) Is it likely that the continuing lack of updates will eventually result
in the Lan2 secondary expiring? How can we address that (at least short term
in the absence of a solution)?

Any thoughts, suggestions, solutions, fixes or workarounds would be
appreciated.

Thanks