DBS Zone Transfer Problem

[DavidM]

Hello --

I have a primary and secondary DNS server that is facing the Internet both
using W2K.

I'm also creating a secondary DNS server that is facing our private network
using W2K.

When create the secondary zone on the private DNS, the zone transfer does
not work and I get an exclamation point on the icon. The error message in
DNS Manager is:

Zone not loaded by DNS Server - The DNS server encountered an error while
attempting to load the zones. The transfer of the zone data from the master
server failed.

I have the IP address of this server defined on this zones primary NS tab.
I also have the Zone Transfer tab set to allow transfers only to servers on
the NS tab.

Anyone have any ideas why this doesn't work?

Trying to hard-code an IP in the NS tab does not work either. However, if I
select "Any Server" from the tab, the transfer appears to work. There is no
NATing going on and the address both servers should see are the real
addresses.

I have a NS record called ns3.mydomain.net on the root container of my name.
It shows the type as "Name Server".

The event log for the ns4 server that is failing reports:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6525
Date: 2/15/2005
Time: 10:53:16 PM
User: N/A
Computer: NS3
Description:
Zone transfer request for secondary zone mydomain.net refused by master
server at 12.148.19.15.
Check the zone at the master server 12.148.19.15 to verify that zone
transfer is enabled to this server.
To do so, use the DNS console, and select master server 12.148.19.15 as the
applicable server, then in
secondary zone mydomain.net Properties, view the settings on the Zone
Transfers tab. Based on the settings
you choose, make any configuration adjustments there (or possibly in the
Name Servers tab) so that a zone
transfer can be made to this server.

 

[Ace Fekay [MVP]]

In

Hello --

I have a primary and secondary DNS server that is facing the Internet
both using W2K.

I'm also creating a secondary DNS server that is facing our private
network using W2K.

When create the secondary zone on the private DNS, the zone transfer
does not work and I get an exclamation point on the icon. The error
message in DNS Manager is:

Zone not loaded by DNS Server - The DNS server encountered an error
while attempting to load the zones. The transfer of the zone data
from the master server failed.

I have the IP address of this server defined on this zones primary NS
tab. I also have the Zone Transfer tab set to allow transfers only to
servers on the NS tab.

Anyone have any ideas why this doesn't work?

Trying to hard-code an IP in the NS tab does not work either. However, if
I select "Any Server" from the tab, the transfer appears
to work. There is no NATing going on and the address both servers
should see are the real addresses.

I have a NS record called ns3.mydomain.net on the root container of
my name. It shows the type as "Name Server".

The event log for the ns4 server that is failing reports:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6525
Date: 2/15/2005
Time: 10:53:16 PM
User: N/A
Computer: NS3
Description:
Zone transfer request for secondary zone mydomain.net refused by
master server at 12.148.19.15.
Check the zone at the master server 12.148.19.15 to verify that zone
transfer is enabled to this server.
To do so, use the DNS console, and select master server 12.148.19.15
as the applicable server, then in
secondary zone mydomain.net Properties, view the settings on the Zone
Transfers tab. Based on the settings
you choose, make any configuration adjustments there (or possibly in
the Name Servers tab) so that a zone
transfer can be made to this server.

Is the server you are trying to transfer to multihomed?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[dm4714]

Yes -- it is multi-homed.


"Ace Fekay [MVP]"

In

Is the server you are trying to transfer to multihomed?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[dm4714]

Actually -- I take that back. The sever that is the secondary has two
network cards, but the second one is disabled.

From the DNS Interfaces tab, I have the current server's IP address defined
within the list.



"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Actually -- I take that back. The sever that is the secondary has two
network cards, but the second one is disabled.

From the DNS Interfaces tab, I have the current server's IP address
defined within the list.

It maybe looking at the wrong address, for whatever reason. Check all your
settings on the Primary to know that the server you specified in the
nameservers tab to allow transfer to actually is pointing to the actual
address. Also, when the secondary is asking for the transfer, the Primary
maybe looking at the incoming connection packet and seeing the incorrect IP,
hence rejecting the attempt. You can try a netmon capture to see exactly
what is going on during the attempt. Check all your IPs and names settings
on both ends. Then try deleting the secondary zone, and re-creating it and
try it again.

Ace

 

[dm4714]

The probably is that we apparently have some erroneous natting going on and
the primary is seeing our source IP address as something totally different.
The only reason I know this is that I ran NetMon on the primary server and
tried to do a DNS transfer from master.

In the meantime, I went and added the natting address and everything is
working. I'll have to get my networking group to see what I'm getting the
wrong address.

Arrghhh--

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

The probably is that we apparently have some erroneous natting going
on and the primary is seeing our source IP address as something
totally different. The only reason I know this is that I ran NetMon
on the primary server and tried to do a DNS transfer from master.

In the meantime, I went and added the natting address and everything
is working. I'll have to get my networking group to see what I'm
getting the wrong address.

Arrghhh--

Well, at least we're on the right track. I am curious to your results,
please post back.

Ace