DNS and Zone transfer

[KJ]

If the sending DNS server(WIn2k3 upgraded from win2k), a
subdomain, sends it's Zone file to the main, root, DNS
server(Unix), and the zone is Active Directory
Integrated, is there any reason the Unix box would
receive errors or fail to keep the zone file loaded? It
sometimes gets errors and at others, it receives zone
transfer. Is it necessary to send any zone file transfer
once you start pulling your own in? Is there any reason
to forward to root, especially if you have root hints
still installed?

 

[Ace Fekay [MVP]]

In

If the sending DNS server(WIn2k3 upgraded from win2k), a
subdomain, sends it's Zone file to the main, root, DNS
server(Unix), and the zone is Active Directory
Integrated, is there any reason the Unix box would
receive errors or fail to keep the zone file loaded? It
sometimes gets errors and at others, it receives zone
transfer. Is it necessary to send any zone file transfer
once you start pulling your own in? Is there any reason
to forward to root, especially if you have root hints
still installed?

Doesn't sound like the ideal scenario. If you have child domains, the best
practice and recommendation is to use delegation from the DNS server hosting
the parent zone to the child DNS servers hosting the child zone. Then use a
forwarder back to the parent DNS.

AD Integrated zones act like a Primary zone for zone transfers, so I can't
remember any issues between BIND and MS DNS. I woiuld just insure there are
no firewalls in between and that zone transfers are allowed, maybe even try
specifically to the IP, or allow all.

I wouldn't alter the Root hints, that just complicates matters when
diagnosing and is not necessarily recommended. Just use the forwarders. If
already using Root Hints, then no forwarder is required. But would rather
see you use forwarding.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================

 

[KJ]

Started out supposedly being delegated, but the new
Internal network (behind firewall) needed a push to it so
went with zone transfer, then lost any delegation it
seemed because local web sites were not found, then after
receiving a zone transfer, it starts working. There still
are some glitches that users are not getting past Citrix
Nfuse site into that domain even though there are zone
files available on both sides now.

 

[Ace Fekay [MVP]]

In

Started out supposedly being delegated, but the new
Internal network (behind firewall) needed a push to it so
went with zone transfer, then lost any delegation it
seemed because local web sites were not found, then after
receiving a zone transfer, it starts working. There still
are some glitches that users are not getting past Citrix
Nfuse site into that domain even though there are zone
files available on both sides now.

I cannot see how a delegation can be lost, if that is what you're hinting
at. A delegation just has pointers for the parent DNS to know what DNS
server hosts the child zone, so there is no zone transfers in a delegation
scenario.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS-IS" with no warranties and confers no
rights.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
pig. --
=================================