Missing DCs/GCs in AD Integrated DNS

[Guest]

I've walked into a network with a number of issues the most mind-boggling to
me is some strange DNS happenings.

We have a flat domain spread across 9 sites. Each site has a DC that is a
GC and DNS is AD integrated. Two sites have secondary DC/GC for a total of 9
DC/GC servers.

In the Forward Lookup Zone for our domain, in the _TCP and _UDP containers
there are only 5 of our DCs are listed (_gc, _kpasswd, _kerberos, _ldap).

Under _MSDCS all DCs are listed with GUID of type CNAME
In the sub-container of DOMAINS/guid/TCP, there are only the same 5 servers.

In the sub-container of DC/_TCP the same 5 servers
In the sub-contraing of DC/SITES/sitename - the appropriate server(s) for
the site are listed.
In the sub-container of GC there are 6 A records matching 5 DCs/GCs (?)
In the sub-container of GC/_TCP the same 5 servers appear.
In the sub-container of GC/SITES/sitename - the appropriate server(s) for
the site are listed.

So....why do only 5 of 11 DC/GC servers appear?
Does this suggest a replication problem? Configuration related?

Anybody have an idea as to what may be happening and what I should be
looking at?

Thanks

Joe

 

[Jorge_de_Almeida_Pinto]

I've walked into a network with a number of issues the most
mind-boggling to
me is some strange DNS happenings.

We have a flat domain spread across 9 sites. Each site has a
DC that is a
GC and DNS is AD integrated. Two sites have secondary DC/GC
for a total of 9
DC/GC servers.

In the Forward Lookup Zone for our domain, in the _TCP and
_UDP containers
there are only 5 of our DCs are listed (_gc, _kpasswd,
_kerberos, _ldap).

Under _MSDCS all DCs are listed with GUID of type CNAME
In the sub-container of DOMAINS/guid/TCP, there are only the
same 5 servers.

In the sub-container of DC/_TCP the same 5 servers
In the sub-contraing of DC/SITES/sitename - the appropriate
server(s) for
the site are listed.
In the sub-container of GC there are 6 A records matching 5
DCs/GCs (?)
In the sub-container of GC/_TCP the same 5 servers appear.
In the sub-container of GC/SITES/sitename - the appropriate
server(s) for
the site are listed.

So....why do only 5 of 11 DC/GC servers appear?
Does this suggest a replication problem? Configuration
related?

Anybody have an idea as to what may be happening and what I
should be
looking at?

Thanks

Joe

the first thing that comes to my mind is that the missing DCs/GCs are
configured NOT to register several SRV RRs.

Check policies that apply to those DCs for the GPO setting:
DC Locator DNS records not registered by the DCs (meaning: Determines
which DC Locator DNS records are not registered by the Netlogon
service)

or check the DCs for the following:
DnsAvoidRegisterRecords
Registry path
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetlogonParamete
rs

Version
Windows Server 2003

Specifies the list of data corresponding to the DNS resource records
that should not be registered for a domain controller by the Net Logon
service. Restarting the Net Logon service is not required to make the
changes to this value effective. If the DnsAvoidRegisterRecords
registry key is created or modified within the first 15 minutes after
the Net Logon service is started, there might be a short delay before
the appropriate DNS updates appear and are replicated to the other DNS
servers. If the modifications are made while the Net Logon service is
stopped there is a short delay before the DNS updates appear after the
Net Logon service is restarted.

for more info see:
http://www.microsoft.com/technet/pr...Ref/4d8388e6-6ba0-4f08-b1d9-525bf949fa76.mspx