SOA, NS issues

[Carlos M. Perez]

Hi,

I have a Win2K SP3 server running AD with two servers. I've been playing
around with the DNS and am having some problems making changes to the SOA
records. The official domain name is computerdns.local and the machine name
is dns001.computerdns.local. The SOA record has the following:

[1547], dns001.computerdns.local, admin.

NS records are:

ns1.domain.com (I added)
ns2.domain.com
ns3.domain.com
ns4.domain.com
dns001.computerdns.local
dns002.computerdns.local

There are 3 A records per machine name pointing to each of the different
IPs, so:

dns001 -> w.x.y.1
dns001 -> a.b.c.1
dns001 -> 10.254.254.3
dns002 -> w.x.y.2
dns002 -> a.b.c.2
dns002 -> 10.254.254.4
(blank) -> w.x.y.1
(blank) -> a.b.c.1
(blank) -> 10.254.254.3
(blank) -> w.x.y.2
(blank) -> a.b.c.2
(blank) -> 10.254.254.4

The server has three NICs, each belonging to a different network. Two are
public, one is private for backup purposes.

I have a zone called company.com
In that, the SOA is identical to the .local domain. If I change the primary
to ns1.domain.com, after a few refreshes, it reverts back to the original
and adds the two ns records for dns001 and dns002. I've tried incrementing
the serial number by 10 to see if the other server (AD) was replacing the
records.

I also need to update all the SOA records in multiple zones to reflect the
primary and RP, and interval times. Is there a way to do them in bulk, or
will this require manual intervention?

Thanks in advance,

Carlos M. Perez

..

 

[Deji Akomolafe]

I have a zone called company.com
Try changing the zone to Primary, instead of AD-integrated.

I also need to update all the SOA records in multiple zones to reflect the

Try dnscmd /RecordAdd. you can use it in a batch file or shell to it in a
VBScript, if you have too many zones

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hi,

I have a Win2K SP3 server running AD with two servers. I've been playing
around with the DNS and am having some problems making changes to the SOA
records. The official domain name is computerdns.local and the machine name
is dns001.computerdns.local. The SOA record has the following:

[1547], dns001.computerdns.local, admin.

NS records are:

ns1.domain.com (I added)
ns2.domain.com
ns3.domain.com
ns4.domain.com
dns001.computerdns.local
dns002.computerdns.local

There are 3 A records per machine name pointing to each of the different
IPs, so:

dns001 -> w.x.y.1
dns001 -> a.b.c.1
dns001 -> 10.254.254.3
dns002 -> w.x.y.2
dns002 -> a.b.c.2
dns002 -> 10.254.254.4
(blank) -> w.x.y.1
(blank) -> a.b.c.1
(blank) -> 10.254.254.3
(blank) -> w.x.y.2
(blank) -> a.b.c.2
(blank) -> 10.254.254.4

The server has three NICs, each belonging to a different network. Two are
public, one is private for backup purposes.

I have a zone called company.com
In that, the SOA is identical to the .local domain. If I change the primary
to ns1.domain.com, after a few refreshes, it reverts back to the original
and adds the two ns records for dns001 and dns002. I've tried incrementing
the serial number by 10 to see if the other server (AD) was replacing the
records.

I also need to update all the SOA records in multiple zones to reflect the
primary and RP, and interval times. Is there a way to do them in bulk, or
will this require manual intervention?

Thanks in advance,

Carlos M. Perez

.

 

[Carlos M. Perez]

Try changing the zone to Primary, instead of AD-integrated.
Why would AD-Integrated not work? The entire purpose of it is not to have
to manually update all the DNS servers.

Try dnscmd /RecordAdd

I will look into this. Thanks.

I have a zone called company.com

Try changing the zone to Primary, instead of AD-integrated.

I also need to update all the SOA records in multiple zones to reflect

the
Try dnscmd /RecordAdd. you can use it in a batch file or shell to it in a
VBScript, if you have too many zones

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hi,

I have a Win2K SP3 server running AD with two servers. I've been playing
around with the DNS and am having some problems making changes to the SOA
records. The official domain name is computerdns.local and the machine name
is dns001.computerdns.local. The SOA record has the following:

[1547], dns001.computerdns.local, admin.

NS records are:

ns1.domain.com (I added)
ns2.domain.com
ns3.domain.com
ns4.domain.com
dns001.computerdns.local
dns002.computerdns.local

There are 3 A records per machine name pointing to each of the different
IPs, so:

dns001 -> w.x.y.1
dns001 -> a.b.c.1
dns001 -> 10.254.254.3
dns002 -> w.x.y.2
dns002 -> a.b.c.2
dns002 -> 10.254.254.4
(blank) -> w.x.y.1
(blank) -> a.b.c.1
(blank) -> 10.254.254.3
(blank) -> w.x.y.2
(blank) -> a.b.c.2
(blank) -> 10.254.254.4

The server has three NICs, each belonging to a different network. Two are
public, one is private for backup purposes.

I have a zone called company.com
In that, the SOA is identical to the .local domain. If I change the primary
to ns1.domain.com, after a few refreshes, it reverts back to the original
and adds the two ns records for dns001 and dns002. I've tried incrementing
the serial number by 10 to see if the other server (AD) was replacing the
records.

I also need to update all the SOA records in multiple zones to reflect the
primary and RP, and interval times. Is there a way to do them in bulk, or
will this require manual intervention?

Thanks in advance,

Carlos M. Perez

.

 

[Deji Akomolafe]

Try changing the zone to Primary, instead of AD-integrated.

Why would AD-Integrated not work? The entire purpose of it is not to have
to manually update all the DNS servers.

Oh, it's working alright. It's just that you don't like the way it's
designed to work, and I was givng you a work-around. Company.com is not
really your AD Domain name, right? AD-integrated zones are controlled and
updated differently from the normal non-AD-Integrated zones.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Try changing the zone to Primary, instead of AD-integrated.

Why would AD-Integrated not work? The entire purpose of it is not to have
to manually update all the DNS servers.

Try dnscmd /RecordAdd

I will look into this. Thanks.

I have a zone called company.com

Try changing the zone to Primary, instead of AD-integrated.

I also need to update all the SOA records in multiple zones to reflect

the
Try dnscmd /RecordAdd. you can use it in a batch file or shell to it in a
VBScript, if you have too many zones

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Hi,

I have a Win2K SP3 server running AD with two servers. I've been playing
around with the DNS and am having some problems making changes to the SOA
records. The official domain name is computerdns.local and the

machine
name

is dns001.computerdns.local. The SOA record has the following:

[1547], dns001.computerdns.local, admin.

NS records are:

ns1.domain.com (I added)
ns2.domain.com
ns3.domain.com
ns4.domain.com
dns001.computerdns.local
dns002.computerdns.local

There are 3 A records per machine name pointing to each of the different
IPs, so:

dns001 -> w.x.y.1
dns001 -> a.b.c.1
dns001 -> 10.254.254.3
dns002 -> w.x.y.2
dns002 -> a.b.c.2
dns002 -> 10.254.254.4
(blank) -> w.x.y.1
(blank) -> a.b.c.1
(blank) -> 10.254.254.3
(blank) -> w.x.y.2
(blank) -> a.b.c.2
(blank) -> 10.254.254.4

The server has three NICs, each belonging to a different network. Two are
public, one is private for backup purposes.

I have a zone called company.com
In that, the SOA is identical to the .local domain. If I change the primary
to ns1.domain.com, after a few refreshes, it reverts back to the original
and adds the two ns records for dns001 and dns002. I've tried incrementing
the serial number by 10 to see if the other server (AD) was replacing the
records.

I also need to update all the SOA records in multiple zones to reflect the
primary and RP, and interval times. Is there a way to do them in

bulk,

or

 

[Carlos M. Perez]

Correct, company.com is not a real domain. The real domain name (DC) is
localdns.local and we have real zones such as companya.com, companyb.com,
etc. Is there anyway to control what the SOA and NS records read?

Thanks.

Why would AD-Integrated not work? The entire purpose of it is not to have
to manually update all the DNS servers.

Oh, it's working alright. It's just that you don't like the way it's
designed to work, and I was givng you a work-around. Company.com is not
really your AD Domain name, right? AD-integrated zones are controlled and
updated differently from the normal non-AD-Integrated zones.

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

Why would AD-Integrated not work? The entire purpose of it is not to have
to manually update all the DNS servers.

I will look into this. Thanks.


reflect
the

in

a

VBScript, if you have too many zones

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
www.akomolafe.com
www.iyaburo.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
Hi,

I have a Win2K SP3 server running AD with two servers. I've been playing
around with the DNS and am having some problems making changes to

the
SOA

records. The official domain name is computerdns.local and the machine
name
is dns001.computerdns.local. The SOA record has the following:

[1547], dns001.computerdns.local, admin.

NS records are:

ns1.domain.com (I added)
ns2.domain.com
ns3.domain.com
ns4.domain.com
dns001.computerdns.local
dns002.computerdns.local

There are 3 A records per machine name pointing to each of the different
IPs, so:

dns001 -> w.x.y.1
dns001 -> a.b.c.1
dns001 -> 10.254.254.3
dns002 -> w.x.y.2
dns002 -> a.b.c.2
dns002 -> 10.254.254.4
(blank) -> w.x.y.1
(blank) -> a.b.c.1
(blank) -> 10.254.254.3
(blank) -> w.x.y.2
(blank) -> a.b.c.2
(blank) -> 10.254.254.4

The server has three NICs, each belonging to a different network.

Two
are

public, one is private for backup purposes.

I have a zone called company.com
In that, the SOA is identical to the .local domain. If I change the
primary
to ns1.domain.com, after a few refreshes, it reverts back to the original
and adds the two ns records for dns001 and dns002. I've tried
incrementing
the serial number by 10 to see if the other server (AD) was

replacing
the

records.

I also need to update all the SOA records in multiple zones to

reflect
the

primary and RP, and interval times. Is there a way to do them in

bulk,

or
will this require manual intervention?

Thanks in advance,

Carlos M. Perez

.

 

[Kevin D. Goodknecht [MVP]]

In Carlos M. Perez <[email protected]> posted a question
Then Kevin replied below:
: Hi,
:
: I have a Win2K SP3 server running AD with two servers. I've been
: playing around with the DNS and am having some problems making
: changes to the SOA records. The official domain name is
: computerdns.local and the machine name is dns001.computerdns.local.
: The SOA record has the following:
:
: [1547], dns001.computerdns.local, admin.
:
: NS records are:
:
: ns1.domain.com (I added)
: ns2.domain.com
: ns3.domain.com
: ns4.domain.com
: dns001.computerdns.local
: dns002.computerdns.local
:
: There are 3 A records per machine name pointing to each of the
: different IPs, so:
:
: dns001 -> w.x.y.1
: dns001 -> a.b.c.1
: dns001 -> 10.254.254.3
: dns002 -> w.x.y.2
: dns002 -> a.b.c.2
: dns002 -> 10.254.254.4
: (blank) -> w.x.y.1
: (blank) -> a.b.c.1
: (blank) -> 10.254.254.3
: (blank) -> w.x.y.2
: (blank) -> a.b.c.2
: (blank) -> 10.254.254.4
:
: The server has three NICs, each belonging to a different network.
: Two are public, one is private for backup purposes.
:
: I have a zone called company.com
: In that, the SOA is identical to the .local domain. If I change the
: primary to ns1.domain.com, after a few refreshes, it reverts back to
: the original and adds the two ns records for dns001 and dns002. I've
: tried incrementing the serial number by 10 to see if the other server
: (AD) was replacing the records.
:
: I also need to update all the SOA records in multiple zones to
: reflect the primary and RP, and interval times. Is there a way to do
: them in bulk, or will this require manual intervention?
:
: Thanks in advance,
:
: Carlos M. Perez
:
: .

This is the correct behavior for an Active Directory Domain Forward lookup,
the local DCs must register their records in the zone for Active Directory
to work, and they will use their own name for SOA. You are try to combine
your Active Directory Domain Forward lookup Zone with your public Domain
Forweard lookup zone. Do not do that it will only cause your trouble. AD and
Public domains are completly separate Name spaces and must be kept that way.
Don't try to combine them it won't work and you are asking for big trouble.
These two domains resolve differently and kept completely separate on
different DNS servers.

 

[Carlos M. Perez]

In Carlos M. Perez <[email protected]> posted a question
Then Kevin replied below:
: Hi,
:
: I have a Win2K SP3 server running AD with two servers. I've been
: playing around with the DNS and am having some problems making
: changes to the SOA records. The official domain name is
: computerdns.local and the machine name is dns001.computerdns.local.
: The SOA record has the following:
:
: [1547], dns001.computerdns.local, admin.
:
: NS records are:
:
: ns1.domain.com (I added)
: ns2.domain.com
: ns3.domain.com
: ns4.domain.com
: dns001.computerdns.local
: dns002.computerdns.local
:
: There are 3 A records per machine name pointing to each of the
: different IPs, so:
:
: dns001 -> w.x.y.1
: dns001 -> a.b.c.1
: dns001 -> 10.254.254.3
: dns002 -> w.x.y.2
: dns002 -> a.b.c.2
: dns002 -> 10.254.254.4
: (blank) -> w.x.y.1
: (blank) -> a.b.c.1
: (blank) -> 10.254.254.3
: (blank) -> w.x.y.2
: (blank) -> a.b.c.2
: (blank) -> 10.254.254.4
:
: The server has three NICs, each belonging to a different network.
: Two are public, one is private for backup purposes.
:
: I have a zone called company.com
: In that, the SOA is identical to the .local domain. If I change the
: primary to ns1.domain.com, after a few refreshes, it reverts back to
: the original and adds the two ns records for dns001 and dns002. I've
: tried incrementing the serial number by 10 to see if the other server
: (AD) was replacing the records.
:
: I also need to update all the SOA records in multiple zones to
: reflect the primary and RP, and interval times. Is there a way to do
: them in bulk, or will this require manual intervention?
:
: Thanks in advance,
:
: Carlos M. Perez
:
: .

This is the correct behavior for an Active Directory Domain Forward lookup,
the local DCs must register their records in the zone for Active Directory
to work, and they will use their own name for SOA. You are try to combine
your Active Directory Domain Forward lookup Zone with your public Domain
Forweard lookup zone. Do not do that it will only cause your trouble. AD and
Public domains are completly separate Name spaces and must be kept that way.
Don't try to combine them it won't work and you are asking for big trouble.
These two domains resolve differently and kept completely separate on
different DNS servers.

The .local is a completely false domain...it's only purpose is the domain
that the DNS servers are linked to. So in essesnce, the domain name should
be realdnsdomain.net?

Thanks,

Carlos.

 

[Kevin D. Goodknecht [MVP]]

In Carlos M. Perez <[email protected]> posted a question
Then Kevin replied below:
: The .local is a completely false domain...it's only purpose is the
: domain that the DNS servers are linked to. So in essesnce, the
: domain name should be realdnsdomain.net?
:
Carlos,
Could you clarify what you are attempting to do?
I take it that you are wanting to host public zones on this server. You can
do that and you can change the SOA of these zones. As long as one of the
domains is not the AD Domain, the DC will register its own records in that
zone. You can change them but only temporarily, because the DC will
re-register its records and set itself to SOA. You should not alter this
behavior.

Any other zones you can do this in, set different NS records and SOA
records. But this DNS server needs to hold glue for these records. That
means it must be able to resolve the names with a simple query to itself.

 

[Carlos M. Perez]

In Carlos M. Perez <[email protected]> posted a question
Then Kevin replied below:
: The .local is a completely false domain...it's only purpose is the
: domain that the DNS servers are linked to. So in essesnce, the
: domain name should be realdnsdomain.net?
:
Carlos,
Could you clarify what you are attempting to do?
I take it that you are wanting to host public zones on this server. You can
do that and you can change the SOA of these zones. As long as one of the
domains is not the AD Domain, the DC will register its own records in that
zone. You can change them but only temporarily, because the DC will
re-register its records and set itself to SOA. You should not alter this
behavior.

Any other zones you can do this in, set different NS records and SOA
records. But this DNS server needs to hold glue for these records. That
means it must be able to resolve the names with a simple query to itself.

Kevin,

You are correct. Actually we do have public zones on this server. If we
change the SOA of these zones, they automatically change back to the
previous SOA. The RP is about the only property that won't change.

If I try to alter other zones, they automatically revert back to the
originally created states, with the NS and SOA the same as the DC records.
I'm thinking that the easy way to alter the 200+ domains would be to convert
to Primary, and move them to a new 2K3 server running DNS with the real DC
zone as the correct public zone.

Is there any other way to do this? We've been waiting to move to W2K3, and
were planning on doing it, it's just that this may make it easier to migrate
and do some housekeeping. Right now the DNS servers work, it's just that we
need to update the RP, SOA to point to the real .net not the .local, and the
NS' are in the same shape.

Thanks for all your help,

Carlos.

 

[Kevin D. Goodknecht [MVP]]

In Carlos M. Perez <[email protected]> posted a question
Then Kevin replied below:
: :: In :: Carlos M. Perez <[email protected]> posted a question
:: Then Kevin replied below:
::: The .local is a completely false domain...it's only purpose is the
::: domain that the DNS servers are linked to. So in essesnce, the
::: domain name should be realdnsdomain.net?
:::
:: Carlos,
:: Could you clarify what you are attempting to do?
:: I take it that you are wanting to host public zones on this server.
:: You can do that and you can change the SOA of these zones. As long
:: as one of the domains is not the AD Domain, the DC will register its
:: own records in that zone. You can change them but only temporarily,
:: because the DC will re-register its records and set itself to SOA.
:: You should not alter this behavior.
::
:: Any other zones you can do this in, set different NS records and SOA
:: records. But this DNS server needs to hold glue for these records.
:: That means it must be able to resolve the names with a simple query
:: to itself.
::
:
: Kevin,
:
: You are correct. Actually we do have public zones on this server.
: If we change the SOA of these zones, they automatically change back
: to the previous SOA. The RP is about the only property that won't
: change.
:
: If I try to alter other zones, they automatically revert back to the
: originally created states, with the NS and SOA the same as the DC
: records. I'm thinking that the easy way to alter the 200+ domains
: would be to convert to Primary, and move them to a new 2K3 server
: running DNS with the real DC zone as the correct public zone.
:
: Is there any other way to do this? We've been waiting to move to
: W2K3, and were planning on doing it, it's just that this may make it
: easier to migrate and do some housekeeping. Right now the DNS
: servers work, it's just that we need to update the RP, SOA to point
: to the real .net not the .local, and the NS' are in the same shape.
:
: Thanks for all your help,
:
: Carlos.

If you use Active Directory Integrated Zones, the DC will automatically give
the Zone its name for the SOA record. Use standard primary if you want to
change the SOA.