Zones disappearing - no idea why - help!

[Scott Mellen]

I run a 2000AD, with two AD-Integrated DC/DNS servers. My domain is a child
one level down from the forest root. On my DC/DNS servers, I keep an
AD-integrated zone for my own domain, and secondary copies of the forest
root zone as well as another child domain at the same level as me.

My problem is that the secondary zone copy of the forest root zone
"disappears" from time to time, from one server more often than the other,
but definitely from both. All these servers are completely patched up
current, there aren't any log errors that give any clue as to why this is
happening, I'll just have a resolution error one day and check the server(s)
and find that yes, the zone is "gone" again, so I re-add it.

Interestingly, this problem never afflicts the secondary zone copies of that
other child domain; it's only the secondary copy of the forest root domain
that disappears.

On a call with MS PSS once a few months ago (about something else) the tech
confirmed that he'd heard of this bug but didn't have much more to say about
it.

As a semi-workaround I've added a forest root DNS server as a forwarder
address on my two child domain DNS servers but I'd rather it just worked
properly.

Does anyone have any ideas?


Thanks
Scott.

 

[Deji Akomolafe]

Next time you recreate the zone, try changing the Serial number on the zone.
I am suspecting that there is a delete operation going on on at least one
other DNS server in your org and that is what is overwriting your
newly-created zone. To be sure, I'd bump the serial number to a 4-digit
figure (9999 or something).

--


Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

 

[Kevin D. Goodknecht Sr. [MVP]]

In

I run a 2000AD, with two AD-Integrated DC/DNS servers. My
domain is a child one level down from the forest root. On
my DC/DNS servers, I keep an AD-integrated zone for my
own domain, and secondary copies of the forest root zone
as well as another child domain at the same level as me.

My problem is that the secondary zone copy of the forest
root zone "disappears" from time to time, from one server
more often than the other, but definitely from both. All
these servers are completely patched up current, there
aren't any log errors that give any clue as to why this
is happening, I'll just have a resolution error one day
and check the server(s) and find that yes, the zone is
"gone" again, so I re-add it.

Interestingly, this problem never afflicts the secondary
zone copies of that other child domain; it's only the
secondary copy of the forest root domain that disappears.

On a call with MS PSS once a few months ago (about
something else) the tech confirmed that he'd heard of
this bug but didn't have much more to say about it.

As a semi-workaround I've added a forest root DNS server
as a forwarder address on my two child domain DNS servers
but I'd rather it just worked properly.

Does anyone have any ideas?

Did you at one time create an AD integrated zone for the forest root on the
child DC?

In ADUC for the child domain.
+System
+MicrosoftDNS
If the is an object with the Forest root name delete it.

In Win2k resolving the forest root from a child DNS was always a problem,
Forwarding from the child to the forest root DNS is probably the best
resolution.