I'm having a problem and need help badly. Here is the issue.

I'm running Windows 2000 Server and I have over 100 primary zones that are
Active Directory Integrated zones and all of these zones are configured to
allow zone transfers to any server.

Of these 100 AD integrated zones I have two zones that have stopped allowing
zone transfers to other secondary DNS servers in our environment.

I have tried removing the secondary zone on the secondary dns and recreating
it but when I finish the secondary zone never completes that zone transfer.
I have also re-created the primary zone prior to creating the secondary zone
and the secondary zone never completes the zone transfer. I have also
deleted the zone from Active Directory and have recreated it as a Primary
non-ADIntegrated zone and still no luck in being able to create a secondary
zone that can complete a zone transfer. Note also that it doesn't matter
what secondary DNS server I try create the secondary zone on the zone
transfer always fails. This also fails on brand new secondary DNS servers
.... the zone transfer never completes between the primary and secondar
zones.

So far I can find no errors being reported as to what or why the zone
transfer is failing and I'm stumped as to how to fix this problem. It's
almost like the 2 zones was setup not to allow zone tranfers or only
transfers to specific servers and that the configuration to allow zone
transfers to any server has failed to set properly. Note that I have tried
changing the setting specifying that zone transfers are allowed to my
secondary DNS server but I still cannot get the zone transfer to complete.

Can anyone help me resolve this issue so I can get these two zones to
perform a zone transfer?

W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> wrote:
> I'm having a problem and need help badly. Here is the issue.
>
> I'm running Windows 2000 Server and I have over 100 primary zones
> that are Active Directory Integrated zones and all of these zones are
> configured to allow zone transfers to any server.
>
> Of these 100 AD integrated zones I have two zones that have stopped
> allowing zone transfers to other secondary DNS servers in our
> environment.
>
> I have tried removing the secondary zone on the secondary dns and
> recreating it but when I finish the secondary zone never completes
> that zone transfer. I have also re-created the primary zone prior to
> creating the secondary zone and the secondary zone never completes
> the zone transfer. I have also deleted the zone from Active
> Directory and have recreated it as a Primary non-ADIntegrated zone
> and still no luck in being able to create a secondary zone that can
> complete a zone transfer. Note also that it doesn't matter what
> secondary DNS server I try create the secondary zone on the zone
> transfer always fails. This also fails on brand new secondary DNS
> servers ... the zone transfer never completes between the primary
> and secondar zones.
>
> So far I can find no errors being reported as to what or why the zone
> transfer is failing and I'm stumped as to how to fix this problem.
> It's almost like the 2 zones was setup not to allow zone tranfers or
> only transfers to specific servers and that the configuration to
> allow zone transfers to any server has failed to set properly. Note
> that I have tried changing the setting specifying that zone transfers
> are allowed to my secondary DNS server but I still cannot get the
> zone transfer to complete.
>
> Can anyone help me resolve this issue so I can get these two zones to
> perform a zone transfer?

Tell us about the "Secondary" DNS server, is it on a DC?... Just to let you
know, if the primary is AD integrated and the "secondary" DNS is also on a
DC in the same domain, zone transfers are not necessary, in fact you can't
use a secondary of the zone on another DC, you have to let Active Directory
replicate the zone.
Is it multi-homed?
Is it behind the same router?

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Kevin,

Thanks for the reply.

In our environment all of the DNS servers are Domain Controllers. The
primary DNS servers that I was referring to are on our production root DC's.
Two of the secondary DNS servers are also on root DC's but they are for a
separate TEST environment. Two other secondary DNS servers are what we
refer to as our Test "Corp" DC's which are 1 level down from the Test Root
DC. Note that at the primary root level there are 3 DC's and that the zones
appear to be replicating correctly via active directory. Also note that the
Test DC's (2 roots and 2 corps) all have many secondary zones from the
Production DC's (3 root and 2 corp) on them and all of them are performing
zone transfers correctly. It's only these 2 zones that are failing and they
are setup just like the other zones from a zone transfer perspective.





The secondary DNS servers are all Active Directory Domain Controllers
however none are on the same domain as the primary. The primary DC is our
root DC and the secondary


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%2307xkhV1FHA.3720@TK2MSFTNGP14.phx.gbl...
>W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> wrote:
>> I'm having a problem and need help badly. Here is the issue.
>>
>> I'm running Windows 2000 Server and I have over 100 primary zones
>> that are Active Directory Integrated zones and all of these zones are
>> configured to allow zone transfers to any server.
>>
>> Of these 100 AD integrated zones I have two zones that have stopped
>> allowing zone transfers to other secondary DNS servers in our
>> environment.
>>
>> I have tried removing the secondary zone on the secondary dns and
>> recreating it but when I finish the secondary zone never completes
>> that zone transfer. I have also re-created the primary zone prior to
>> creating the secondary zone and the secondary zone never completes
>> the zone transfer. I have also deleted the zone from Active
>> Directory and have recreated it as a Primary non-ADIntegrated zone
>> and still no luck in being able to create a secondary zone that can
>> complete a zone transfer. Note also that it doesn't matter what
>> secondary DNS server I try create the secondary zone on the zone
>> transfer always fails. This also fails on brand new secondary DNS
>> servers ... the zone transfer never completes between the primary
>> and secondar zones.
>>
>> So far I can find no errors being reported as to what or why the zone
>> transfer is failing and I'm stumped as to how to fix this problem.
>> It's almost like the 2 zones was setup not to allow zone tranfers or
>> only transfers to specific servers and that the configuration to
>> allow zone transfers to any server has failed to set properly. Note
>> that I have tried changing the setting specifying that zone transfers
>> are allowed to my secondary DNS server but I still cannot get the
>> zone transfer to complete.
>>
>> Can anyone help me resolve this issue so I can get these two zones to
>> perform a zone transfer?
>
> Tell us about the "Secondary" DNS server, is it on a DC?... Just to let
> you
> know, if the primary is AD integrated and the "secondary" DNS is also on a
> DC in the same domain, zone transfers are not necessary, in fact you can't
> use a secondary of the zone on another DC, you have to let Active
> Directory
> replicate the zone.
> Is it multi-homed?
> Is it behind the same router?
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

Note sure that I understand this but both zones had a CName record that had
no name (i.e. same as parent folder). With help from Ace Feley I was able
to replicate this problem by starting out with a totally new zone that quit
doing zone transfers as soon as I put the blank CName record in the zone. I
could put a blank Host records in the zone and zone transfers would continue
but not with a blank CName record.


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:%2307xkhV1FHA.3720@TK2MSFTNGP14.phx.gbl...
>W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> wrote:
>> I'm having a problem and need help badly. Here is the issue.
>>
>> I'm running Windows 2000 Server and I have over 100 primary zones
>> that are Active Directory Integrated zones and all of these zones are
>> configured to allow zone transfers to any server.
>>
>> Of these 100 AD integrated zones I have two zones that have stopped
>> allowing zone transfers to other secondary DNS servers in our
>> environment.
>>
>> I have tried removing the secondary zone on the secondary dns and
>> recreating it but when I finish the secondary zone never completes
>> that zone transfer. I have also re-created the primary zone prior to
>> creating the secondary zone and the secondary zone never completes
>> the zone transfer. I have also deleted the zone from Active
>> Directory and have recreated it as a Primary non-ADIntegrated zone
>> and still no luck in being able to create a secondary zone that can
>> complete a zone transfer. Note also that it doesn't matter what
>> secondary DNS server I try create the secondary zone on the zone
>> transfer always fails. This also fails on brand new secondary DNS
>> servers ... the zone transfer never completes between the primary
>> and secondar zones.
>>
>> So far I can find no errors being reported as to what or why the zone
>> transfer is failing and I'm stumped as to how to fix this problem.
>> It's almost like the 2 zones was setup not to allow zone tranfers or
>> only transfers to specific servers and that the configuration to
>> allow zone transfers to any server has failed to set properly. Note
>> that I have tried changing the setting specifying that zone transfers
>> are allowed to my secondary DNS server but I still cannot get the
>> zone transfer to complete.
>>
>> Can anyone help me resolve this issue so I can get these two zones to
>> perform a zone transfer?
>
> Tell us about the "Secondary" DNS server, is it on a DC?... Just to let
> you
> know, if the primary is AD integrated and the "secondary" DNS is also on a
> DC in the same domain, zone transfers are not necessary, in fact you can't
> use a secondary of the zone on another DC, you have to let Active
> Directory
> replicate the zone.
> Is it multi-homed?
> Is it behind the same router?
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> https://secure.lsaol.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>

In news:uojc3sZ1FHA.560@TK2MSFTNGP12.phx.gbl,
W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> made this
post, which I then commented about below:
> Note sure that I understand this but both zones had a CName record
> that had no name (i.e. same as parent folder). With help from Ace
> Feley I was able to replicate this problem by starting out with a
> totally new zone that quit doing zone transfers as soon as I put the
> blank CName record in the zone. I could put a blank Host records in
> the zone and zone transfers would continue but not with a blank CName
> record.

Hence that was the offending record. CNAMES can be problematic at times if
not configured correctly. CNAMES to the parent folder are not a valid
record.

Glad you figured it out!
Ace

The only thing I find odd is that the DNS MMC allowed me to create the
record in the first place.


"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:%23mAyAzf1FHA.1032@TK2MSFTNGP12.phx.gbl...
> In news:uojc3sZ1FHA.560@TK2MSFTNGP12.phx.gbl,
> W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> made this
> post, which I then commented about below:
>> Note sure that I understand this but both zones had a CName record
>> that had no name (i.e. same as parent folder). With help from Ace
>> Feley I was able to replicate this problem by starting out with a
>> totally new zone that quit doing zone transfers as soon as I put the
>> blank CName record in the zone. I could put a blank Host records in
>> the zone and zone transfers would continue but not with a blank CName
>> record.
>
> Hence that was the offending record. CNAMES can be problematic at times if
> not configured correctly. CNAMES to the parent folder are not a valid
> record.
>
> Glad you figured it out!
> Ace
>

In news:OACf5xp1FHA.3376@TK2MSFTNGP14.phx.gbl,
W C Hull <substitute1stInitial2ndInitialLastName51@hotmaill.com> made this
post, which I then commented about below:
> The only thing I find odd is that the DNS MMC allowed me to create the
> record in the first place.

I know, unfortunate to find out the hard way!

Ace