Hey All -
I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.
any ideas ? help ? suggestions ?
Thanks,

I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 8:12 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] DNS zones expiring

Hey All -
I've setup the child domain DNS zones as primary ( not AD-Integrated). the parent Domain Controllers/DNS servers i've added that zone as a secondary zone. I've noticed this dns setup has worked better for me in the past than a full AD-Integrated setup. After migrating over to Widows 2003, every day i get an event log message on the parent DNS server log indicating that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone
transfer or update from a master server acting as its source for the zone.
The zone has been shut down.

For more information, see Help and Support Center at

9/14/06, Akomolafe, Deji <deji (AT) readymaids (DOT) comwrote:

I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers. Verify this by doing something like "telnet PrimaryDNSServer 53" from the secondary server and then going to the Primary server and doing "netstat |find ":53" and making sure that you could see the real IP address of the secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the secondary server is on the list of servers allowed to transfer that particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS console on the secondary server, right-clicking on the zone and selecting "Reload from master" first. If that fails, then I'd try "Transfer from master".

If that fails, then I'd pray very hard then enable DNS logging then pray some more and open up the log file after a while. Then I'd post back here with whatever is interesting.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 2:14 PM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

For more information, see Help and Support Center at

9/14/06, Akomolafe, Deji <deji (AT) readymaids (DOT) comwrote:
I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 8:12 AM
To: mailto:ActiveDir (AT) mail (DOT) activedir.org
Subject: [ActiveDir] DNS zones expiring

Hey All -
I've setup the child domain DNS zones as primary ( not AD-Integrated). the parent Domain Controllers/DNS servers i've added that zone as a secondary zone. I've noticed this dns setup has worked better for me in the past than a full AD-Integrated setup. After migrating over to Widows 2003, every day i get an event log message on the parent DNS server log indicating that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works as
it should.

I have the "allow all servers listed under nameservers" selected for zone
transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its own
without any pattern and i have to manually reload. Needless to say, not very
efficient

I'm open to other ways to architect the DNS structure for a single parent
with single child.

what are the "recommended" steps for this type of DNS setup ? Domain
delgation ? all AD-integrated ?

9/14/06, Akomolafe, Deji <deji (AT) readymaids (DOT) comwrote:

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers. Verify
this by doing something like "telnet PrimaryDNSServer 53" from the secondary
server and then going to the Primary server and doing "netstat |find ":53"
and making sure that you could see the real IP address of the secondary
server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the secondary
server is on the list of servers allowed to transfer that particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS
console on the secondary server, right-clicking on the zone and selecting
"Reload from master" first. If that fails, then I'd try "Transfer from
master".

If that fails, then I'd pray very hard then enable DNS logging
then pray some more and open up the log file after a while. Then I'd post
back here with whatever is interesting.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 2:14 PM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone
transfer or update from a master server acting as its source for the zone.
The zone has been shut down.

For more information, see Help and Support Center at

>
>
>
9/14/06, Akomolafe, Deji <deji (AT) readymaids (DOT) comwrote:

I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* mailto:ActiveDir (AT) mail (DOT) activedir.org <ActiveDir (AT) mail (DOT) activedir.org>

*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

>From what I've seen, the timeout can also be attributed to the transfer
failing for whatever reason. If, during the transfer the entire zone is not
copied, then you hit an error.

This sounds like some network issues or you're behind in your patching.
Have you verified that there are no network issues going on? Maybe a
saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network
related, but it's odd that they drop and don't come back. Might be a good
time to verify that your patches are up to date on those machines.

9/15/06, HBooGz <hboogz (AT) gmail (DOT) comwrote:

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works
as it should.

I have the "allow all servers listed under nameservers" selected for zone
transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its
own without any pattern and i have to manually reload. Needless to say, not
very efficient

I'm open to other ways to architect the DNS structure for a single parent
with single child.

what are the "recommended" steps for this type of DNS setup ? Domain
delgation ? all AD-integrated ?
--
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers.
Verify this by doing something like "telnet PrimaryDNSServer 53" from the
secondary server and then going to the Primary server and doing "netstat
|find ":53" and making sure that you could see the real IP address of the
secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the
secondary server is on the list of servers allowed to transfer that
particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS
console on the secondary server, right-clicking on the zone and selecting
"Reload from master" first. If that fails, then I'd try "Transfer from
master".

If that fails, then I'd pray very hard then enable DNS logging
then pray some more and open up the log file after a while. Then I'd post
back here with whatever is interesting.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 2:14 PM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone
transfer or update from a master server acting as its source for the zone.
The zone has been shut down.

For more information, see Help and Support Center at
.
>
>
>
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* mailto:ActiveDir (AT) mail (DOT) activedir.org<ActiveDir (AT) mail (DOT) activedir.org>

*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

Thanks Al.

I will monitor the link and check to see if any latency or packet loss
occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns
delgation ?

9/15/06, Al Mulnick <amulnick (AT) gmail (DOT) comwrote:
>
>From what I've seen, the timeout can also be attributed to the transfer
failing for whatever reason. If, during the transfer the entire zone is not
copied, then you hit an error.

This sounds like some network issues or you're behind in your patching.
Have you verified that there are no network issues going on? Maybe a
saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network
related, but it's odd that they drop and don't come back. Might be a good
time to verify that your patches are up to date on those machines.
>
>
>
>
>
>
9/15/06, HBooGz <hboogz (AT) gmail (DOT) comwrote:

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works
as it should.

I have the "allow all servers listed under nameservers" selected for
zone transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its
own without any pattern and i have to manually reload. Needless to say, not
very efficient

I'm open to other ways to architect the DNS structure for a single
parent with single child.

what are the "recommended" steps for this type of DNS setup ? Domain
delgation ? all AD-integrated ?
--
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers.
Verify this by doing something like "telnet PrimaryDNSServer 53" from the
secondary server and then going to the Primary server and doing "netstat
|find ":53" and making sure that you could see the real IP address of the
secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the
secondary server is on the list of servers allowed to transfer that
particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS
console on the secondary server, right-clicking on the zone and selecting
"Reload from master" first. If that fails, then I'd try "Transfer from
master".

If that fails, then I'd pray very hard then enable DNS logging
then pray some more and open up the log file after a while. Then I'd
post back here with whatever is interesting.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 2:14 PM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful
zone transfer or update from a master server acting as its source for the
zone. The zone has been shut down.

For more information, see Help and Support Center at
.
>
>
>
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

I guess if you have "Widows", then someone must have "expired"
:)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* mailto:ActiveDir (AT) mail (DOT) activedir.org<ActiveDir (AT) mail (DOT) activedir.org>

*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

Yes, I would. From parent to the child DNS server. Then create a Primary or AD-int child zone on the child DNS server. It's a KISS factor.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Fri 9/15/2006 6:56 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] DNS zones expiring

Thanks Al.

I will monitor the link and check to see if any latency or packet loss occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns delgation ?

9/15/06, Al Mulnick <amulnick (AT) gmail (DOT) comwrote:
>From what I've seen, the timeout can also be attributed to the transfer failing for whatever reason. If, during the transfer the entire zone is not copied, then you hit an error.

This sounds like some network issues or you're behind in your patching. Have you verified that there are no network issues going on? Maybe a saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network related, but it's odd that they drop and don't come back. Might be a good time to verify that your patches are up to date on those machines.

9/15/06, HBooGz <mailto:hboogz (AT) gmail (DOT) comwrote:
Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works as it should.

I have the "allow all servers listed under nameservers" selected for zone transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its own without any pattern and i have to manually reload. Needless to say, not very efficient

I'm open to other ways to architect the DNS structure for a single parent with single child.

what are the "recommended" steps for this type of DNS setup ? Domain delgation ? all AD-integrated ?

9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:
Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers. Verify this by doing something like "telnet PrimaryDNSServer 53" from the secondary server and then going to the Primary server and doing "netstat |find ":53" and making sure that you could see the real IP address of the secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the secondary server is on the list of servers allowed to transfer that particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS console on the secondary server, right-clicking on the zone and selecting "Reload from master" first. If that fails, then I'd try "Transfer from master".

If that fails, then I'd pray very hard then enable DNS logging then pray some more and open up the log file after a while. Then I'd post back here with whatever is interesting.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 2:14 PM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

For more information, see Help and Support Center at

9/14/06, Akomolafe, Deji <mailto:deji (AT) readymaids (DOT) comwrote:
I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 8:12 AM

To: mailto:ActiveDir (AT) mail (DOT) activedir.org

Subject: [ActiveDir] DNS zones expiring

Hey All -
I've setup the child domain DNS zones as primary ( not AD-Integrated). the parent Domain Controllers/DNS servers i've added that zone as a secondary zone. I've noticed this dns setup has worked better for me in the past than a full AD-Integrated setup. After migrating over to Widows 2003, every day i get an event log message on the parent DNS server log indicating that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,

I've seen that work if used with forwarding. I think I'd prefer stub
zones though.

9/15/06, HBooGz <hboogz (AT) gmail (DOT) comwrote:

Thanks Al.

I will monitor the link and check to see if any latency or packet loss
occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns
delgation ?
>
>
>
>
9/15/06, Al Mulnick <amulnick (AT) gmail (DOT) comwrote:
>
>From what I've seen, the timeout can also be attributed to the transfer
failing for whatever reason. If, during the transfer the entire zone is not
copied, then you hit an error.

This sounds like some network issues or you're behind in your patching.
Have you verified that there are no network issues going on? Maybe a
saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network
related, but it's odd that they drop and don't come back. Might be a good
time to verify that your patches are up to date on those machines.
>
>
>
>
>
>
9/15/06, HBooGz < hboogz (AT) gmail (DOT) comwrote:

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat
works as it should.

I have the "allow all servers listed under nameservers" selected for
zone transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on
its own without any pattern and i have to manually reload. Needless to say,
not very efficient

I'm open to other ways to architect the DNS structure for a single
parent with single child.

what are the "recommended" steps for this type of DNS setup ? Domain
delgation ? all AD-integrated ?
--
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers.
Verify this by doing something like "telnet PrimaryDNSServer 53" from the
secondary server and then going to the Primary server and doing "netstat
|find ":53" and making sure that you could see the real IP address of the
secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the
secondary server is on the list of servers allowed to transfer that
particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the
DNS console on the secondary server, right-clicking on the zone and
selecting "Reload from master" first. If that fails, then I'd try "Transfer
from master".

If that fails, then I'd pray very hard then enable DNS logging
then pray some more and open up the log file after a while. Then I'd
post back here with whatever is interesting.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 2:14 PM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful
zone transfer or update from a master server acting as its source for the
zone. The zone has been shut down.

For more information, see Help and Support Center at
.
>
>
>
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

I guess if you have "Widows", then someone must have "expired"
:)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried
about Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* mailto:ActiveDir (AT) mail (DOT) activedir.org<ActiveDir (AT) mail (DOT) activedir.org>

*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not
AD-Integrated). the parent Domain Controllers/DNS servers i've added that
zone as a secondary zone. I've noticed this dns setup has worked better for
me in the past than a full AD-Integrated setup. After migrating over to
Widows 2003, every day i get an event log message on the parent DNS server
log indicating that the child domains zone has expired and i have to
manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

say for example i have

company.org - parent
sales.company.org - child.

from the parent dns server i would start the delegation wizard and the
delegated domain would be the sales.company.org, fqdn of child dns server ?

then on the child server i would create a primary of the dnsdomain zone
sales.company.org

would i need a secondary on the primary dns server ?

9/15/06, Akomolafe, Deji <deji (AT) readymaids (DOT) comwrote:

Yes, I would. From parent to the child DNS server. Then create a Primary
or AD-int child zone on the child DNS server. It's a KISS factor.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Fri 9/15/2006 6:56 AM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

Thanks Al.

I will monitor the link and check to see if any latency or packet loss
occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns
delgation ?
>
>
>
9/15/06, Al Mulnick <amulnick (AT) gmail (DOT) comwrote:
>
>From what I've seen, the timeout can also be attributed to the transfer
failing for whatever reason. If, during the transfer the entire zone is not
copied, then you hit an error.

This sounds like some network issues or you're behind in your patching.
Have you verified that there are no network issues going on? Maybe a
saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network
related, but it's odd that they drop and don't come back. Might be a good
time to verify that your patches are up to date on those machines.
>
>
>
>
>
>
9/15/06, HBooGz <mailto:hboogz (AT) gmail (DOT) com <hboogz (AT) gmail (DOT) com>wrote:

Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works
as it should.

I have the "allow all servers listed under nameservers" selected for zone
transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its
own without any pattern and i have to manually reload. Needless to say, not
very efficient

I'm open to other ways to architect the DNS structure for a single parent
with single child.

what are the "recommended" steps for this type of DNS setup ? Domain
delgation ? all AD-integrated ?
--
9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:

Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers.
Verify this by doing something like "telnet PrimaryDNSServer 53" from the
secondary server and then going to the Primary server and doing "netstat
|find ":53" and making sure that you could see the real IP address of the
secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the
secondary server is on the list of servers allowed to transfer that
particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS
console on the secondary server, right-clicking on the zone and selecting
"Reload from master" first. If that fails, then I'd try "Transfer from
master".

If that fails, then I'd pray very hard then enable DNS logging
then pray some more and open up the log file after a while. Then I'd post
back here with whatever is interesting.
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 2:14 PM

*To:* ActiveDir (AT) mail (DOT) activedir.org
*Subject:* Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone
transfer or update from a master server acting as its source for the zone.
The zone has been shut down.

For more information, see Help and Support Center at

>
>
>
9/14/06, Akomolafe, Deji <mailto:deji (AT) readymaids (DOT) com<deji (AT) readymaids (DOT) com>>
wrote:

I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)
--
Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon

*From:* HBooGz
*Sent:* Thu 9/14/2006 8:12 AM
*To:* mailto:ActiveDir (AT) mail (DOT) activedir.org<ActiveDir (AT) mail (DOT) activedir.org>

*Subject:* [ActiveDir] DNS zones expiring

Hey All -

I've setup the child domain DNS zones as primary ( not AD-Integrated).
the parent Domain Controllers/DNS servers i've added that zone as a
secondary zone. I've noticed this dns setup has worked better for me in the
past than a full AD-Integrated setup. After migrating over to Widows 2003,
every day i get an event log message on the parent DNS server log indicating
that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,
--

would i need a secondary on the primary dns server ?

You mean would you need a secondary sales.company.org zone on the parent DNS server? No. I do not personally recommend this configuration, but I've read it recommended by some smart people. In my opinion, it is not necessary in this parent-child configuration unless you can not guarantee that this child DNS server will always be available.

The rest of your plans look ok to me.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Fri 9/15/2006 8:03 AM
To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] DNS zones expiring

say for example i have

company.org - parent
sales.company.org - child.

from the parent dns server i would start the delegation wizard and the delegated domain would be the sales.company.org, fqdn of child dns server ?

then on the child server i would create a primary of the dnsdomain zone sales.company.org

would i need a secondary on the primary dns server ?

9/15/06, Akomolafe, Deji <mailto:deji (AT) readymaids (DOT) comwrote:
Yes, I would. From parent to the child DNS server. Then create a Primary or AD-int child zone on the child DNS server. It's a KISS factor.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Fri 9/15/2006 6:56 AM

To: ActiveDir (AT) mail (DOT) activedir.org
Subject: Re: [ActiveDir] DNS zones expiring

Thanks Al.

I will monitor the link and check to see if any latency or packet loss occurs and if so, if it coincides with the zone expiring.

what about the second part of the question ? would you recommend dns delgation ?

9/15/06, Al Mulnick <mailto:amulnick (AT) gmail (DOT) comwrote:
>From what I've seen, the timeout can also be attributed to the transfer failing for whatever reason. If, during the transfer the entire zone is not copied, then you hit an error.

This sounds like some network issues or you're behind in your patching. Have you verified that there are no network issues going on? Maybe a saturated network link? Dropped packets? High latency between the servers?

I've seen similar issues with DNS servers. In my case they were network related, but it's odd that they drop and don't come back. Might be a good time to verify that your patches are up to date on those machines.

9/15/06, HBooGz <mailto:hboogz (AT) gmail (DOT) comwrote:
Thanks for the feedback.

I can defintely telnet to both servers interchangeably and netstat works as it should.

I have the "allow all servers listed under nameservers" selected for zone transfers -- i might just change that to specific IP addresses.

When i reload, that works fine - the problem is the zone expires on its own without any pattern and i have to manually reload. Needless to say, not very efficient

I'm open to other ways to architect the DNS structure for a single parent with single child.

what are the "recommended" steps for this type of DNS setup ? Domain delgation ? all AD-integrated ?

9/14/06, Akomolafe, Deji < deji (AT) readymaids (DOT) comwrote:
Here's what I'd do:

Ensure that there is no NATting going on between the 2 DNS servers. Verify this by doing something like "telnet PrimaryDNSServer 53" from the secondary server and then going to the Primary server and doing "netstat |find ":53" and making sure that you could see the real IP address of the secondary server on the list.

If that checks out, then I'd:
Go to the DNS console on the Primary server and verify that the secondary server is on the list of servers allowed to transfer that particular zone.

If that checks out, then I'd:
Attempt a manual transfer at the secondary server by going to the DNS console on the secondary server, right-clicking on the zone and selecting "Reload from master" first. If that fails, then I'd try "Transfer from master".

If that fails, then I'd pray very hard then enable DNS logging then pray some more and open up the log file after a while. Then I'd post back here with whatever is interesting.

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, - 3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 2:14 PM

To: ActiveDir (AT) mail (DOT) activedir.org

Subject: Re: [ActiveDir] DNS zones expiring

No worries, i don't take offense easily=)

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 6527
Date: 9/14/2006
Time: 10:08:04 AM
User: N/A
Computer: PHMAINDC1
Description:
Zone jacwf.phippsny.org expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

For more information, see Help and Support Center at

9/14/06, Akomolafe, Deji <mailto:deji (AT) readymaids (DOT) comwrote:
I guess if you have "Widows", then someone must have "expired" :)[1]

What is the exact error message?

[1] Please don't take offense. I'm just in a laughing mood :)

Sincerely,

(, / | /) /) /)
/| (/_ // _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: HBooGz
Sent: Thu 9/14/2006 8:12 AM

To: mailto:ActiveDir (AT) mail (DOT) activedir.org

Subject: [ActiveDir] DNS zones expiring

Hey All -
I've setup the child domain DNS zones as primary ( not AD-Integrated). the parent Domain Controllers/DNS servers i've added that zone as a secondary zone. I've noticed this dns setup has worked better for me in the past than a full AD-Integrated setup. After migrating over to Widows 2003, every day i get an event log message on the parent DNS server log indicating that the child domains zone has expired and i have to manually reload.

any ideas ? help ? suggestions ?

Thanks,