DNS Issue

RobertKaucher

I have some VMs on my SharePoint/SQL test domain. They reside on the 192.168.131.0/24 network. My home network is 192.168.1.0/24 and 10.0.0.0/24 (upstairs and down stairs). Routers are using RIP. My home domain is at server 2003 functinal level and so is my test domain. I have created a stub zone in the testlab for my home domain, but I am unable to do the reverse. The home domain is running on a Server 2008 box. Zone transfers ARE enabled.

I have tried stub, secondary, integrated, not integrated.... you name it. Zone just does not transfer. Any suggestions?

royal

A stub zone does not do a zone transfer. It only pulls down NS records. Because of this, you can essentially add a stub zone for any domain on internet. For secondary zones, make sure you granted the IP address of the other DNS servers the ability to do a zone transfer.

I'm assuming you know how to do this as you did it for one side already. I'm also assuming you double checked this. So if it still does not work, try turning on the diagnostics for DNS to see if you can get some additional information in the logs.

Try going on the server which will not get the zone updates and go do an nslookup and then do an ls command to see if it can pull down zone information. Did you try to do a reload from master?

RobertKaucher

royal wrote:

A stub zone does not do a zone transfer. It only pulls down NS records.

It also pulls the SOA. Let me restate that I have tried stub AND secondary and I am unable to get zone to tranfer. I am fairly certain that I stated that and that zone transfers are enabled. Nslookup ls works fine. This should not only work it should be a piece of cake.....

royal wrote:

I'm assuming you know how to do this as you did it for one side already. I'm also assuming you double checked this. So if it still does not work, try turning on the diagnostics for DNS to see if you can get some additional information in the logs.

I will configure logging and see what I get.

BTW, you can no longer set up stub zones for most domains on the Internet anymore. At least I cannot. I have tried doing so for common sites like YouTube, AOL, FaceBook, MySpace, my own web site and GMail, but no succcess. They will not transfer SOA. My local ISP does allow this, though. I am not sure why this is like this. I don't see any real security benefit as I can look up the name servers using the set type=ns option easily.

Thanks for the suggestion, Royal, I will let you know....

RobertKaucher

Royal, sorry if I seemed a little snippy, but this is frustrating. It should be a simple task. From what I can tell, the 2008 server seems to think the other server, which is the PDC, is not authoritative for the zone. There are no errors or anything odd being logged in event viewer and nothing odd in debugging packet log. I am installing WireSharkright now.

royal

http://support.microsoft.com/kb/953317

This isn't probably the fix as the Cause says it only happens when there's a lot of changes on the Primary. But worth a try especially since it's a test environment.

If that doesn't fix it, I really don't know. As you said, it should be as simple as granting the other server access to retrieve zone transfers and voila, it just works.

RobertKaucher

Ok, I did a capture and it seems there is a checksum issue on the request for the SOA.

192.168.1.5 192.168.131.65 DNS Standard query SOA spdev.local
Checksum: 0x05ce [incorrect, should be 0x0855 (maybe caused by "UDP checksum offload"?)]

But the same error occurs when the reverse request is made for the SOA on rkad.local and the information transfers correctly there.

wedge1988

Not sure if this is an issue:

They reside on the 192.168.131.0/24 network. My home network is 192.168.1.0/24 and 10.0.0.0/24 (upstairs and down stairs).

You might have to change RIP to something like OSPF. I read this on wikipedia:

RIP, defined in RFC 1058, uses classful routing. The periodic routing updates do not carry subnet information, lacking support for variable length subnet masks (VLSM). This limitation makes it impossible to have different-sized subnets inside of the same network class. In other words, all subnets in a network class must be the same size. There is also no support for router authentication, making RIP slightly vulnerable to various attacks.

So it seems to me like RIP cant support cross subnet data transfers? Why not try changing your 10.0.0.0 subnet to 192.168.x.x and see what happens?

nel

So it seems to me like RIP cant support cross subnet data transfers? Why not try changing your 10.0.0.0 subnet to 192.168.x.x and see what happens?

RIP cant support data forwarding on different subnets??? of course it can. classless addressing is referring to how you subnet your network.

From a routing perspective if you cant ping a host on subnet B from subnet A then there will be a route missing.

I assume the two servers can actually contact each other via a ping?

wedge1988

-> Wasnt sure if it could or not, dont shoot me lol. and now that you mention routing it makes more sense.

If youre using this: "Forward based on server names in the Name Servers tab" then, it might be worth manually creating a hosts record in DNS to point to the other subnets server address. etc.?????

when i did my testing it didnt sometimes pick the other server up, so manually creating the record, then adding it to the name servers tab did the trick