Troubleshooting zone problems

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Troubleshooting zone problems

What problem are you having?

  • I am having a problem related to zone transfers.

  • I am trying to use a zone delegation but it appears to be broken.

  • I am having a different zone problem than the ones described above.

Cause:  The DNS Server service is stopped or the zone is paused.

Solution:  Verify that the master (source) and secondary (destination) DNS servers involved in completing transfer of the zone are both started and that the zone is not paused at either server.

See also:  Start or stop a DNS server; Start a zone; Understanding zones and zone transfer.

Cause:  The DNS servers used during a transfer do not have network connectivity with each other.

Solution:  Eliminate the possibility of a basic network connectivity problem between the two servers.

Using the ping command, ping each DNS server by its IP address from its remote counterpart.

For example, at the source server, use the ping command to test IP connectivity with the destination server. At the destination server, repeat the ping test, substituting the IP address for the source server.

Both ping tests should succeed. If not, investigate and resolve intermediate network connectivity issues.

See also:  Command-line utilities.

Cause:  The serial number is the same at both the source and destination servers. Because the value is the same at both servers, no zone transfer occurs between the servers.

Solution:  Using the DNS console, perform the following tasks:

  1. Increase the value of the serial number for the zone at the master server (source) to a number greater than the value at the applicable secondary server (destination).

  2. Once you have increased the serial number at the master server to a higher value than is used currently at the secondary server, initiate zone transfer at the secondary server.

When working within the DNS console, the zone serial number can be viewed from the Start of Authority (SOA) tab in the applicable zone properties. To increase this number in the zone, click Increment.

See also:  Modify the start of authority (SOA) record for a zone; Initiate a zone transfer at a secondary server.

Cause:  The master server (source) and its targeted secondary server (destination) are having interoperability-related problems.

Solution:  Investigate possible causes for any problems related to interoperability between DNS servers running Windows Server 2003 and other DNS server implementations, such as an older version of the Berkeley Internet Name Domain (BIND) distribution.

Older BIND servers use an uncompressed zone transfer format. By default, servers running Windows Server 2003 (and later version BIND servers) use a faster compressed format during zone transfers. To accommodate zone transfer with older BIND servers, you need to change advanced server options at your DNS servers running Windows Server 2003.

Another possible interoperability issue is the use and inclusion of WINS forward lookup (WINS) resource records in a zone or their counterpart, the WINS reverse lookup (WINS-R) resource record used for reverse lookup zones. BIND servers do not recognize these records when they are included in zone data being transferred and can flag these records as bad data, possibly failing the zone transfer.

To prevent these records from being used or included in zone transfers to BIND-based servers and other servers that do not recognize them, select Do not replicate this record when configuring WINS properties at the applicable zone.

See also:  Interoperability issues; Enable or disable fast transfer format during zone transfers; Interoperability issues; Using WINS lookup; Enable DNS to use WINS resolution.

Cause:  The zone has resource records or other data that cannot be interpreted by the DNS server.

Solution:  Verify that the zone does not contain incompatible data, such as unsupported resource records types or data errors.

In most cases, the DNS Server service supports all resource record (RR) types that are approved and required for Internet standard DNS usage.

Also, verify that the server has not been configured in advance to prevent loading a zone when bad data is found and investigate its method for checking names. These settings can be configured using DNS console.

See also:  Resource records reference; Prevent loading of a zone when bad data is found; Change the name-checking method used by the DNS server; Checking names and zone data.

Cause:  Authoritative zone data is incorrect.

Solution:  If a zone transfer continues to fail, ensure that the zone does not contain nonstandard data.

If you manually edit zone files, be aware that records need to be formatted and used according to standard record usage and formatting guidelines as specified in the Request for Comments (RFCs) for DNS. In most cases, user input and data errors can be avoided if records are added and managed using the DNS console.

To determine if errored zone data is a likely source for a failed zone transfer, look in the DNS server event log for messages. You can also use the nslookup command with the -ls option to simulate and test a zone transfer, while observing the data returned in a terminates before full transfer of the zone is complete.

See also:  Nslookup; DNS RFCs.

I am trying to use a zone delegation but it appears to be broken.

Cause:  Zone delegations are not configured correctly.

Solution:  Review how zone delegations are used and revise your zone configurations as needed.

Zones contain information about DNS domains and subdomains. For each new zone you create, the zone originally begins as a single-node database for one DNS domain. As needed, new subdomain nodes can be added directly below the original (parent) domain and stored as a single zone. Sometimes when new subdomains remain part of the same zone, they are called sub-zones.

If used as sub-zones, new subdomains are retained as part of the zone and replicated and updated along with it as a single entity. You can, however, delegate subdomains away and manage them in their own zones. For each subdomain delegated to its own zone, the parent zone needs to have delegation records added to it.

You can use the New Delegation wizard provided in the DNS console to simplify adding these records.

See also:  Delegating zones; Create a zone delegation; Verify a zone delegation using the nslookup command.

I am having a different zone problem than the ones described above.

Cause:  My problem is not described above.

Solution:  Search TechNet at the Microsoft Web site for the latest technical information that could relate to the problem. If necessary, you can obtain information and instructions that pertain to your problem or issue.

If you are connected to the Internet, the latest operating system updates are available at the Microsoft Web site.

To obtain the latest service pack updates for Windows NT Server, see the Microsoft Web site.

See also:  DNS updated technical information; DNS; Using the Windows Deployment and Resource Kits.