Intermittent Incomplete DNS Zone Transfers

Tue, 15 Jul 2008 17:23:01 Z

Hello,

First, my setup. We're running a Windows Server 2008 system as a PDC in a lab of about 40 PCs and 20 users. We have 1 forward zone, and three reverse zones (1 IPv4 & 2 IPv6.) As a backup, we have two other Server 2008 boxes running as secondary DNS servers. The two secondary servers also run DHCP and WDS. I have set zone transfers on the PDC to allow to any server.

The problem is that every so often (randomly) DNS zone transfers are incomplete. I may have 50 records in my zone, but only 6 or 10 will actually transfer to the secondary servers. I can usually get a complete transfer by restarting the DNS service on the secondary servers followed by a manual "transfer from master"/refresh. This is happening intermittently with both forward and reverse zones.

I believe the problem is on the PDC, but I am stumped at this point.

Any ideas?

Thanks

Intermittent Incomplete DNS Zone Transfers

Thu, 17 Jul 2008 01:34:01 Z

Hello,

Please allow me to confirm that my understandings are correct. As I understand it, the issue is:

There is a Windows Server 2008 DC with AD integrated zone. For backup, there are still 2 Windows Server 2008 DNS server holding the zones(not AD integrated, file backed secondary DNS Zone). You encounter the issue that the secondary zones intermittently get incomplete zone records.

If I have misunderstood your concerns please feel free to let me know.

I'd like to collect more information about the issue:

1. Please verify whether there is any events in the event viewer that may indicate the DNS replication errors both on the PDC and backup DNS servers.

2. Do all 4 zones (1 forward zone and three reverse zones) have the same issue？ Or it just happens on specific zone(s).

3. Do two Windows Server 2008 with secondary zones have the same issue？ Or it just happens on specific computer.

4. Is the Windows Firewall or 3-rd party firewall enabled on the Windows Server 2008 for blocking TCP 53 for DNS replication? You may telnet to test the continuous connectivity the TCP 53 to the DC.

Intermittent Incomplete DNS Zone Transfers

Thu, 17 Jul 2008 13:12:10 Z

Miles, thank you for the response. You are correct; that is exactly what is occuring.

To answer your questions..

1. There are no error or warning events listed on any of the servers. This includes the DNS specific logs, and the Windows system logs.

2. All 4 of the zones appear to have this problem.

3. This issue occurs on both of my secondary servers. Some times it happens on both servers at the same time, other times it will only happen on one server. If it does happen on both servers at the same time, it may or may not be the same zone.

4. Windows Firewall is disabled on all three servers. I can open a connection with telnet to port 53 of the DC.

Intermittent Incomplete DNS Zone Transfers

Wed, 30 Jul 2008 13:11:03 Z

I am having the exact same problem.

Intermittent Incomplete DNS Zone Transfers

Fri, 01 Aug 2008 18:48:29 Z

Ask Microsoft for this fix which is now public.

KB Article Number

953317