none
NS record missing from forward lookup zone RRS feed

  • Question

  • We have a W2K8R2 forest, with one root and 2 child domain. DNS is AD integrated, and DNS replication is set to all servers in the forest.

    We have 12 DC's, all of them also DNS servers. We are in the process of implementing skype for business, and because of that we now have split brain dns. I got a copy from de DNS zone from our ISP, imported the zone, and it's replicated to all DNS servers in the forest. Every DNS server has this zone.

    But instead of 12 DC's I see only 6 as name server in this zone. I think I can add the missing one manually, but would like to know why not all NS record are populated to this zone.

    Other thing is that none of the other zones we have, has the "Zone Transfer" enabled. Only this imported zone, and only on the root DC I did the import. I think that this was a setting that was configured by the ISP on their DNS servers. We have forest replication, so we don't need this option enabled. Correct?

    Thanks

    Sunday, May 22, 2016 2:02 PM

All replies

  • But instead of 12 DC's I see only 6 as name server in this zone. I think I can add the missing one manually, but would like to know why not all NS record are populated to this zone.

    Yes, you need to add them manually. I got the same whenever I create new zones and I need to do the manual fix each time. The NS records are intended to hold all active DNS servers in it so you need to have them properly created.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Sunday, May 22, 2016 5:12 PM
  • A few minutes ago, I disabled the "Allow zone transfers" option, did a zone refresh, and the missing NS record appear. Didn't have to add them manually.

    Sunday, May 22, 2016 5:31 PM
  • Hi Biga_b,

    Thanks for sharing.

    Have you tried enable "Allow zone transfers"again,and did NS record still there?

    I just want to confirm if this behavior is related to this option.

    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Monday, May 23, 2016 5:38 AM
  • I didn't enabled the "Allow zone Transfers" again. This is a option mostly used with secondary zones. I'm not sure if it was related. This was a zone file I got from our ISP, and imported in our DNS infra. The ISP had this option configured on the zone

    "missing NS record" is something that happens a lot in large AD infra, with lots of sites and DC's. NS record is a multivalued attribute, but in the windows 2000 style. Means that only one DNS server can update the NS record, and the last one wins. That's why previous updates can get lost, and it could take a while before the NS records are visible. In really large forest, this sometimes never happens, meaning you have to add them manually. Most of the time it's not a serious problem if DNS is AD integrated. For secondary and Stub zone this could be an issue.

    This is the info I got from a AD guru discussing the missing NS records.

    Hope tis helps

    Monday, May 23, 2016 10:05 AM

  • Hi Biga,

    Thanks for sharing,Iwill test in my lab.


    ________________________________________
    Best Regards,
    Cartman
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Monday, May 30, 2016 7:33 AM