DNS on WIndows 2003 server Domain

    General discussion

  • I have 8 DC's in a single domain. 6 of the DC's are on different subnets. I am using AD Intergrated DNS on all servers. The issue is when users take their laptops to a different location and get their new DHCp address, it updates the local dns. But the change is not replicated to the other DNS servers. SO I have JOE_B on server DC1 with 1 address in DNS, and JOE_B on DC2 with a different (Each DC is also a DNS server since they are located on different subnets. ) A record address.  I have looked and looked, but I am unsure why. But if I add a "dummy" A record, it is replicated to all other DNS servers. Any help in this will be appreciated. Thanks.

    Wednesday, April 25, 2012 6:02 PM

All replies

  • Sounds like one of two things are occuring:

    • Replication problems between the DCs
    • Duplicate DNS zones
    • Both of the above.


    This is more of an AD issue, because "AD Integrated zones" actually means the actual zone data is stored in the AD database and not in a text file. The data can be stored in one of three logical partitions in the physical AD database:

    • DomainNC (Windows 2000 compatibel)
    • DomainDnsZones (Windows 2003 and newer - this is replicated to all DCs in a specific domain)
    • ForestDnsZones (Windows 2003 and newer - this is replicated to all DCs in the forest)


    Replication problems can be due to many things, such as:

    • Blocked ports due to a perimeter or VPN firewall between locations
    • Using an ISP or some other outside DNS server on the DCs
    • DCs are multihomed (more than one unteamed NIC, more than one IP, RRAS installed on a DC, and/or an iSCSI adapter has been added)


    To figure out if there are replication problems, we'll need additional info, If you can post the following to your free Skydrive account ( as text files (not docs or screenshots), this will be helpful.

    Operating system and service pack level of EACH DC.
    What replication scope is the and the in.
    dcdiag /v > c:\dcdiagDC01.txt  (from each DC)                    (DC diagnostic tool, the /v will test all available tests. Run a /? for specific test switches)
    netdiag /v > c:\netdiagDC01.txt                                          (Only for 2000/2003 - netdiag isn't supported on Windows 2008 or newer)
    repadmin /showrepl [DC01] /verbose /all /intersite               (Run on each DC - Helps understand the replication topology and replication failures)
    repadmin /showreps > c:\rep-showreps.txt                          (This switch shows if partitions have replicated or not)
    repadmin /replsum > c:\rep-replsummary.txt                       (View replication summary. You can also use the output to create report)
    nltest /dsgetdc:<domain.local> /force                                 (Tests secure channels between DCs)
    Event log errors from each DC                                            (Include the Event ID #, "Source Name, and relevant msg in the event)


    This info will be valuable to ascertain what's going on.

    Thank you,


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs:

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, April 25, 2012 10:23 PM
  • Hello,

    What is the time the user takes between leaving one subnet and joining the other? Does the user abruptly disconenct from one subnet and joing the other or to they log off, move to the other subnet and join?

    Who is the DHCP server(s), can you provide info on that?

    Miguel Fra / Falcon IT Services
    Computer & Network Support, Miami, FL
    Visit our Knowledgebase and Support Sharepoint Site

    Thursday, April 26, 2012 1:51 AM
  • Hi Jimmy,

    Thanks for posting here.

    > SO I have JOE_B on server DC1 with 1 address in DNS, and JOE_B on DC2 with a different (Each DC is also a DNS server since they are located on different subnets. )

    If both mentioned domain controllers in different AD sites then I’d believe this issue may relate with the DNS replication , perhaps due to delay or conflict and better to start form verifying the replication status. Do we get any replication error or warring event on domain controllers on both sides ?

    Troubleshooting replication


    Tiger Li

    Tiger Li

    TechNet Community Support

    Monday, April 30, 2012 6:46 AM