secondary cannot refresh zones

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Tom Kitta - 21 Jan 2004 04:26 GMT

Hello,

Here is the setup: two win2003 servers one primary, one secondary. I set up
forward looking zones (we have a subnet, didn't bother with reverse as ISP
has it covered, maybe later) correctly - they work fine.

The problem is that my secondary DNS server cannot connect and refresh zones
from the primary server, it says "access denied" in the logs. This happens
when under primary I select "allow zone transfer" and "use only servers in
name servers tab" (my secondary is there) and also when I try "Use only the
following servers" and I type secondary IP. The only time it works (zones
transfer) is when I select "to any server" which I don't really want to have
due to security issues.

I looked in few books as well as the error on MS support site and all I got
is "make sure the server is listed under the 'name servers tab'". Well it is
there, and even if it was not there it does not explain why "Use only the
following servers" with ip doesn't work. As far as my current resources are
concerned this should work just fine and is a trivial task... Then why
doesn't it work? Any ideas? Things to try? Any help in solving this strange
(at least to me) problem will be appreciated.

Signature

Best Wishes,

TK

Reply to this Message

Kevin D. Goodknecht [MVP] - 27 Jan 2004 02:47 GMT

: Hello,
:
[quoted text clipped - 20 lines]
: to try? Any help in solving this strange (at least to me) problem
: will be appreciated.

Usually this is caused if the Secondary DNS is multihomed. You will need to
allow transfers to all IP addresses that are on the Secondary DNS machine.
When calling for a zone transfer Secondary DNS that is on a multihomed box
will rarely connect to the Primary from the IP it listens on. The transfer
must be to the IP that the Primary sees when the secondary connects for the
transfer.

Signature

Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
--
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
http://www.lonestaramerica.com/
==========================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

Reply to this Message

Tom Kitta - 27 Jan 2004 18:39 GMT

Thanks a lot for your help. Secondary is a multihomed box. I guess it was
not a good choice for a secondary DNS. I have added all of its IPs to the
primary accepted list for every zone. A bit of typing there, but it fixed
the problem. Secondary now has no problem refreshing the zones. Again,
thanks a lot for your help. I wish this information was on MS site for this
error ID.

Best Wishes,

TK

> In news:XbnPb.15966$cQ6.425706@news20.bellglobal.com,
> Tom Kitta <tom@energyshop.com> posted a question
[quoted text clipped - 30 lines]
> must be to the IP that the Primary sees when the secondary connects for the
> transfer.

Reply to this Message

Kevin D. Goodknecht [MVP] - 29 Jan 2004 00:07 GMT

: Thanks a lot for your help. Secondary is a multihomed box. I guess it
: was not a good choice for a secondary DNS. I have added all of its
: IPs to the primary accepted list for every zone. A bit of typing
: there, but it fixed the problem. Secondary now has no problem
: refreshing the zones. Again, thanks a lot for your help. I wish this
: information was on MS site for this error ID.

You won't find the information anywhere, I had the same problem, I just
figured it out on my own.

Signature

Reply to this Message