No announcement yet.

Weird AD DNS replication in new domain.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Weird AD DNS replication in new domain.


    I have 2 separate sites connected by WAN. While in this current building phase, all IP is allowed between the DCs.

    In the city site, I created a new win2008r2 DC called bill in a brand new domain with an address of, and dns setting pointed to with a forwarder configured for public name resolution.

    In the country site, I created a new win2008r2 member server called ben with an address of and dns setting pointed to

    It joined the domain very happily with no problem. On this member server I run dcpromo to become the second DC in this new domain. The promotion process runs very smoothly. The server is promoted. It's had DNS installed, and the requisite zones are created. It looks fabulous. repadmin /showrepl shows that this second dc is replicating with the primary dc perfectly.

    I leave it for the weekend. I come back on monday, and the country dc, ben, is still replicating perfectly well with the first dc in the far site. But I notice something odd. The first DC, the one in the city site, can't replicate with the new second DC because of a DNS resolution problem. I look at it's DNS zone, and the data is old. It doens't have an entry for the new DC. Further... the serial number for the zone on the first DNS server is around 60, but on the new DNS srever is around 255.

    I am really weirded out by this. I found an old article about win2000 DCs becoming an island if their DNS is set only to their own DNS service, so I added ben's address as a secondary DNS server on both boxes. This still hasn't resolved the issue.

    I could probably manually update the zone, but I don't want to except as a last resort. Should I shift the fsmo roles to the new DC? If that doesn't work, what other altenatives should I try? What have I done that caused the AD to get mixed up like this?