Announcement

Collapse
No announcement yet.

2ndary Zone transfer failed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2ndary Zone transfer failed

    I have two domains for which i'm trying to set up a 2ndary lookup zone. domain1.dev, and domain2.dev.

    I followed the instructions at blogs . interfacett. com/how-to-configure-a-dns-secondary-zone-in-windows-server-2008-2012 and my servers are refusing to talk to each other. Full text of error below and i've bolded the part i don't understand. It appears to be telling me to make a change on both domain1.dev and domain2.dev, but i don't understand part of it and search engines aren't turning up explanations.

    Full text of error:
    A zone transfer request for the secondary zone domain2.dev was refused by the master DNS server at 1.2.3.5. Check the zone at the master server 1.2.3.5 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server 1.2.3.5 as the applicable server, then in secondary zone domain2.dev Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

    Here is what i've pursued so far:
    * zone transfer is set to allow on both 2ndary zones and a validated ip is listed in the table.
    * secure and nonsecure is set for both primary zones
    *both servers are on the same subnet, heck they're on the same vmware server and have the same nic card and even schema version (47)

    Can anybody suggest avenues to explore?

    Thanks.

  • #2
    Re: 2ndary Zone transfer failed

    ***I didnt read the bottom of your post before submitting my reply... It sounds like you have already covered this. I'll leave this here anyway.


    I have to agree, thats a little unclear and confusing. I believe what they are talking about is making sure the master for zone A has permissions to transfer from zone B


    First make sure you have an authoritative nameserver in each zone. You want to use these for your transfers.

    then
    if you look in the console on the zone transfers tab, you can see some configuration in there. Its fairly straight forward. In the zone you are transferring FROM, add the IP address of the host requesting the transfer.


    You can also use dnscmd to do all this if you like working in the shell or want to script something for posterity (I try to script everything and keep it in a folder of dirty little secrets - its easier than memorizing stuff )

    Code:
    dnscmd.exe /ZoneResetSecondaries <zone> /SecureList <ip of nameserver> /NotifyList <ip of nameserver>
    Before you do anything with DNSCMD I would advise you to check out technet for usage and examples. You can do some damage with it.
    Rules of life:
    1. Never do anything that requires thinking after 2:30 PM
    2. Simplicity is godliness
    3. Scale with extreme prejudice


    I occasionally post using a savantphone, so please don't laugh too hard at the typos...

    Comment


    • #3
      Re: 2ndary Zone transfer failed

      Does "authoritative name server" have a meaning outside of "i have at least one server running DNS on the domain"?

      If it does, how do i tell? both domains have two servers running DNS and I am attempting to link one of each at the moment. The ones i'm linking are 2008 servers. Each server being linked is configured to use itself as primary domain controller.

      The rest of your information appears to be different ways to do what I've already done.

      Comment


      • #4
        Re: 2ndary Zone transfer failed

        If you right-click the zone in the console, you will see a nameservers tab. Any of the servers in there are authoritative for the zone. These are the ones you will want to participate in transfers.
        Rules of life:
        1. Never do anything that requires thinking after 2:30 PM
        2. Simplicity is godliness
        3. Scale with extreme prejudice


        I occasionally post using a savantphone, so please don't laugh too hard at the typos...

        Comment

        Working...
        X