Archived from groups: microsoft.public.win2000.dns (
More info?)
I got it. Restart the PC(DNS client),it is OK.Thanks a lot!
"Herb Martin" <news@LearnQuick.com> wrote in message
news:eTkP876sEHA.3984@TK2MSFTNGP09.phx.gbl...
> "Charms Zhou" <charmszhou@hotmail.com> wrote in message
> news:#Nsf#13sEHA.2192@TK2MSFTNGP14.phx.gbl...
>> I created a primary DNS on a stand alone Windows2000 server. But no
>> WindowsXP client can register to it.I mean there is no any record but its
>> selft on the DNS server.I don't understand why.
>>
>
> Did you allow it to accept "dynamic updates" (in the
> zone properties)?
>
> Can the Workstations FIND it?
> (e.g., is it their ONLY DNS server?)
>
> "Secure updates" are NOT an option for a non-DC DNS
> server so that is not your problem.
>
> --
> Herb Martin
>
>
>>
>> "Herb Martin" <news@LearnQuick.com> дÈëÓʼþ
>> news:ONWgHkssEHA.3940@TK2MSFTNGP10.phx.gbl...
>> > "Charms Zhou" <charmszhou@hotmail.com> wrote in message
>> > news:OEnybupsEHA.3200@TK2MSFTNGP09.phx.gbl...
>> > > I got it. Thanks very much! another question is can a stand alone
>> computer
>> > > be registered to DC DNS server,stand alone DNS server and secondary
> DNS
>> > > server?
>> >
>> > "be registered to DC DNS server"?
>> >
>> > The question is unclear.
>> >
>> > 1) Any machine can appear in any DNS server that is
>> > authoritative (holds the zone file) for that zone.
>> >
>> > 2) Only a Primary or a DC-AD Integrated DNS server
>> > can accept the registrations (Secondaries do zone
>> > transfers from another of the DNS servers of that zone.)
>> >
>> > 3) Anything registered with the Master will get copied
>> > to the other DNS servers of that zone (if replication works
>> > at all.)
>> >
>> > 4) There is no requirement for either the (standard) Primary
>> > or any Secondary to be a Windows machine or to be in the
>> > domain.
>> >
>> > [The Primary for a zone supporting Windows AD SHOULD
>> > generally be a Windows 2000+ DNS server but that is not
>> > required -- Dynamic DNS is required for the Primary and
>> > SRV record support is required for all Secondaries.]
>> >
>> > 5) Only domain (or trusted domain) machines can register
>> > if "secure updates only" are enabled -- i.e., the machine must
>> > be authenticated to register itself.
>> >
>> > This last, #5, is really the only true security (based on ACL/ACE
>> > security principals) that exists in Windows DNS (and pretty much
>> > in the other DNS servers.)
>> >
>> >
>> > --
>> > Herb Martin
>> >
>> >
>> > >
>> > >
>> > > "Herb Martin" <news@LearnQuick.com> wrote in message
>> > > news:ORZ2%23GRsEHA.1404@TK2MSFTNGP11.phx.gbl...
>> > > > "Charms Zhou" <charmszhou@hotmail.com> wrote in message
>> > > > news:#L9GMRPsEHA.2720@TK2MSFTNGP12.phx.gbl...
>> > > >> The connection exists.I can let the secondary DNS server as a DNS
>> > client
>> > > > to
>> > > >> query DNS records on the master DNS server.
>> > > >
>> > > > That doesn't prove anything for ZONE TRANSFERS.
>> > > >
>> > > > (Almost) all client requests are UDP while Zone transfers use TCP,
>> > > > which is a completely different firewall/filter setting.
>> > > >
>> > > > Second, zone transfers must be enable in general or to specific
>> > > > request addresses even though a simple (resource record) request
>> > > > is not so filter by the DNS server itself.
>> > > >
>> > > > I.e., you can make resolution requests from a machine not
>> > > > authorized to do zone transfers (in almost all cases unless an
>> > > > additional firewall is involved.)
>> > > >
>> > > >> If there is permission problem?
>> > > >
>> > > > No, not permissions in the sense of ACL/ACE's or authentication
>> > > > in Windows.
>> > > >
>> > > > Yes, perhaps, if you mean the "allow zone tranfers" which can
>> > > > be totally disable, totally enabled (all addresses), or selectively
>> > > > enabled for certain IP addresses (DNS zone properties.)
>> > > >
>> > > >> The master DNS server is a domain controller and the secondary DNS
>> > server
>> > > > is
>> > > >> a stand alone server.
>> > > >
>> > > > It is irrelevant that the Master is a DC -- the key is the settings
>> > > > for "allow zone transfers" on the Master.
>> > > >
>> > > > And of course the firewall settings.
>> > > >
>> > > > The only relevance of the DNS server being a stand alone server
>> > > > (or member server, or BIND Unix server, really: NOT an
>> > > > AD-integrated
>> > > > DNS server) is that the replication will not be done through AD and
>> > > > will require both the settings for "allow zone transfers" on the
>> Master
>> > > > and intervening firewalls to allow them to talk on TCP port 53
>> (relative
>> > > > to the Master).
>> > > >
>> > > >> Suppose the domain is abc.com so I should set the
>> > > >> secondary zone as abc.com, right?
>> > > >
>> > > > Yes, as it would not be a secondary FOR THAT ZONE unless you did
>> > > > that.
>> > > >
>> > > > A "secondary DNS server" is really a "Secondary DNS server FOR a
>> > > > PARTICULAR zone/domain."
>> > > >
>> > > > The same server can be secondary for many zones, and even primary
>> > > > for some zones and secondary for others, but you should always
>> > > > THINK
>> > > > about and DESIGN DNS by thinking of only one zone/dna server at a
>> > > > time.*
>> > > >
>> > > > *Only real exception: When delegating a child zone you are working
>> > > > IN the Parent zone, creating the delegation records for the child
> zone
>> > > > DNS servers -- but again you really only think of one zone at a
>> > > > time
>> and
>> > > > each will have it's own set of DNS servers, Primary OR
>> > > > AD-Integrated
>> > > > (Primary) set with optional Seconaries for THAT SPECIFIC zone.
>> > > >
>> > > >
>> > > > --
>> > > > Herb Martin
>> > > >
>> > > >
>> > > >> Thanks,
>> > > >> Charms
>> > > >>
>> > > >>
>> > > >> "Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in
>> message
>> > > >> news:uoovmXurEHA.1272@TK2MSFTNGP09.phx.gbl...
>> > > >> > In news:eO%23kKSprEHA.3520@TK2MSFTNGP11.phx.gbl,
>> > > >> > Charms Zhou <charmszhou@hotmail.com> commented
>> > > >> > Then Kevin replied below:
>> > > >> >> Yes I allowed zone transfer to all IP address on the
>> > > >> >> secondary DNS. The status of the zone is expired.
>> > > >> >
>> > > >> > Then you should verify connectivity exists between the two
> servers
>> on
>> > > >> > 53
>> > > >> > TCP
>> > > >> > and UDP
>> > > >> >
>> > > >> >
>> > > >> > --
>> > > >> > Best regards,
>> > > >> > Kevin D4 Dad Goodknecht Sr. [MVP]
>> > > >> > Hope This Helps
>> > > >> > ===================================
>> > > >> > When responding to posts, please "Reply to Group"
>> > > >> > via your newsreader so that others may learn and
>> > > >> > benefit from your issue, to respond directly to
>> > > >> > me remove the nospam. from my email address.
>> > > >> > ===================================
>> > > >> > http://www.lonestaramerica.com/
>> > > >> > ===================================
>> > > >> > Use Outlook Express?... Get OE_Quotefix:
>> > > >> > It will strip signature out and more
>> > > >> > http://home.in.tum.de/~jain/software/oe-quotefix/
>> > > >> > ===================================
>> > > >> > Keep a back up of your OE settings and folders
>> > > >> > with OEBackup:
>> > > >> >
http://www.oehelp.com/OEBackup/Default.aspx
>> > > >> > ===================================
>> > > >> >
>> > > >> >
>> > > >>
>> > > >>
>> > > >
>> > > >
>> > >
>> > >
>> >
>> >
>>
>>
>
>