Records deleted from DNS primary didn't get updated on DNS..
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.dns (More info?)
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).
Recently I noticed that a host record that was deleted from the Primary DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.
My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?
b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ? I noticed that is not the case and
it queried the DNS secondary too.
In my environment I have WIn2000 AD Native.
We have two Win2003 DNS servers (primary and secondary).
Recently I noticed that a host record that was deleted from the Primary DNS
server and still remained in the Secondary DNS server. Then I did a NSLOOKUP
from a workstation and sporadically the record appeared as existing. I mean,
NSLOOKUP sometimes gathered that host record information from the secondary
DNS server then.
My questions are:
a) A record that is deleted from DNS Primary isn't supposed to be cleared
from the DNS secondary server ? Is that a flaw in this DNS primary/secondary
server model ?
b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
to query the DNS primary server always ? I noticed that is not the case and
it queried the DNS secondary too.
More about : records deleted dns primary updated dns
Archived from groups: microsoft.public.win2000.dns (More info?)
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news![:o]( ":o")
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...
> In my environment I have WIn2000 AD Native.
> We have two Win2003 DNS servers (primary and secondary).
>
> Recently I noticed that a host record that was deleted from the Primary
DNS
> server and still remained in the Secondary DNS server. Then I did a
NSLOOKUP
> from a workstation and sporadically the record appeared as existing. I
mean,
> NSLOOKUP sometimes gathered that host record information from the
secondary
> DNS server then.
That is not surprising -- fairly normal.
> My questions are:
> a) A record that is deleted from DNS Primary isn't supposed to be cleared
> from the DNS secondary server ? Is that a flaw in this DNS
primary/secondary
> server model ?
Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.
> b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
> to query the DNS primary server always ?
That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.
[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]
> I noticed that is not the case and
> it queried the DNS secondary too.
Yes.
And you are alway free to specify which to use
when running NSLookp:
nslookup name.domain.com 192.168.50.1
nslookup name.domain.com 192.168.50.2
--
Herb Martin
>
>
>
>
>
>
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...> In my environment I have WIn2000 AD Native.
> We have two Win2003 DNS servers (primary and secondary).
>
> Recently I noticed that a host record that was deleted from the Primary
DNS
> server and still remained in the Secondary DNS server. Then I did a
NSLOOKUP
> from a workstation and sporadically the record appeared as existing. I
mean,
> NSLOOKUP sometimes gathered that host record information from the
secondary
> DNS server then.
That is not surprising -- fairly normal.
> My questions are:
> a) A record that is deleted from DNS Primary isn't supposed to be cleared
> from the DNS secondary server ? Is that a flaw in this DNS
primary/secondary
> server model ?
Not really. It is a flaw (or misconfiguration) in the
Secondary zone transfer, e.g., master address, master
allows transfers to that secondary, no firewalls preventing
it, serial number not misconfigured (secondary LOWER
than Master), etc.
> b) How NSLOOKUP determines which DNS server to query ? Isn't that supposed
> to query the DNS primary server always ?
That would be PREFERRED, but it uses the one
that is answering (best) which may not be the
preferred.
[Primary has a TECHNICAL meaning on the
server side which is unrelated to this.]
> I noticed that is not the case and
> it queried the DNS secondary too.
Yes.
And you are alway free to specify which to use
when running NSLookp:
nslookup name.domain.com 192.168.50.1
nslookup name.domain.com 192.168.50.2
--
Herb Martin
>
>
>
>
>
>
Archived from groups: microsoft.public.win2000.dns (More info?)
Darn. I see that the server that is supposed to the primary DNS has a serial
number = 3682189.
The one that is the secondary is = 3682190.
That means the serial number of the primary is lower than the Secondary. In
order to fix this, can I just increment the "primary" serial number to
perhaps, 3682191 ?
Let's see
"Herb Martin" <news@LearnQuick.com> wrote in message
news![:o]( ":o")
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news![:o]( ":o")
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...
> > In my environment I have WIn2000 AD Native.
> > We have two Win2003 DNS servers (primary and secondary).
> >
> > Recently I noticed that a host record that was deleted from the Primary
> DNS
> > server and still remained in the Secondary DNS server. Then I did a
> NSLOOKUP
> > from a workstation and sporadically the record appeared as existing. I
> mean,
> > NSLOOKUP sometimes gathered that host record information from the
> secondary
> > DNS server then.
>
> That is not surprising -- fairly normal.
>
> > My questions are:
> > a) A record that is deleted from DNS Primary isn't supposed to be
cleared
> > from the DNS secondary server ? Is that a flaw in this DNS
> primary/secondary
> > server model ?
>
> Not really. It is a flaw (or misconfiguration) in the
> Secondary zone transfer, e.g., master address, master
> allows transfers to that secondary, no firewalls preventing
> it, serial number not misconfigured (secondary LOWER
> than Master), etc.
>
> > b) How NSLOOKUP determines which DNS server to query ? Isn't that
supposed
> > to query the DNS primary server always ?
>
> That would be PREFERRED, but it uses the one
> that is answering (best) which may not be the
> preferred.
>
> [Primary has a TECHNICAL meaning on the
> server side which is unrelated to this.]
>
> > I noticed that is not the case and
> > it queried the DNS secondary too.
>
> Yes.
>
> And you are alway free to specify which to use
> when running NSLookp:
>
> nslookup name.domain.com 192.168.50.1
>
> nslookup name.domain.com 192.168.50.2
>
>
> --
> Herb Martin
>
>
> >
> >
> >
> >
> >
> >
>
>
Darn. I see that the server that is supposed to the primary DNS has a serial
number = 3682189.
The one that is the secondary is = 3682190.
That means the serial number of the primary is lower than the Secondary. In
order to fix this, can I just increment the "primary" serial number to
perhaps, 3682191 ?
Let's see
"Herb Martin" <news@LearnQuick.com> wrote in message
news
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...> > In my environment I have WIn2000 AD Native.
> > We have two Win2003 DNS servers (primary and secondary).
> >
> > Recently I noticed that a host record that was deleted from the Primary
> DNS
> > server and still remained in the Secondary DNS server. Then I did a
> NSLOOKUP
> > from a workstation and sporadically the record appeared as existing. I
> mean,
> > NSLOOKUP sometimes gathered that host record information from the
> secondary
> > DNS server then.
>
> That is not surprising -- fairly normal.
>
> > My questions are:
> > a) A record that is deleted from DNS Primary isn't supposed to be
cleared
> > from the DNS secondary server ? Is that a flaw in this DNS
> primary/secondary
> > server model ?
>
> Not really. It is a flaw (or misconfiguration) in the
> Secondary zone transfer, e.g., master address, master
> allows transfers to that secondary, no firewalls preventing
> it, serial number not misconfigured (secondary LOWER
> than Master), etc.
>
> > b) How NSLOOKUP determines which DNS server to query ? Isn't that
supposed
> > to query the DNS primary server always ?
>
> That would be PREFERRED, but it uses the one
> that is answering (best) which may not be the
> preferred.
>
> [Primary has a TECHNICAL meaning on the
> server side which is unrelated to this.]
>
> > I noticed that is not the case and
> > it queried the DNS secondary too.
>
> Yes.
>
> And you are alway free to specify which to use
> when running NSLookp:
>
> nslookup name.domain.com 192.168.50.1
>
> nslookup name.domain.com 192.168.50.2
>
>
> --
> Herb Martin
>
>
> >
> >
> >
> >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.dns (More info?)
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:usdo8m2GFHA.3068@tk2msftngp13.phx.gbl...
> Darn. I see that the server that is supposed to the primary DNS has a
serial
> number = 3682189.
>
> The one that is the secondary is = 3682190.
>
> That means the serial number of the primary is lower than the Secondary.
In
> order to fix this, can I just increment the "primary" serial number to
> perhaps, 3682191 ?
Yes. Normally it takes care of this for you if
you use the GUI. It usually only happens if you
mess with the FILES or do a restore from backup.
(Or goof around with the secondary serial number.)
--
Herb Martin
>
>
> Let's see
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news![:o]( ":o")
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...
> > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> > news![:o]( ":o")
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...
> > > In my environment I have WIn2000 AD Native.
> > > We have two Win2003 DNS servers (primary and secondary).
> > >
> > > Recently I noticed that a host record that was deleted from the
Primary
> > DNS
> > > server and still remained in the Secondary DNS server. Then I did a
> > NSLOOKUP
> > > from a workstation and sporadically the record appeared as existing. I
> > mean,
> > > NSLOOKUP sometimes gathered that host record information from the
> > secondary
> > > DNS server then.
> >
> > That is not surprising -- fairly normal.
> >
> > > My questions are:
> > > a) A record that is deleted from DNS Primary isn't supposed to be
> cleared
> > > from the DNS secondary server ? Is that a flaw in this DNS
> > primary/secondary
> > > server model ?
> >
> > Not really. It is a flaw (or misconfiguration) in the
> > Secondary zone transfer, e.g., master address, master
> > allows transfers to that secondary, no firewalls preventing
> > it, serial number not misconfigured (secondary LOWER
> > than Master), etc.
> >
> > > b) How NSLOOKUP determines which DNS server to query ? Isn't that
> supposed
> > > to query the DNS primary server always ?
> >
> > That would be PREFERRED, but it uses the one
> > that is answering (best) which may not be the
> > preferred.
> >
> > [Primary has a TECHNICAL meaning on the
> > server side which is unrelated to this.]
> >
> > > I noticed that is not the case and
> > > it queried the DNS secondary too.
> >
> > Yes.
> >
> > And you are alway free to specify which to use
> > when running NSLookp:
> >
> > nslookup name.domain.com 192.168.50.1
> >
> > nslookup name.domain.com 192.168.50.2
> >
> >
> > --
> > Herb Martin
> >
> >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news:usdo8m2GFHA.3068@tk2msftngp13.phx.gbl...
> Darn. I see that the server that is supposed to the primary DNS has a
serial
> number = 3682189.
>
> The one that is the secondary is = 3682190.
>
> That means the serial number of the primary is lower than the Secondary.
In
> order to fix this, can I just increment the "primary" serial number to
> perhaps, 3682191 ?
Yes. Normally it takes care of this for you if
you use the GUI. It usually only happens if you
mess with the FILES or do a restore from backup.
(Or goof around with the secondary serial number.)
--
Herb Martin
>
>
> Let's see
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...> > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> > news
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...> > > In my environment I have WIn2000 AD Native.
> > > We have two Win2003 DNS servers (primary and secondary).
> > >
> > > Recently I noticed that a host record that was deleted from the
Primary
> > DNS
> > > server and still remained in the Secondary DNS server. Then I did a
> > NSLOOKUP
> > > from a workstation and sporadically the record appeared as existing. I
> > mean,
> > > NSLOOKUP sometimes gathered that host record information from the
> > secondary
> > > DNS server then.
> >
> > That is not surprising -- fairly normal.
> >
> > > My questions are:
> > > a) A record that is deleted from DNS Primary isn't supposed to be
> cleared
> > > from the DNS secondary server ? Is that a flaw in this DNS
> > primary/secondary
> > > server model ?
> >
> > Not really. It is a flaw (or misconfiguration) in the
> > Secondary zone transfer, e.g., master address, master
> > allows transfers to that secondary, no firewalls preventing
> > it, serial number not misconfigured (secondary LOWER
> > than Master), etc.
> >
> > > b) How NSLOOKUP determines which DNS server to query ? Isn't that
> supposed
> > > to query the DNS primary server always ?
> >
> > That would be PREFERRED, but it uses the one
> > that is answering (best) which may not be the
> > preferred.
> >
> > [Primary has a TECHNICAL meaning on the
> > server side which is unrelated to this.]
> >
> > > I noticed that is not the case and
> > > it queried the DNS secondary too.
> >
> > Yes.
> >
> > And you are alway free to specify which to use
> > when running NSLookp:
> >
> > nslookup name.domain.com 192.168.50.1
> >
> > nslookup name.domain.com 192.168.50.2
> >
> >
> > --
> > Herb Martin
> >
> >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.dns (More info?)
Hmmm... but let's see here. Isn't the serial# the one that controls if the
zones will get transferred to the secondary DNS server ? I mean, if the
secondary has a number higher than the primary, that could be because there
is no need to transfer zones at given time. Therefore this not necessarily a
malfunction, but rather a normal behavior ?
"Herb Martin" <news@LearnQuick.com> wrote in message
news:%23yYXuW3GFHA.3876@TK2MSFTNGP14.phx.gbl...
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:usdo8m2GFHA.3068@tk2msftngp13.phx.gbl...
> > Darn. I see that the server that is supposed to the primary DNS has a
> serial
> > number = 3682189.
> >
> > The one that is the secondary is = 3682190.
> >
> > That means the serial number of the primary is lower than the Secondary.
> In
> > order to fix this, can I just increment the "primary" serial number to
> > perhaps, 3682191 ?
>
> Yes. Normally it takes care of this for you if
> you use the GUI. It usually only happens if you
> mess with the FILES or do a restore from backup.
>
> (Or goof around with the secondary serial number.)
>
> --
> Herb Martin
>
>
> >
> >
> > Let's see
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news![:o]( ":o")
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...
> > > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> > > news![:o]( ":o")
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...
> > > > In my environment I have WIn2000 AD Native.
> > > > We have two Win2003 DNS servers (primary and secondary).
> > > >
> > > > Recently I noticed that a host record that was deleted from the
> Primary
> > > DNS
> > > > server and still remained in the Secondary DNS server. Then I did a
> > > NSLOOKUP
> > > > from a workstation and sporadically the record appeared as existing.
I
> > > mean,
> > > > NSLOOKUP sometimes gathered that host record information from the
> > > secondary
> > > > DNS server then.
> > >
> > > That is not surprising -- fairly normal.
> > >
> > > > My questions are:
> > > > a) A record that is deleted from DNS Primary isn't supposed to be
> > cleared
> > > > from the DNS secondary server ? Is that a flaw in this DNS
> > > primary/secondary
> > > > server model ?
> > >
> > > Not really. It is a flaw (or misconfiguration) in the
> > > Secondary zone transfer, e.g., master address, master
> > > allows transfers to that secondary, no firewalls preventing
> > > it, serial number not misconfigured (secondary LOWER
> > > than Master), etc.
> > >
> > > > b) How NSLOOKUP determines which DNS server to query ? Isn't that
> > supposed
> > > > to query the DNS primary server always ?
> > >
> > > That would be PREFERRED, but it uses the one
> > > that is answering (best) which may not be the
> > > preferred.
> > >
> > > [Primary has a TECHNICAL meaning on the
> > > server side which is unrelated to this.]
> > >
> > > > I noticed that is not the case and
> > > > it queried the DNS secondary too.
> > >
> > > Yes.
> > >
> > > And you are alway free to specify which to use
> > > when running NSLookp:
> > >
> > > nslookup name.domain.com 192.168.50.1
> > >
> > > nslookup name.domain.com 192.168.50.2
> > >
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Hmmm... but let's see here. Isn't the serial# the one that controls if the
zones will get transferred to the secondary DNS server ? I mean, if the
secondary has a number higher than the primary, that could be because there
is no need to transfer zones at given time. Therefore this not necessarily a
malfunction, but rather a normal behavior ?
"Herb Martin" <news@LearnQuick.com> wrote in message
news:%23yYXuW3GFHA.3876@TK2MSFTNGP14.phx.gbl...
> "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> news:usdo8m2GFHA.3068@tk2msftngp13.phx.gbl...
> > Darn. I see that the server that is supposed to the primary DNS has a
> serial
> > number = 3682189.
> >
> > The one that is the secondary is = 3682190.
> >
> > That means the serial number of the primary is lower than the Secondary.
> In
> > order to fix this, can I just increment the "primary" serial number to
> > perhaps, 3682191 ?
>
> Yes. Normally it takes care of this for you if
> you use the GUI. It usually only happens if you
> mess with the FILES or do a restore from backup.
>
> (Or goof around with the secondary serial number.)
>
> --
> Herb Martin
>
>
> >
> >
> > Let's see
> > "Herb Martin" <news@LearnQuick.com> wrote in message
> > news
1HyKK2GFHA.3180@tk2msftngp13.phx.gbl...> > > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
> > > news
R$hkA2GFHA.1476@TK2MSFTNGP09.phx.gbl...> > > > In my environment I have WIn2000 AD Native.
> > > > We have two Win2003 DNS servers (primary and secondary).
> > > >
> > > > Recently I noticed that a host record that was deleted from the
> Primary
> > > DNS
> > > > server and still remained in the Secondary DNS server. Then I did a
> > > NSLOOKUP
> > > > from a workstation and sporadically the record appeared as existing.
I
> > > mean,
> > > > NSLOOKUP sometimes gathered that host record information from the
> > > secondary
> > > > DNS server then.
> > >
> > > That is not surprising -- fairly normal.
> > >
> > > > My questions are:
> > > > a) A record that is deleted from DNS Primary isn't supposed to be
> > cleared
> > > > from the DNS secondary server ? Is that a flaw in this DNS
> > > primary/secondary
> > > > server model ?
> > >
> > > Not really. It is a flaw (or misconfiguration) in the
> > > Secondary zone transfer, e.g., master address, master
> > > allows transfers to that secondary, no firewalls preventing
> > > it, serial number not misconfigured (secondary LOWER
> > > than Master), etc.
> > >
> > > > b) How NSLOOKUP determines which DNS server to query ? Isn't that
> > supposed
> > > > to query the DNS primary server always ?
> > >
> > > That would be PREFERRED, but it uses the one
> > > that is answering (best) which may not be the
> > > preferred.
> > >
> > > [Primary has a TECHNICAL meaning on the
> > > server side which is unrelated to this.]
> > >
> > > > I noticed that is not the case and
> > > > it queried the DNS secondary too.
> > >
> > > Yes.
> > >
> > > And you are alway free to specify which to use
> > > when running NSLookp:
> > >
> > > nslookup name.domain.com 192.168.50.1
> > >
> > > nslookup name.domain.com 192.168.50.2
> > >
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
Archived from groups: microsoft.public.win2000.dns (More info?)
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news![:o]( ":o")
EOQ9u7GFHA.2276@TK2MSFTNGP15.phx.gbl...
> Hmmm... but let's see here. Isn't the serial# the one that controls if the
> zones will get transferred to the secondary DNS server ? I mean, if the
> secondary has a number higher than the primary, that could be because
there
> is no need to transfer zones at given time. Therefore this not necessarily
a
> malfunction, but rather a normal behavior ?
No, it is almost always wrong.
If the zones transferred correctly the numbers
would be EQUAL.
Then the next time a change happened on the
primary it would transfer since Primary would
increment by 1.
"Marlon Brown" <marlon_brown@hotmail.com> wrote in message
news
EOQ9u7GFHA.2276@TK2MSFTNGP15.phx.gbl...> Hmmm... but let's see here. Isn't the serial# the one that controls if the
> zones will get transferred to the secondary DNS server ? I mean, if the
> secondary has a number higher than the primary, that could be because
there
> is no need to transfer zones at given time. Therefore this not necessarily
a
> malfunction, but rather a normal behavior ?
No, it is almost always wrong.
If the zones transferred correctly the numbers
would be EQUAL.
Then the next time a change happened on the
primary it would transfer since Primary would
increment by 1.
Related ressources:
- ForumDNS SRV Records Question
- ForumCannot find a primary authoritative DNS server
- ForumDeleted a record :How long to get 'secondary' DNS updated ?
- ForumActive Directory not updating my DNS
- ForumRestoring DNS Primary
- ForumEvent 5774 / DNS errors/Latest updates
- ForumImporting PTR records to existing DNS Server
- ForumSecondary DNS : Depends on Primary ?
- ForumDNS PTR records and Replication
- ForumDNS "A" records
- Forumerror 8254 DNS Lookup failure
- ForumStrange DNS problem
- ForumDNS bad key in NETLOGON 5774. Help!
- ForumNot everyone active in WINS is in DNS
- ForumRoot DNS Server
- ForumDNS Failure 2000 server
- ForumScrewed up my Win2000 AD DNS
- ForumI change DNS primary and it doesn't update DNS secondary
- ForumStrange dns record registration
- ForumParallel and com ports not appearing in device manager
- More resources
!
