Q. Why do my Active Directory (AD)-integrated DNS zones on Windows 2000 Server domain controllers (DCs) have different content on DCs in different domains?

A. Win2K Server lets DNS zone content be stored in the AD domain context. However, because the zone content is stored in the domain portion of the AD directory, the domain is the boundary for the zone content's replication. This means if you create an AD-integrated zone on DCs in different domains, each DC has its own version of the zone but has no way to replicate the zone information among the domains.

For example, let's say I have the following three domains and DCs and that all DCs are also DNS servers:

  • savilltech.com: two DCs
  • child.savilltech.com: two DCs
  • child2.savilltech.com: one DC

If all five DCs have the zone savilltech.com defined and configured to be stored in the AD directory, the DCs in savilltech.com would have one version of the zone, the DCs in child.savilltech.com would have a second version, and the DC in child2.savilltech.com would have a third version. Thus, three distinct versions of the zone would exist with no replication between them.

To ensure a consistent view of the zone, you must store it in only one domain--for example, only on savilltech.com's two DCs. On the child.savilltech.com domain, you can create a new AD-integrated zone for child.savilltech.com, then delegate the child part of the parent zone (savilltech.com) to the DCs in child.savilltech.com. Doing so helps spread the load among DCs in different domains. Windows Server 2003 avoids the zone-replication problem by allowing forestwide replication of DNS zones.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.