A. The ForestDNSZones directory partition is replicated among all domain controllers (DCs) in a forest that have the DNS service installed. When you replicate ForestDNSZones, you might see an error message similar to the following (the error-message text is enclosed in quotes):
"Event Type: Error Event Source: NTDS KCC Event Category: Knowledge Consistency Checker Event ID: 1311 Date: 6/25/2004 Time: 10:43:45 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: OMEGA Description: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: DC=ForestDnsZones,DC=savilltech,DC=com There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site. If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp."
This error can occur when you have several sites that don't have a site link between them, site-link bridging is disabled (and no site-link bridge has been manually created), and some sites have a DC that runs DNS and is connected to a site that has DCs that don't run DNS. The ForestDNSZones partition, which replicates only between DCs that have DNS installed, can't replicate across the DCs that don't have DNS installed. The figure at Figure shows a scenario in which this problem will occur. The error appears on DCs in sites A and C, assuming that no DCs in site B have DNS installed, site-link bridging is disabled, and no site-link bridge was manually created.
To solve this problem, you must either create a site-link bridge between sites A and C or, if sites A and C aren't connected because of routing restrictions, install DNS on a DC in the central site (B). Using either method allows replication through the DC in site B. You don't need to configure any zones on the DC; merely having DNS installed is enough to add the DC to the ForestDNSZones partition's replication set.