| Author |
Message |
Scott
Guest
|
 Posted:
Wed Nov 02, 2005 9:50 pm Post subject:
Secondary zone transfer failing... |
|
|
We have two domains on different coasts here in the U.S. They are
functioning resolving internally between eachother via a Cisco PIX firewall
VPN across the net - we can connect to eachothers internal machines without
a problem however we want to load eachothers DNS zones on the others DNS
server. When I load domain A's DNS zone into a secondary dns zone here at
domain B it works, the zone is transferred and useable. But when I try to
load domain B's DNS zone at domain A it fails every time with no specific
errors to speak of ... Zone transfers to any server are enabled on both
networks...
What could be the problem?
Thanks!
Scott |
|
| Back to top |
|
 |
Kevin D. Goodknecht Sr. [
Guest
|
| Posted:
Thu Nov 03, 2005 5:50 pm Post subject:
Re: Secondary zone transfer failing... |
|
|
Scott <sdgmcdon@yahoo.com> wrote:
| Quote: | We have two domains on different coasts here in the U.S. They are
functioning resolving internally between eachother via a Cisco PIX
firewall VPN across the net - we can connect to eachothers internal
machines without a problem however we want to load eachothers DNS
zones on the others DNS server. When I load domain A's DNS zone into
a secondary dns zone here at domain B it works, the zone is
transferred and useable. But when I try to load domain B's DNS zone
at domain A it fails every time with no specific errors to speak of
... Zone transfers to any server are enabled on both networks...
What could be the problem?
|
Blocked outbound port 53 TCP maybe?
Port 53 UDP and TCP must be open both ways between the two DNS servers on
all possible IP addresses.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
=================================== |
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Thu Nov 03, 2005 9:50 pm Post subject:
Re: Secondary zone transfer failing... |
|
|
Checked that, the windows firewall service is disabled and not running -
still no worky...?
"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:u0ysqiJ4FHA.3292@tk2msftngp13.phx.gbl...
| Quote: | Scott <sdgmcdon@yahoo.com> wrote:
We have two domains on different coasts here in the U.S. They are
functioning resolving internally between eachother via a Cisco PIX
firewall VPN across the net - we can connect to eachothers internal
machines without a problem however we want to load eachothers DNS
zones on the others DNS server. When I load domain A's DNS zone into
a secondary dns zone here at domain B it works, the zone is
transferred and useable. But when I try to load domain B's DNS zone
at domain A it fails every time with no specific errors to speak of
... Zone transfers to any server are enabled on both networks...
What could be the problem?
Blocked outbound port 53 TCP maybe?
Port 53 UDP and TCP must be open both ways between the two DNS servers on
all possible IP addresses.
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
https://secure.lsaol.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Fri Nov 04, 2005 9:50 am Post subject:
Re: Secondary zone transfer failing... |
|
|
In news:ONtc88J4FHA.3588@TK2MSFTNGP15.phx.gbl,
Scott <sdgmcdon@yahoo.com> made this post, which I then commented about
below:
| Quote: | Checked that, the windows firewall service is disabled and not
running - still no worky...?
|
Kevin means in the PIX firewalls.
The issue may be an incorrect record type. Are there any CNAMES in the zone?
If so, how were they created?
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
================================= |
|
| Back to top |
|
|
Scott
Guest
|
| Posted:
Fri Nov 04, 2005 5:50 pm Post subject:
Re: Secondary zone transfer failing... |
|
|
I realize he means in the PIX but I interpreted that as Windows firewall as
well (any firewall essentially). I didn't address the PIX portion of that
because we have a PIX-to-PIX VPN which according to our folks that handle
the Cisco gear is letting all traffic across/through that VPN.
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:eg2WdlP4FHA.636@TK2MSFTNGP10.phx.gbl...
| Quote: | In news:ONtc88J4FHA.3588@TK2MSFTNGP15.phx.gbl,
Scott <sdgmcdon@yahoo.com> made this post, which I then commented about
below:
Checked that, the windows firewall service is disabled and not
running - still no worky...?
Kevin means in the PIX firewalls.
The issue may be an incorrect record type. Are there any CNAMES in the
zone? If so, how were they created?
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
If this post is viewed at a non-Microsoft community website, and you were
to respond to it through that community's website, I may not see your
reply unless that website posts replies back to the original Microsoft
forum. Therefore, please direct all replies ONLY to the Microsoft public
newsgroup this thread originated in so all can benefit or ensure the web
community posts it back to the original forum.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================
|
|
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Sat Nov 05, 2005 9:50 am Post subject:
Re: Secondary zone transfer failing... |
|
|
In news:OKA9JCW4FHA.3556@TK2MSFTNGP10.phx.gbl,
Scott <sdgmcdon@yahoo.com> made this post, which I then commented about
below:
| Quote: | I realize he means in the PIX but I interpreted that as Windows
firewall as well (any firewall essentially). I didn't address the PIX
portion of that because we have a PIX-to-PIX VPN which according to
our folks that handle the Cisco gear is letting all traffic
across/through that VPN.
|
Ok. Then back to the records, did you manually make any records? CNAMES?
Ace |
|
| Back to top |
|
|
Noah
Guest
|
| Posted:
Mon Nov 14, 2005 5:50 pm Post subject:
Re: Secondary zone transfer failing... |
|
|
"Ace Fekay [MVP]" wrote:
| Quote: | In news:OKA9JCW4FHA.3556@TK2MSFTNGP10.phx.gbl,
Scott <sdgmcdon@yahoo.com> made this post, which I then commented about
below:
I realize he means in the PIX but I interpreted that as Windows
firewall as well (any firewall essentially). I didn't address the PIX
portion of that because we have a PIX-to-PIX VPN which according to
our folks that handle the Cisco gear is letting all traffic
across/through that VPN.
Ok. Then back to the records, did you manually make any records? CNAMES?
Ace
I had a similiar problem with RPC and my VPN/router guys told me all traffic was going through.. I would install the support tools and run the portqry command.....
|
portqry -n <ip or fqdn> -e 53 and see if its open and listening from both
ends...
Noah |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in