Anyways, I tried repro'ing. The 1st time I tried none of your recommendations worked other than ipconfig /registerdns. I deleted the zone on parent and recreated a secure update zone and rebooted the DC. None of the records were registered and all were rejected according to the network trace. restarting dhcp client fixed it this time even though it didnt before. Once the box was up, I deleted the zone and restarted dhcpclient. Did the "A" record but not the SRV records (excluding the ones beneath _msdcs which was in a different zone and I didnt clean them up). Restarting netlogon fixed that. So looks ike a combination of both restarting netlogon and dhcpclient is required. Then deleted and recreated zone, restarted client DC. All DDNS update records were refused. restarting dhcpclient was also not working with all records refused. After a while some of the records appeared minus the "A" record. Restarted dhcpclient again and the "A" record appeared.
However hosting the child domain's zone on the child dc doesnt seem to cause any issues.
I know whats required to to fix it. Thanks for the further clarification. Just would have been nice to see some consistency in the results.
M@
I bugged the behavior many moons ago … to my knowledge, no fix has appeared as yet. The precise cause escapes me but IIR it was related to the ticket/token attached to the DHCP client service on the newly-born domain's DC. Two immediate solutions exist -
1. reboot the new DC one more time
2. or -
a. temporarily configure the zone to permit non-secure updates &
b. on the new DC, run ipconfig /registerdns or restart the DHCP client
HTH
--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Matheesha Weerasinghe
Sent: Sunday, July 30, 2006 3:07 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] DNS oddities?
All
Can someone please explain the following observation?
Installed a new R2 DC forest with one DC/DNS.
created a new dns zone for use by a child domain (yet to be created). The zone is replicated to all domain controllers of the root domain. Enabled secure dynamic update only.
Installed a new child domain and pointed to root domain DC/DNS.
All records required were created apart from the A record for the child DC. How come it can create all records other than the "A" record?. If I delete the child donain's zone from the parent domain DC/DNS server, and recreate it, then use "netdiag /test:dns /fix" on the child DC. It does the same. Creates all records except for the "A".
I am puzzled as if the secure dynamic updates allow all these records to be created, whats up with the "A" record?
Also netdiag /test:dns on child DC reports all required everything as OK even though the "A" record is missing in the child domain zone.
Thoughts?
Cheers
M~
