Glue records for the NS records of a zone may not transfer to the DNS file on the secondary DNS server

Symptoms

When your organization uses a Domain Name Service (DNS) configuration that includes standard secondary servers, glue records for the name server (NS) records of a zone may not transfer to the DNS file on the secondary DNS server.

For example, note the difference between the following DNS files:

DNS file on the master server
; 
; Zone NS records
;
@ NS ns.outside.net.
ns.outside.net. A 192.168.1.1
@ NS ns2.outside.net.
ns2.outside.net. A 192.168.1.2  

DNS file on secondary server after a full zone transfer
; 
; Zone NS records
;
@ NS ns.outside.net.
@ NS ns2.outside.net.

Cause

This problem may occur if your organization uses DNS records that reference host names that are outside the scope of the current zone.

Resolution

Service pack information

To resolve this problem, obtain the latest service pack for Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart requirement

You do not have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2003, 64-bit x64-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Dns.exe5.2.3790.2642758,27218-Feb-200623:35x64SP1SP1QFE
Wdns.exe5.2.3790.2642442,88018-Feb-200623:35x86SP1WOW
Windows Server 2003, 64-bit Itanium-based versions
File nameFile versionFile sizeDateTimePlatformSP requirementService branch
Dns.exe5.2.3790.26421,124,86418-Feb-200623:36IA-64SP1SP1QFE
Wdns.exe5.2.3790.2642442,88018-Feb-200623:36x86SP1WOW
Windows Server 2003, 32-bit x86-based versions
File nameFile versionFile sizeDateTimePlatform
Dns.exe5.2.3790.2642442,88018-Feb-200622:33x86

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Microsoft Windows Server 2003 Service Pack 2.

More Information

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Technical support for x64-based versions of Microsoft Windows

If your hardware came with a Microsoft Windows x64 edition already installed, your hardware manufacturer provides technical support and assistance for the Windows x64 edition. In this case, your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation by using unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with a Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. If you purchased a Windows x64 edition such as a Microsoft Windows Server 2003 x64 edition separately, contact Microsoft for technical support.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
This is an environment that consists of a multi-tier scenario that replicates DNS information by using the standard DNS zone transfer mechanism. The DNS zone transfer mechanism is where the primary DNS server replicates to the first-level secondary DNS server. Then, this server replicates to the second-level secondary DNS server. If you configure the DNS zone to allow for replication to the servers that are listed under the Only to servers listed on the Name Servers tab, the following error message may be logged on the second-level secondary DNS server:


MessageId=6525
Severity=Error
SymbolicName=DNS_EVENT_AXFR_REFUSED
Zone transfer request for secondary zone zone_name1 refused by master server at zone_name2. Check the zone at the master server zone_name2 to verify that zone transfer is enabled to this server.
To verify that the zone at the zone_name2 master server is enabled to transfer that zone, follow these steps:
  1. Start the DNS management console.
  2. In the left pane, expand the server that is the zone_name2 master server, expand Foward Lookup Zones, right-click zone_name2, and then click Properties.
  3. Click the Zone Tranfers tab, and then verify the configuration.
Note When you check the zone file on the first-level secondary DNS server, you see NS record entries. However, there are no corresponding glue records, although the glue records are present on the primary DNS server. The missing glue records stop the DNS Server service from building a valid NS list. Additionally, the first-level secondary DNS server is blocking the zone transfer requests from the second-level secondary DNS server. Event ID 6525 does not occur if you enable zone transfers to any server.
Propriedades

ID do Artigo: 915022 - Última Revisão: 9 de out de 2011 - Revisão: 1

Comentários