Zone transfers refused

Hi we are unable to do zone xfers between 2 different domains.

domain abc.com is ad integrated and under name servers i added 2 server from
domain efg.com - indicated allow zone xfers and notify for 'name servers'
only.

The failure occurs in domain efg.com - which is setup as a secondary copy of
domain abc.com.

Both DNS servers are running w2k3 std sp2.

not sure what is happening -event log do not indicate much.

"Pierre" <> wrote in message news:A9D00C15-6A72-4410-A0ED-...
> Hi we are unable to do zone xfers between 2 different domains.
>
> domain abc.com is ad integrated and under name servers i added 2 server from
> domain efg.com - indicated allow zone xfers and notify for 'name servers'
> only.
>
> The failure occurs in domain efg.com - which is setup as a secondary copy of
> domain abc.com.
>
> Both DNS servers are running w2k3 std sp2.
>
> not sure what is happening -event log do not indicate much.


Are zone transfers Allowed in the zone properties?


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay

Yes read above -

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Pierre" <> wrote in message news:A9D00C15-6A72-4410-A0ED-...
> > Hi we are unable to do zone xfers between 2 different domains.
> >
> > domain abc.com is ad integrated and under name servers i added 2 server from
> > domain efg.com - indicated allow zone xfers and notify for 'name servers'
> > only.
> >
> > The failure occurs in domain efg.com - which is setup as a secondary copy of
> > domain abc.com.
> >
> > Both DNS servers are running w2k3 std sp2.
> >
> > not sure what is happening -event log do not indicate much.
>
>
> Are zone transfers Allowed in the zone properties?
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
>
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>

"Pierre" <> wrote in message news:519CFEF5-A5EB-42B3-A9E2-...
> Yes read above -
>


Sorry, I misunderstood the post.

Ok, just to test it, if you allowed any for a zone transfer, does it work?

Ace

The problem was zone trasnfers were begin done to a location whose IP was
being natted -the solution was to add that firewall's IP address to the Zone
transfer allowed IP's. That fixed the problem.

When doing captures the only IP that would show on belhalf of the remote
server was the firewall IP.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Pierre" <> wrote in message news:519CFEF5-A5EB-42B3-A9E2-...
> > Yes read above -
> >
>
>
> Sorry, I misunderstood the post.
>
> Ok, just to test it, if you allowed any for a zone transfer, does it work?
>
> Ace
>

"Pierre" <> wrote in message news:352852CE-B0C7-4EB0-A991-...
> The problem was zone trasnfers were begin done to a location whose IP was
> being natted -the solution was to add that firewall's IP address to the Zone
> transfer allowed IP's. That fixed the problem.
>
> When doing captures the only IP that would show on belhalf of the remote
> server was the firewall IP.
>

Thanks for posting the scenario and resolution. I assumed it was a non-NAT firewall, but yes, for NATs, you have to port remap requests from the WAN interface to the internal private IP.

Glad you figured it out!

Ace