zone transfer stop to work NVVN <me[ at ]we.com> 10/12/2008 7:07:01 AM Hi :) After some time I must start scream here for help :) because zone transfers stop to work. I am talking about zones transfers between DC and standalone server, all are Win Svr 2003 R2 Std. SP2. Configuration at DC: DC1 have domain_zone_at_dc which is AD integrated and is replicated ok to DC2. At zone transfer tab for domain_zone_at_dc it is allowed to transfer this zone only to standalone server (entered IP of standalone server). Replication of domain_zone_at_dc is allowed to all dns servers in domain. DC1 also have standalone_server_zone which is secondary at DC and on standalone server at zone transfer tab for standalone_server_zone it is allowed to transfer this zone only to DC1 (entered IP of DC1). Configuration at Standalone server is a "mirror" of configuration from DC: Domain_zone_at_dc is secondary at standalone server. Standalone_server_zone is primary at standalone server and have enabled zone transfer only to DC1 (entered ip od DC1). After some time zone transfer stopped to work, for example now at DC for domain_zone_at_dc I have SOA 2557 and on secondary domain_zone ad standalone server SOA is 2346. Also, for primary standalone_server_zone at standalone server SOA is 4444 and on DC1 for secondary standalone_server_zone SOA is 3333. I can ping DC1 from standalone server and can ping standalone server from DC1. When I try to reload from master or transfer zone in DNS console I've get error that zone transfer could not be completed. When I check zone properties it states that zone is expired. If I reload from "local" zone is loaded but have older SOA. At standalone server if I try nslookup: lserver dc_ip set q=A hostname.domain_zone_at_dc. I get resolved ip for hostname. hostname.standalone_server_zone. I get resolved ip for hostname. ls standalone_server_zone [hostname.standalone_server_zone] *** Can't list domain standalone_server_zone.: Query refused The DNS server refused to transfer the zone standalone_server_zone. to your computer. If this is incorrect, check the zone transfer security settings for standalone_server_zone. on the DNS server at IP address 10.1.1.11. At DC if I try nslookup: lserver standalone_server_ip set q=A hostname.domain_zone_at_dc. I get resolved ip for hostname. hostname.standalone_server_zone. I get resolved ip for hostname. ls domain_zone_at_dc. [[192.168.66.33]] *** Can't list domain domain_zone_at_dc.: Query refused The DNS server refused to transfer the zone domain_zone_at_dc. to your computer. If this is incorrect, check the zone transfer security settings for domain_zone_at_dc. on the DNS server at IP address 192.168.66.33. (DC1) Now I am confused what is going on and why zone transfer does not work anymore.