I have recently taken ownership of DNS in our environment. All that I know about DNS is only what I have researched on Google. That being said here is my current predicament:
We have 5 MS DNS servers in our environment. The zone in question, abc.com lets say, is setup as primary/secondary on Windows 2008.
In trying to figure out why people think the primary is "dieing" I have noticed that updates in the primary are not getting replicated to the secondaries.
All 5 servers are listed in the Name Servers tab.
"Allow zone transfers" is checked with the "Only to servers listed on the Name Servers" tab option checked.
Based on what I have read I think the problem is that the SOA Serial numbers don't match between the primary server and the secondary servers:
Server 1 - primary - 992473
Server 2 - secondary - 992475
Server 3 - secondary - 992544
Server 4 - secondary - 992542
Server 5 - secondary - 992549
Am I correct in this assumption? If so can I simply manually change the SOA serial number on the primary zone to something like 2476. If I do this then all the secondary servers should automatically refresh from the primary right?
Best Answer
Indeed, if your master zone has a greater serial than all of your slaves, your slaves should synchronize to it. But the real issue here is why in the first place your slaves have a higher serial than the master's ? You should ensure that you do not have a situation of split brain DNS and that no one was able to modify the slaves in any way.