Zone transfer from Windows Server 2012 R2 to Windows Server 2019

Question

Trying to set up secondary on Windows Server 2019 DNS server where primary/master is Windows Server 2012 R2

Traffic is not blocked as I am seeing it show up in Wireshark and there is a response of "FORMERR" in the SOA. More specifically:

105 4.546816 XX.XX.XX.XX XX.XX.XX.XX DNS 111 Standard query response 0x1c1a Format error SOA XXXXXXXX.XXXX OPT

Not sure why this would be the case but can only think this has some compatibility issues between 2019 and 2012 R2. Maybe related to EDNS?

If I do an ls -d via nslookup from the 2019 server it transfers just fine. I need it to work as a secondary zone configured on 2019 DNS server.

UPDATE 1: Provisioning a Windows Server 2012 R2 server instead of 2019 and setting up secondary works
UPDATE 2: Windows 2016 server instead of 2019 also works.

Answer 1

Hi @dancar

It is recommended that at least two DNS servers be used to host a Domain Name System (DNS) zone. Having at least two servers hosting a zone provides a highly available and fault-tolerant solution for hostname resolution. If your DNS server has one or more standard, primary zones, it is highly recommended that you deploy a secondary DNS server that will be used to host standard, secondary zones.

You may find the following articles helpful with setting up the server 2019 and a secondary DNS:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-secondary-name-server

To add a secondary server to a zone using the Windows interface:

Click Start, point to Administrative Tools, and then click DNS.
In the console, click the appropriate DNS server.
On the Action menu, click New Zone.
Follow the instructions in the New Zone Wizard.
When you reach the step to add the zone, select Secondary zone as the zone type.
When prompted, provide the host name/IP address of the primary DNS server you are transferring the zone from.

I do hope this answers your question.

Thanks.

--
--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

@dancar ,
I spent a lot of time troubleshooting a very similar issue. I had issues transferring from 2003 (gasp!) to a 2019 domain controller. I could transfer from 2003 to a standalone 2019, and from the standalone 2019 to the 2019 domain controller, but not directly from 2003 to the domain controller.

This is the work-around that I found to work:

After configuring the primary's zone transfer and adding the secondary zone on the server 2019:

1) Shut down the DNS server service on the secondary

2) Manually create the zone file at C:\Windows\system32\dns\<zonename>.dns.
I copied the file from a working secondary and removed all of the "Zone records", leaving the SOA and NS information in-place. I also set the "Zone version" and "serial number" in the file to 1. I don't think it is actually necessary to remove the other records or reset the version and serial, but that is what I did.

3) Start the DNS server service on the secondary

4) Make a change in the zone on the primary, which will initiate a notify to the secondary and start a transfer.

Hope that helps and good luck.