Problem with SOA serial numbers and Windows DNS Server

2009-09-29 - News - Chris Thompson

In conjunction with PC Support we suggest the following guidelines for dealing with Windows DNS servers in the wake of the SOA serial number wrap-around:

All zones which are copied from any of the UCS servers (cam.ac.uk, private.cam.ac.uk, and the reverse zones) need to be refreshed so they have a serial number which starts 125... rather than 346... The serial number can be found in the Start of Authority tab for the zones properties.

To refresh the zones try the following steps;

  1. In a DNS MMC select the DNS server, right click and select clear cache. For any zone you copy, right click and select Transfer from Master. Check the serial number for the zone once it has loaded.

    If the serial number hasn't been updated you may have tried too soon, wait a couple more minutes and try again. However if after ten minutes it hasn't updated you can also try;

  2. If the serial number hasn't been updated delete the zone, clear the cache and re-create. Check the serial number once it has fully loaded.

  3. Final resort: delete the zone, clear the cache, delete the files from C:\Windows\System32\DNS then re-create.

In most cases methods 1 or 2 will work.

For those with older copies of notes from the Active Directory course which are being used as reference, don't. You should check your configuration information at the following locations.

http://www-tus.csx.cam.ac.uk/windows_support/Current/activedirectory/dns/configureserver.html

http://www-tus.csx.cam.ac.uk/windows_support/Current/activedirectory/dns/dnssec.html

Incidentally, Windows 2008 DNS Server is not immune to the problem (but method 1 above should normally work for it).