HOTSPOT
Your network contains an Active Directory domain named contoso.com.
All DNS servers host a DNS zone named adatum.com. The adatum.com zone is not Active
Directory-integrated.
An administrator modifies the start of authority (SOA) record for the adatum.com zone.
After the modification, you discover that when you add or modify DNS records in the
adatum.com zone, the changes are not transferred to the DNS servers that host secondary
copies of the adatum.com zone.
You need to ensure that the records are transferred to all the copies of the adatum.com zone.
What should you modify in the SOA record for the adatum.com zone?
To answer, select the appropriate setting in the answer area.
Explanation:
When a DNS server receives an update through Active Directory replication:
If the serial number of the replicated record is higher than the serial number in the SOA
record of the local copy of the zone, the local zone serial number is set to the serial number
in the replicated record.
Note Each DNS record in the zone has a copy of the zone serial number at the time when
the record was last modified.
If the serial number of the replicated record is the same or lower than the local serial
number, and if the local DNS server is configured not to allow zone transfer of the zone, the
local zone serial number is not changed.
If the serial number of the replicated record is the same or lower than the local zone serial
number, if the DNS server is configured to allow a zone transfer of the zone, and if the local
zone serial number has not been changed since the last zone transfer occurred to a remote
DNS server, then the local zone serial number will be incremented. Otherwise that is if a
copy of the zone with the current local zone serial number has not been transferred to a
remote DNS server, the local zone serial number is not changed.
Serial Number:
1. Forget to Increment Serial Number
This particular problem will occur only if you make changes to your zone data file by hand, without using the DNS console. The DNS console remembers to increment the serial number in the SOA record each time it changes zone data, so you don’t have to worry about it. However, this also means that you probably won’t be in the habit of updating the serial number, so you may forget when making that one-off manual modification.
The main symptom of this problem is that slave name servers don’t pick up any changes you make to the zone on the primary server. The slaves think the zone data hasn’t changed since the serial number is still the same.
How do you check if you remembered to increment the serial number? Unfortunately, that’s not so easy. If you don’t remember what the old serial number was and your serial number gives you no indication of when it was updated, there’s no direct way to tell whether it has changed. 1
When you start the primary, it will load the updated zone data file regardless of whether you’ve changed the serial number. About the best you can do is to use nslookup to compare the data returned by the primary and by a slave. If they return different data, you probably forgot to increment the serial number. If you can remember a recent change you made, you can look for that data. If you can’t remember a recent change, you can try transferring the zone from a primary and from a slave, sorting the results, and using a file-comparison tool to compare them.
The good news is that, although determining whether the zone was transferred is tricky, making sure the zone is transferred is simple. Just increment the serial number on the primary’s copy of the zone by double-clicking the SOA record in the DNS console and manually editing the serial number field. The slaves should pick up the new data within their refresh interval, or sooner if they use NOTIFY.