Q. What causes the error I receive in the event log when I attempt to replicate the ForestDNSZones directory partition?

A. The ForestDNSZones directory partition is replicated among all domain controllers (DCs) in a forest that have the DNS service installed. When you replicate ForestDNSZones, you might see an error message similar to the following (the error-message text is enclosed in quotes):

"Event Type: ErrorEvent Source: NTDS KCCEvent Category: Knowledge Consistency CheckerEvent ID: 1311Date: 6/25/2004Time: 10:43:45 AMUser: NT AUTHORITYANONYMOUS LOGONComputer: OMEGADescription:The Knowledge Consistency Checker (KCC) has detected problemswith the following directory partition.Directory partition:DC=ForestDnsZones,DC=savilltech,DC=comThere is insufficient site connectivity information inActive Directory Sites and Services for the KCC to createa spanning tree replication topology. Or, one or more domaincontrollers with this directory partition are unable toreplicate the directory partition information. This is probablydue to inaccessible domain controllers.User ActionUse Active Directory Sites and Services to perform one ofthe following actions:- Publish sufficient site connectivity information so thatthe KCC can determine a route by which this directory partitioncan reach this site. This is the preferred option.- Add a Connection object to a domain controller that containsthe directory partition in this site from a domain controllerthat contains the same directory partition in another site.If neither of the Active Directory Sites and Services taskscorrect this condition, see previous events logged by the KCCthat identify the inaccessible domain controllers.For more information, see Help and Support Center athttp://go.microsoft.com/fwlink/events.asp."

This error can occur when you have several sites that don't have a site link between them, site-link bridging is disabled (and no site-link bridge has been manually created), and some sites have a DC that runs DNS and is connected to a site that has DCs that don't run DNS. The ForestDNSZones partition, which replicates only between DCs that have DNS installed, can't replicate across the DCs that don't have DNS installed. The figure at Figure shows a scenario in which this problem will occur. The error appears on DCs in sites A and C, assuming that no DCs in site B have DNS installed, site-link bridging is disabled, and no site-link bridge was manually created.

To solve this problem, you must either create a site-link bridge between sites A and C or, if sites A and C aren't connected because of routing restrictions, install DNS on a DC in the central site (B). Using either method allows replication through the DC in site B. You don't need to configure any zones on the DC; merely having DNS installed is enough to add the DC to the ForestDNSZones partition's replication set.