Root DC's keep disallowing transfer of _msdcs zone

[spiney]

Hi There,
I have setup an AD forest with a root domain and two child domains. As per Microsoft recommendation I have created secondary dns zones of the _msdcs zone on the DC's in each child domain. I enabled zone transfers from both root DC's _mscds zones to all the name servers in the forest.
This works fine, but every so often, maybe 2 or 3 times a month the zone transfers stop. Checking the zone transfer tabs on BOTH the root DC's _msdcs zones shows the transfers are disallowed, i.e. the check box is unticked. There are no messages in the event log and another secondary dns zone on the same servers has no problem.
Any ideas on why this is happening or better still, how to stop it from happening?

Regards,
Jon

 

[spiney]

Well, I've answered my own question

As Microsoft's knowledge base article Q272089 states:

"Zone Transfer information for any Active Directory-integrated Domain Name System (DNS) zones that begin with the underscore (_) character is lost after you reboot the domain controller"

I didn't think that this applied to me as as far as I was aware, our root DC's had not be rebooted for a while.....until I discoverd that a previous contractor had enabled automatic updating and that once a week at 3am our root dc's had been applying an update and rebooting all by themselves

SP3 is supposed to fix this but after reading some other posts here, I think I might hold off for a little while on the SP3 rollout.

Jon