A. The ForestDNSZones directory partition is replicated among all domain controllers (DCs) in a forest that have the DNS service installed. When you replicate ForestDNSZones, you might see an error message similar to the following (the error-message text is enclosed in quotes):

"Event Type: Error                              Event Source: NTDS KCC                              Event Category: Knowledge Consistency Checker                              Event ID: 1311                              Date: 6/25/2004                              Time: 10:43:45 AM                              User: NT AUTHORITY\ANONYMOUS LOGON                              Computer: OMEGA                              Description:                              The Knowledge Consistency Checker (KCC) has detected problems                              with the following directory partition.                              Directory partition:                              DC=ForestDnsZones,DC=savilltech,DC=com                              There is insufficient site connectivity information in                              Active Directory Sites and Services for the KCC to create                              a spanning tree replication topology. Or, one or more domain                              controllers with this directory partition are unable to                              replicate the directory partition information. This is probably                              due to inaccessible domain controllers.                              User Action                              Use Active Directory Sites and Services to perform one of                              the following actions:                              - Publish sufficient site connectivity information so that                              the KCC can determine a route by which this directory partition                              can reach this site. This is the preferred option.                              - Add a Connection object to a domain controller that contains                              the directory partition in this site from a domain controller                              that contains the same directory partition in another site.                              If neither of the Active Directory Sites and Services tasks                              correct this condition, see previous events logged by the KCC                              that identify the inaccessible domain controllers.                              For more information, see Help and Support Center at                              http://go.microsoft.com/fwlink/events.asp."

This error can occur when you have several sites that don't have a site link between them, site-link bridging is disabled (and no site-link bridge has been manually created), and some sites have a DC that runs DNS and is connected to a site that has DCs that don't run DNS. The ForestDNSZones partition, which replicates only between DCs that have DNS installed, can't replicate across the DCs that don't have DNS installed. The figure at Figure shows a scenario in which this problem will occur. The error appears on DCs in sites A and C, assuming that no DCs in site B have DNS installed, site-link bridging is disabled, and no site-link bridge was manually created.

To solve this problem, you must either create a site-link bridge between sites A and C or, if sites A and C aren't connected because of routing restrictions, install DNS on a DC in the central site (B). Using either method allows replication through the DC in site B. You don't need to configure any zones on the DC; merely having DNS installed is enough to add the DC to the ForestDNSZones partition's replication set.