Adding Second DNS Server to Domain
Using Windows 2003 Domain and Active Directory
Small network 11 servers, 40 users.
I have One DNS server that is installed on one of my Name Servers (primary).
I have since created a second server and installed DNS on that server. This
server will not be a name server.
I want to create a second DNS server for my domain so that if #1 is down for
reboot or something the other server is still available.
Here is what I already tried...
1) Added a New Zone to the newdns-server - made it a secondary zone that
will would receive forward lookup. I added the IP of the primary DNS server
to that configuraton.
The replication did not take place - as the master refused to connect.
On the Main DNS server
2) I tried to change the properties of the Forward lookup zone xyz.com for
Zone Transfers. I made the setting to allow zone transfers to servers listed
below. i entered the IP of the new server (newdns-server) it resolved the
name, but then shows failed to validate.
3) If I hit apply and then close the properties - then open the properties
the Zone IP is reset to 1.0.0.0 and it is trying to connect.
I figure I am missing soemthing simple (I hope).
Please advise.
J
Re: Adding Second DNS Server to Domain
Hello J,
Any server that has DNS installed becomes a nameserver.
Is DNS on your current domain controlller? If so, is the zone AD integrated?
Is the second server you installed a domain controller?
If yes to the above, then just install DNS on the other domain controller,
and walk away from it for about 30 minutes. The zone will automatically
appear. Otherwise if you manually create an identical zone on another DC/DNS
server, you've just created a duplicate in the Ad database, which will cause
numerous problems.
If the second machine is not a DC, then you have to go to the first DNS
server and allow zone transfers (zone properties, Zone transfer tab).
If you can elaborate on the following, it will help us to provide more
specific help in your scenario;
How many DCs? (minimum of two is recommended for fault tolerance.)
Is the zone AD integrated?
Is the second server a DC?
When you say nameserver, is it the nameserver (DNS) for the AD domain or for
your public records?
Re: Adding Second DNS Server to Domain
If you were to set the DNS zone as AD integrated it will replicate along
with the AD replication.
AD integrated DNS allows DNS information to replicate, securely along with
the AD information, to all domain controllers with DNS installed with no
user intervention.
Re: Adding Second DNS Server to Domain
I guess this is where I am a bit confused. Are you saying that the second
DNS server also has to have AD installed on it?
Right now my primary DNS is on Name Server with AD Integrated already enabled.
The second server only has DNS installed - which is how I was hoping to keep
this.
I just want it to get the copy of DNS stored for redundency.
I create a Second zone - I specify the IP of the primary zone, on the
general tab there is not an option to make this AD Integrated, and the status
shows expired.
What do you think.
Re: Adding Second DNS Server to Domain
AD installed = Domain controller
You have 11 servers available and you should have a redundant DC in the
domain.
Redundant DC and redundant DNS
Just run dcpromo on the server you want to be the second DNS server.
Right now having the first server as AD integrated DNS does you no good what
so ever. AD integrated DNS allows DNS info to replicate to all DCs in the
domain with DNS installed. If you don't have a second DC with DNS installed
its not replicating DNS info to other DCs.
AD integrated DNS and a second DC is your best bet.
Re: Adding Second DNS Server to Domain
....ANSWER: NO I just wanted it to be a second DNS server in case the one
DNS server was down.
....ANSWER: This is what I already tried, if I enable Zone Transfers for IP
192.168.1.13 it resolves the server name but lists it as unable to validate
or something to that effect. Additionally when I click apply and then go
back into the setting the Zone IP is changed to 1.0.0.0 and nothing happens.
Thanks hope this helps...
Re: Adding Second DNS Server to Domain
Okay... I see.
I do have a second DC, but no DNS on it. Sound like one thing you are
saying is put DNS on that second DC and let AD replicate everything...
OR
Promote my new server to a backup DC and leave the DNS on it.
Then I suppose I could demote the other DC to a regular server?
Do I understand this correctly?
Re: Adding Second DNS Server to Domain
If you already have an additional DC, I agree with Danny to simply install
DNS on it and make it your additional DNS server. No zone transfer
configuration or anything is required. Just install DNS and you're good to
go. ALso no need to promote the other server to a DC, just for DNS. That is
additional work.
Ace
RE: Adding Second DNS Server to Domain
Hello J,
Thank you for posting in newsgroup.
According to the description, you have one DNS server role installed on the
domain controller with Active Directory-Integrated zone type, your wish to
just have another DNS server which is for redundancy purpose in case of the
down of the first DNS server.
If I have any misunderstanding, please feel free to let me know.
Analysis and Suggestion:
======================
As the DNS servers are in a domain environment, it will be a good option to
set the new DNS server zone as an "Active Directory-Integrated", you don't
have to install with a domain controller on that redundant DNS server. You
can just change the Replication scope as "To all DNS servers in the Active
Directory domain: your domain name" on the first DNS server to let the
Active Directory to replicate the DNS zone information to the new redundant
DNS server. Replication the DNS zone information with "Active
Directory-Integrated" is more secured. At this point, I agree with what
Danny and Ace said.
Option1. Use " Active Directory-Integrated" to replicate DNS zone to the
new DNS server.
Steps:
1. On the first DNS server, change the DNS zone to "Active
Directory-Integrated" type, Replication scope " To all DNS servers in the
Active Directory domain: your domain name"
2.Then on the new DNS server, create a new forward lookup zone with the
same domain name as its on the first DNS server, then change its DNS zone
type to "Active Directory-Integrated", wait for some while to let Active
Directory to replicate the DNS zone information to it.
As you said:
"If I enable Zone Transfers for IP 192.168.1.13 it resolves the server name
but lists it as unable to validate or something to that effect.
Additionally when I click apply and then go back into the setting the Zone
IP is changed to 1.0.0.0 and nothing happens."
I guess that the first DNS server cannot resolve the new redundant DNS
server properly. Please first check the new DNS server to see if the
preferred DNS server has been pointed to the first DNS server on the NIC
property. Thus, we may need to ensure that the new DNS server's A record
exists on the first DNS server zone, which can ensure the system to
validate the new DNS server properly and resolve it.
Option2. Enable Zone Transfer on first DNS server
Steps:
1.On the first DNS server, open and locate the zone, verify that the new
DNS server name's A record is already exist under the forward lookup zone.
2.Right-click the zone name and select Name Servers tab
3.Click Add¡Â* and then input the FQDN of the new redundant DNS server that
you want to specify, input its IP address and click Add. Click OK.
4.Click Zone Transfers, select Allow zone transfers, select "only to
servers listed on the Name Servers tab"
Please note: it is recommend you set both of the 2 DNS server's NIC
property with the same sequence of the preferred DNS server and Alternate
DNS server. I suggest that you set them as followed:
Preferred DNS server: first DNS server
Alternate DNS server: the new redundant DNS server
Hope the information will be helpful for you. If you have any question,
please free feel to let me know.
David Shen
Microsoft Online Technical Support
RE: Adding Second DNS Server to Domain
ANSWER:
This setting is already in place, AD Integration for Primary Zone.
Regarding the Replication - I have made the setting change to be ALL DNS
servers in Domain.
ANSWER:
I can create a new forward lookup zone. In detail my options are as follows:
1) Step 1 of Wizard (for a new Forward Lookup Zone) - is Primary,
Secondary, ro Stub.
a) Primary - does not enable the option for Dynamic Update for AD
Integration
b) Secondary - does not ask me for Dynamic Updates, and only asks me for
the IP of the Master DNS server (I assume this is specific settings for Zone
Transfers - not what we want.)
c) Stub - same thing
In looking at the wizard - the option for store in AD is only available if
the server is a Domain Controller.
It would seem I am back to square one.
Here is the scope of my goal - perhaps you can suggest the best way to
accomplish this.
1) To have a Vitrual Machine running DNS
2) To Have this DNS server be a backup of my Primary
3) Would like to avoid making this VM a Domain Controller - but would still
like the DNS server to replicate as you said with AD seamlessly.
4) Optionally . I have a second Name Server on the network, I could demote
it, and promote this new VM DNS server to be my backup name server, and then
also follow the steps to replicate DNS with it. Likely I would promote my
new VM to a DC and allow a few days to pass and then demote my old name
server.
If I could avoid this I would like to just have a backup DNS server for now.
Please advise.
Re: Adding Second DNS Server to Domain
Hello David,
I would like to comment and discuss your Step #2. From my experience, with
AD integrated zones, after installing DNS on a replica DC, there is no need
to manually create the zone on the replica DC within the same domain and/or
replication scope of the first DC's zone. It will automatically appear with
AD replication in less than 30 minutes. I've noticed customers in the past
have complained of DNS issues if they manually create the zone and make it
AD integrated, for AD thinks it is a new zone, but it will create a
duplicate zone condition, ultimately requiring ADSI Edit to remove the
duplicate.
RE: Adding Second DNS Server to Domain
Hello J,
Thanks for the reply. And thank to Ace for the knowledge sharing.
From your description, it appears that you just want a DNS server which
holds backup information of the first DNS server in the environment, and
meanwhile you don't want the backup server to be a domain controller. To
fulfill the demand, manually performing a zone transfer will be a good
option. As a secondary zone is read only and you won't install domain on
it, thus it cannot be dynamic updated. With secondary zone, you can have a
backup DNS zone information on that new DNS server without install domain
on it.
For your reference, I have also included a third party linked resource
which may be helpful for you.
Step-By-Step: How to migrate DNS information to Windows Server 2003
RE: Adding Second DNS Server to Domain
Hello J,
How's everything going?
I'm wondering if the suggestion has helped or if you have any further
questions. Please feel free to respond to the newsgroups if I can assist
further.
David Shen
Microsoft Online Technical Support
Re: Adding Second DNS Server to Domain
Answer: 1.On the first DNS server, open and locate the zone, verify that the
new
DNS server name's A record is already exist under the forward lookup zone.
2.Right-click the zone name and select Name Servers tab
3.Click Add¡Â* and then input the FQDN of the new redundant DNS server that
you want to specify, input its IP address and click Add. Click OK.
4.Click Zone Transfers, select Allow zone transfers, select "only to
servers listed on the Name Servers tab"
5: Try to check, if face still problem.
6: Restart the DNS server both site and check it.
RE: Adding Second DNS Server to Domain
Hello customer,
I am writing in to see if you have gotten a chance to try the suggestion.
If there are any updates on your side, please let me know so that we can
work together to resolve the issue.
David Shen
Microsoft Online Technical Support