Page 1 of 2 12 LastLast
Results 1 to 15 of 17

Thread: Adding Second DNS Server to Domain

  1. #1
    Smurfman Guest

    Adding Second DNS Server to Domain

    Using Windows 2003 Domain and Active Directory
    Small network 11 servers, 40 users.

    I have One DNS server that is installed on one of my Name Servers (primary).

    I have since created a second server and installed DNS on that server. This
    server will not be a name server.

    I want to create a second DNS server for my domain so that if #1 is down for
    reboot or something the other server is still available.

    Here is what I already tried...

    1) Added a New Zone to the newdns-server - made it a secondary zone that
    will would receive forward lookup. I added the IP of the primary DNS server
    to that configuraton.

    The replication did not take place - as the master refused to connect.

    On the Main DNS server
    2) I tried to change the properties of the Forward lookup zone xyz.com for
    Zone Transfers. I made the setting to allow zone transfers to servers listed
    below. i entered the IP of the new server (newdns-server) it resolved the
    name, but then shows failed to validate.
    3) If I hit apply and then close the properties - then open the properties
    the Zone IP is reset to 1.0.0.0 and it is trying to connect.

    I figure I am missing soemthing simple (I hope).

    Please advise.

    J

  2. #2
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Adding Second DNS Server to Domain

    Hello J,

    Any server that has DNS installed becomes a nameserver.

    Is DNS on your current domain controlller? If so, is the zone AD integrated?
    Is the second server you installed a domain controller?
    If yes to the above, then just install DNS on the other domain controller,
    and walk away from it for about 30 minutes. The zone will automatically
    appear. Otherwise if you manually create an identical zone on another DC/DNS
    server, you've just created a duplicate in the Ad database, which will cause
    numerous problems.

    If the second machine is not a DC, then you have to go to the first DNS
    server and allow zone transfers (zone properties, Zone transfer tab).

    If you can elaborate on the following, it will help us to provide more
    specific help in your scenario;

    How many DCs? (minimum of two is recommended for fault tolerance.)
    Is the zone AD integrated?
    Is the second server a DC?
    When you say nameserver, is it the nameserver (DNS) for the AD domain or for
    your public records?

  3. #3
    Danny Sanders Guest

    Re: Adding Second DNS Server to Domain

    If you were to set the DNS zone as AD integrated it will replicate along
    with the AD replication.

    AD integrated DNS allows DNS information to replicate, securely along with
    the AD information, to all domain controllers with DNS installed with no
    user intervention.

  4. #4
    Smurfman Guest

    Re: Adding Second DNS Server to Domain

    I guess this is where I am a bit confused. Are you saying that the second
    DNS server also has to have AD installed on it?

    Right now my primary DNS is on Name Server with AD Integrated already enabled.

    The second server only has DNS installed - which is how I was hoping to keep
    this.

    I just want it to get the copy of DNS stored for redundency.

    I create a Second zone - I specify the IP of the primary zone, on the
    general tab there is not an option to make this AD Integrated, and the status
    shows expired.

    What do you think.

  5. #5
    Danny Sanders Guest

    Re: Adding Second DNS Server to Domain

    AD installed = Domain controller

    You have 11 servers available and you should have a redundant DC in the
    domain.

    Redundant DC and redundant DNS

    Just run dcpromo on the server you want to be the second DNS server.

    Right now having the first server as AD integrated DNS does you no good what
    so ever. AD integrated DNS allows DNS info to replicate to all DCs in the
    domain with DNS installed. If you don't have a second DC with DNS installed
    its not replicating DNS info to other DCs.

    AD integrated DNS and a second DC is your best bet.

  6. #6
    Smurfman Guest

    Re: Adding Second DNS Server to Domain

    ....ANSWER: NO I just wanted it to be a second DNS server in case the one
    DNS server was down.

    ....ANSWER: This is what I already tried, if I enable Zone Transfers for IP
    192.168.1.13 it resolves the server name but lists it as unable to validate
    or something to that effect. Additionally when I click apply and then go
    back into the setting the Zone IP is changed to 1.0.0.0 and nothing happens.

    Thanks hope this helps...

  7. #7
    Smurfman Guest

    Re: Adding Second DNS Server to Domain

    Okay... I see.

    I do have a second DC, but no DNS on it. Sound like one thing you are
    saying is put DNS on that second DC and let AD replicate everything...

    OR

    Promote my new server to a backup DC and leave the DNS on it.

    Then I suppose I could demote the other DC to a regular server?

    Do I understand this correctly?

  8. #8
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Adding Second DNS Server to Domain

    If you already have an additional DC, I agree with Danny to simply install
    DNS on it and make it your additional DNS server. No zone transfer
    configuration or anything is required. Just install DNS and you're good to
    go. ALso no need to promote the other server to a DC, just for DNS. That is
    additional work.

    Ace

  9. #9
    David Shen [MSFT] Guest

    RE: Adding Second DNS Server to Domain

    Hello J,

    Thank you for posting in newsgroup.

    According to the description, you have one DNS server role installed on the
    domain controller with Active Directory-Integrated zone type, your wish to
    just have another DNS server which is for redundancy purpose in case of the
    down of the first DNS server.

    If I have any misunderstanding, please feel free to let me know.

    Analysis and Suggestion:
    ======================

    As the DNS servers are in a domain environment, it will be a good option to
    set the new DNS server zone as an "Active Directory-Integrated", you don't
    have to install with a domain controller on that redundant DNS server. You
    can just change the Replication scope as "To all DNS servers in the Active
    Directory domain: your domain name" on the first DNS server to let the
    Active Directory to replicate the DNS zone information to the new redundant
    DNS server. Replication the DNS zone information with "Active
    Directory-Integrated" is more secured. At this point, I agree with what
    Danny and Ace said.

    Option1. Use " Active Directory-Integrated" to replicate DNS zone to the
    new DNS server.

    Steps:

    1. On the first DNS server, change the DNS zone to "Active
    Directory-Integrated" type, Replication scope " To all DNS servers in the
    Active Directory domain: your domain name"

    2.Then on the new DNS server, create a new forward lookup zone with the
    same domain name as its on the first DNS server, then change its DNS zone
    type to "Active Directory-Integrated", wait for some while to let Active
    Directory to replicate the DNS zone information to it.

    As you said:

    "If I enable Zone Transfers for IP 192.168.1.13 it resolves the server name
    but lists it as unable to validate or something to that effect.
    Additionally when I click apply and then go back into the setting the Zone
    IP is changed to 1.0.0.0 and nothing happens."

    I guess that the first DNS server cannot resolve the new redundant DNS
    server properly. Please first check the new DNS server to see if the
    preferred DNS server has been pointed to the first DNS server on the NIC
    property. Thus, we may need to ensure that the new DNS server's A record
    exists on the first DNS server zone, which can ensure the system to
    validate the new DNS server properly and resolve it.

    Option2. Enable Zone Transfer on first DNS server

    Steps:

    1.On the first DNS server, open and locate the zone, verify that the new
    DNS server name's A record is already exist under the forward lookup zone.

    2.Right-click the zone name and select Name Servers tab

    3.Click Add¡Â* and then input the FQDN of the new redundant DNS server that
    you want to specify, input its IP address and click Add. Click OK.

    4.Click Zone Transfers, select Allow zone transfers, select "only to
    servers listed on the Name Servers tab"

    Please note: it is recommend you set both of the 2 DNS server's NIC
    property with the same sequence of the preferred DNS server and Alternate
    DNS server. I suggest that you set them as followed:

    Preferred DNS server: first DNS server
    Alternate DNS server: the new redundant DNS server

    Hope the information will be helpful for you. If you have any question,
    please free feel to let me know.

    David Shen
    Microsoft Online Technical Support


  10. #10
    Smurfman Guest

    RE: Adding Second DNS Server to Domain

    ANSWER:
    This setting is already in place, AD Integration for Primary Zone.
    Regarding the Replication - I have made the setting change to be ALL DNS
    servers in Domain.

    ANSWER:
    I can create a new forward lookup zone. In detail my options are as follows:
    1) Step 1 of Wizard (for a new Forward Lookup Zone) - is Primary,
    Secondary, ro Stub.
    a) Primary - does not enable the option for Dynamic Update for AD
    Integration
    b) Secondary - does not ask me for Dynamic Updates, and only asks me for
    the IP of the Master DNS server (I assume this is specific settings for Zone
    Transfers - not what we want.)
    c) Stub - same thing

    In looking at the wizard - the option for store in AD is only available if
    the server is a Domain Controller.

    It would seem I am back to square one.

    Here is the scope of my goal - perhaps you can suggest the best way to
    accomplish this.

    1) To have a Vitrual Machine running DNS
    2) To Have this DNS server be a backup of my Primary
    3) Would like to avoid making this VM a Domain Controller - but would still
    like the DNS server to replicate as you said with AD seamlessly.
    4) Optionally . I have a second Name Server on the network, I could demote
    it, and promote this new VM DNS server to be my backup name server, and then
    also follow the steps to replicate DNS with it. Likely I would promote my
    new VM to a DC and allow a few days to pass and then demote my old name
    server.

    If I could avoid this I would like to just have a backup DNS server for now.

    Please advise.

  11. #11
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Adding Second DNS Server to Domain

    Hello David,

    I would like to comment and discuss your Step #2. From my experience, with
    AD integrated zones, after installing DNS on a replica DC, there is no need
    to manually create the zone on the replica DC within the same domain and/or
    replication scope of the first DC's zone. It will automatically appear with
    AD replication in less than 30 minutes. I've noticed customers in the past
    have complained of DNS issues if they manually create the zone and make it
    AD integrated, for AD thinks it is a new zone, but it will create a
    duplicate zone condition, ultimately requiring ADSI Edit to remove the
    duplicate.

  12. #12
    David Shen [MSFT] Guest

    RE: Adding Second DNS Server to Domain

    Hello J,

    Thanks for the reply. And thank to Ace for the knowledge sharing.

    From your description, it appears that you just want a DNS server which
    holds backup information of the first DNS server in the environment, and
    meanwhile you don't want the backup server to be a domain controller. To
    fulfill the demand, manually performing a zone transfer will be a good
    option. As a secondary zone is read only and you won't install domain on
    it, thus it cannot be dynamic updated. With secondary zone, you can have a
    backup DNS zone information on that new DNS server without install domain
    on it.

    For your reference, I have also included a third party linked resource
    which may be helpful for you.

    Step-By-Step: How to migrate DNS information to Windows Server 2003

  13. #13
    David Shen [MSFT] Guest

    RE: Adding Second DNS Server to Domain

    Hello J,

    How's everything going?

    I'm wondering if the suggestion has helped or if you have any further
    questions. Please feel free to respond to the newsgroups if I can assist
    further.

    David Shen
    Microsoft Online Technical Support


  14. #14
    samanderson123 via WinServerKB.com Guest

    Re: Adding Second DNS Server to Domain

    Answer: 1.On the first DNS server, open and locate the zone, verify that the
    new
    DNS server name's A record is already exist under the forward lookup zone.

    2.Right-click the zone name and select Name Servers tab

    3.Click Add¡Â* and then input the FQDN of the new redundant DNS server that
    you want to specify, input its IP address and click Add. Click OK.

    4.Click Zone Transfers, select Allow zone transfers, select "only to
    servers listed on the Name Servers tab"

    5: Try to check, if face still problem.

    6: Restart the DNS server both site and check it.

  15. #15
    David Shen [MSFT] Guest

    RE: Adding Second DNS Server to Domain

    Hello customer,

    I am writing in to see if you have gotten a chance to try the suggestion.
    If there are any updates on your side, please let me know so that we can
    work together to resolve the issue.

    David Shen
    Microsoft Online Technical Support


Page 1 of 2 12 LastLast

Similar Threads

  1. Adding member server accounts as Domain Administrators
    By Im-Mortal in forum Networking & Security
    Replies: 4
    Last Post: 19-05-2011, 12:22 PM
  2. Adding new DNS server to Win2k3 domain
    By randy in forum Windows Server Help
    Replies: 3
    Last Post: 29-10-2010, 01:05 AM
  3. Prevent users from adding computer to domain in Server 2003
    By Jasper Recto in forum Active Directory
    Replies: 5
    Last Post: 15-01-2009, 02:21 AM
  4. Replies: 2
    Last Post: 10-11-2008, 07:38 PM
  5. domain upgrade to 2008 by adding new 2008 server
    By manishdk in forum Active Directory
    Replies: 3
    Last Post: 30-07-2008, 10:15 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,666,017.43144 seconds with 17 queries