Solved

dns scenario

Posted on 2004-09-30
3
404 Views
Last Modified: 2012-06-21
I am looking for the proper config of active directory and dns in my local w2k domain. I currently have 2 DC'c in a domain and the primary running dns alone. I am worried about it failing and trying to implement redundancy amongst them. I want to add a second dns to act as a secondary/ backup and assume it should be setup on my second DC. My questions are as follows. But confused on the diffensce between a secondary dns and a backup or are they the same.

Q1 If the primary DC goes down I want a secondary dns to kick in. how do I do this?
 
Q2 In DHCP, should I give it both IP addresses of the above 2 DNS server so if the primary fails, the secondary kicks in. Right now when i shutdown my Priimary DC, I instantly get a notice in my workstation event viewer " can not locate dns".Does the secondary dns mean it will  point to my backup dns in case of faulure? or is this done automatically without adding that second dns address on my workstations IP config

Q3 In my second DC , dns was turned off and upon turning it on, I see the zones from my primary DNS. does this mean it set itself up to backup. Since I am not sure how the zones got there, I want to delete them to start over, do you see any danger in deleting the zones of my second DC and recreating the zones all over again as secondarys.
0
Comment
Question by:vstav
3 Comments
 
LVL 5

Assisted Solution

by:zerofield
zerofield earned 100 total points
ID: 12190829
You have the right idea, just relax :)  Setup the DNS to run on the second DC as well (in fact, i generally run DNS on all DC's given the AD is so heavily dependent upon it.

Yes again, setup your DHCP to assign both of the DC's ip's as DNS servers.

There is a 2 second timeout by default, so should the first DNS server die or become unusable, the clients will timeout to it and query the second DNS server.

And, yes, again, you were right about it auto-configuring itself.  When you have DNS servers on the DC's in an AD, when they replicate, they will automatically update one another on any host changes.

If your clients do not have the second DNS server listed, and the primary dies, there is no automatic failing over.  DNS resolve will be broken at that point.

So, go ahead and let the second DC/DNS server auto-populate itself.  Change the DHCP to assign the second DNS server.  Life will be good.

If you want to take it a step further, I use a cache'in linux server running bind which all internal AD boxes forward external requests to.  This way the linux machine sits on the frontlines while the AD hides behind the firewall.

Let us know!
0
 

Author Comment

by:vstav
ID: 12193580
is this  same scenario applicaple for the DC also meaning if the primary DC fails all toghether(crashes), will the second DC take over and keep all object in the AD active?  I not refering only to DNS, I mean everything in AD and the domain. Or do I have to, after it crashes, hand over rights? I similuted shuting down the primary DC and noticed when loged in from my other DC that when I tried to go browse computers in (entire directory), it came up with a meassge saying the master was not available.


0
 
LVL 12

Accepted Solution

by:
Mazaraat earned 50 total points
ID: 12195694
IF the main DC fails, depending on how long it will be down, you may have to transfer some of the schema roles to the secondary server.

How to sieze roles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504
How to sieze the RID master role:
http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000/techinfo/reskit/en-us/distrib/dsbl_fsm_cfyf.asp

Roles will need to be seized for all 5 roles if they were on the failed server:
Schema owner
Domain role owner
PDC role
RID pool manager
Infrastructure owner

If the primary server will be up in a reletively short time you may decide to not seize the roles.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question