Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 673
  • Last Modified:

Replicating a DNS Primary Zone

I have created an additional zone as a primary zone but it is not replicating to the other two DNS servers like the AD zones are.  Why is this?  Is there a force option for primary DNS Zones?
Why use AD zones instead of Primary and vise versa?
  • 2
1 Solution
To answer your first question: the other DNS servers don't replicate because you need to create secondary zones on the other DNS servers that replicate from the primary zone (and allow zone updates for the zone on the primary).
Otherwise you need to change the zone type from Primary to Active Directory Integrated, then they will be replicated through AD.
The second one: if you can use them, use AD integrated zones, because ADI zones offer secure dynamic updates; in addition, every ADI DNS server will be Start of Authority, so every DNS server can accept dynamic updates (as opposed to a "regular" primary/secondary setup, where only the primary has a writable copy of the zone).

The primary DNS isn't trusted for zone transfers by default.  The AD int DNS servers replicate zone changes by AD replication.  Add the primary DNS to the zone transfers list in order to make it an authoritative dns server in the zone.  If not doing so already set the updates to secure and allow zone transfers only to the name servers on the zone transfer list.

wrwiii12Author Commented:
When would you have to use primary/secondary?
If the DNS server isn't a DC (like public DNS servers).

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now