How to configure redundant Microsoft DNS servers

Posted on 2007-10-02
Last Modified: 2010-01-26
I need to add a second DNS server for redundancy. I currently have an active directory domain, with one of the DC's running DNS services. I would like to add DNS to my second DC so that both can act as DNS servers.

Can anyone guide me in this area?

Question by:bereanbs
    LVL 70

    Accepted Solution


    Hi there,

    It's nice an easy :)

    Install the DNS Service on the Second DC. Allow 15 - 20 minutes for Replication to occur, then you should see all Zones you have configured as Active Directory Integrated.

    Then just point all your clients and servers to it.

    LVL 4

    Assisted Solution

    If your DNS server is DC with DNS service active integrated in AD, you can promote a second server to DC (previously add DNS server in Add/remove programs). Configure your new DNS server from DNS MMC, you only need to mark integrate with Act1ve Directory after define a new zone.
    Then, the data of DNS AD will br copied to your new server.
    Remember to change your workstations in order to use your new DNS server.
    LVL 30

    Assisted Solution

    If your DNS zones are Active Directory-integrated, simply install the DNS server service onto your 2nd DC and Active Directory will automatically replicate DNS data to the 2nd DC.  Your only action at that point will be to configure your clients and member servers to use the IP address of the 2nd DC as a secondary IP address - if you are handing out IP addresses using DHCP, this can be done centrally on your DHCP scope and you're done.
    LVL 70

    Assisted Solution

    Just to clarify (I hope)

    Install DNS on the second domain controller (DNS will replicate automatically if you are using Active Directory Integrated DNS)

    The domain controllers should each point to themselves as their own Preferred DNS Server
    The domain controllers should point to each other as the Alternate DNS Server

    Clients should have one DNS server set and their Preferred DNS server and the other DNS sever as their Alternate DNS server - this may be set via the TCP/IP properties or with DHCP options.

    Its also not a bad idea to make sure both DCs are global catalog servers - go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
    LVL 4

    Expert Comment

    For fine adjust only:
    MS says that DNS server should only point to themselve, no another DNS server need to be specified, because a deadlock in DNS resolution can occurs.
    LVL 4

    Expert Comment

    Hello again,

    Do you have a good result in your topology?

    Don't hesitate contact again.

    LVL 70

    Expert Comment

    The process is as follows:
    Install Windows 2003 on the new machine

    Assign the new computer an IP address and subnet mask on the existing network
    Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

    Join the new machine to the existing domain as a member server

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the"Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

    If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don't forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other.
    LVL 2

    Author Comment

    Great answers - As it turns out, by the time I read the responses it was already replicated and good to go!  I just didn't wait long enough.  Sorry for the delay in closing out the question.

    Thanks again!

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now