auditnet22
asked on
How do I install a secondary DNS server in Windows 2003
I want to add a 2nd DNS server to my existing configuration for redundancy purposes.
I have an existing Windows 2000 AD domain.
1st DNS server = london
Forward lookup zone = testdomain.int (only allows dynamic secure updates)
Reverse lookup zone = 192.168.0.x
On a Windows 2003 server I want to add my 2nd DNS server
the options are: (Which do I choose)
Create a forward lookup zone
Create a forward and reverse lookup zone (I assume this should be my choice)
yes, create forward lookup zone now (recommended)
primary zone
zone name (should this zone name be the same as my 1st one (testdomain.int)
Secondary zone
Stub zone
Create root hints only
I have an existing Windows 2000 AD domain.
1st DNS server = london
Forward lookup zone = testdomain.int (only allows dynamic secure updates)
Reverse lookup zone = 192.168.0.x
On a Windows 2003 server I want to add my 2nd DNS server
the options are: (Which do I choose)
Create a forward lookup zone
Create a forward and reverse lookup zone (I assume this should be my choice)
yes, create forward lookup zone now (recommended)
primary zone
zone name (should this zone name be the same as my 1st one (testdomain.int)
Secondary zone
Stub zone
Create root hints only
Hi,
When you run the DNS management, you can right click and choose "New Zone" then you may choose secondary zone, then forward zone, then put the zone name, then it asks for the ip addresses to sync from
When you run the DNS management, you can right click and choose "New Zone" then you may choose secondary zone, then forward zone, then put the zone name, then it asks for the ip addresses to sync from
If your second machine is a DC as well, then it's easiest and best to just do the following: change the zone type of your primary zones on your existing DC/DNS server to AD integrated. Do *not* create any zones on the second DC/DNS, just wait for the next AD replication cycle, and the AD integrated zones will appear automatically.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you so much for the quick replys. I should probably elaborate a little more on the configuration.
1. This 2nd server is a DC
2. I will like to replicate all of DNS to this server in case my primary DC with DNS fails.
3. My 1st DNS server is on a DC and is AD integrated already
Here are the options I get when installing DNS via the wizard, Which should I choose:
1. Create forward lookup zone
2. Create forward & reverse lookup zones
3. Create root hints only
Once I choose from above, I'm assuming #2
Create forward and reverse lookup zones or Don't create forward lookup zone ?
If I answer yes, should it be primary, secondary, or stub zone
Yes, create forward lookup zone now (recommended)
a. Primary Zone (also check off store in AD)
Replicate to all DC's in AD
Zone name = testadmin.int
Only allow secure updates
Yes, create reverse lookup zone now
a. Primary zone also check off store in AD)
Replicate to all DC's in AD
Network ID = 192.168.0
Only allow secure updates
Don't forward queries
Here are the errors I get if I select create forward looup zone now, primary zone
Error: The server's root hints cannot be updated.
The configuration registry key could not be written
Also: The forward lookup zone teastadmin.int has an x on it.
1. This 2nd server is a DC
2. I will like to replicate all of DNS to this server in case my primary DC with DNS fails.
3. My 1st DNS server is on a DC and is AD integrated already
Here are the options I get when installing DNS via the wizard, Which should I choose:
1. Create forward lookup zone
2. Create forward & reverse lookup zones
3. Create root hints only
Once I choose from above, I'm assuming #2
Create forward and reverse lookup zones or Don't create forward lookup zone ?
If I answer yes, should it be primary, secondary, or stub zone
Yes, create forward lookup zone now (recommended)
a. Primary Zone (also check off store in AD)
Replicate to all DC's in AD
Zone name = testadmin.int
Only allow secure updates
Yes, create reverse lookup zone now
a. Primary zone also check off store in AD)
Replicate to all DC's in AD
Network ID = 192.168.0
Only allow secure updates
Don't forward queries
Here are the errors I get if I select create forward looup zone now, primary zone
Error: The server's root hints cannot be updated.
The configuration registry key could not be written
Also: The forward lookup zone teastadmin.int has an x on it.
ASKER
One more thing:
If I right click on the forward lookup zone for testadmin.int, it states that the type is AD integrated, but the status is expired.
How do I fix that ?
If I right click on the forward lookup zone for testadmin.int, it states that the type is AD integrated, but the status is expired.
How do I fix that ?
ASKER
Forget the status expired error, Once I rebooted the server, the error went away.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The people helping out are very helpful professionals, I thank them for all of their imput.
Anyway, if you want to continue...
Go to the DNS snap-in
On your DNS server in the console click and select actions
Click New Zone
and follow the directions in the wizard. It will actually ask you whether this is primary or secondary DNS and does a reasonable job of configuring it so that it will work immediately
hope this helps!