Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


DNS on secondary setup wrong

Posted on 2008-06-17
Medium Priority
Last Modified: 2011-10-19
I am deploying a new server and it is going to be a secondary DNS server.  It has already been configured as a primary dns server.  When I attempt to delete the zone, it gives the warning that it is an AD integrated zone.  Server 18 is to be the primary DNS and Davis-RKP is to be the secondary.  If I delete the zones under the Davis-RKP server will it affect the zones under the Server18 server? (see attached pic)  Or can I just change the Zone Type under Davis-RKP from Integraded to Secondary.  

Thank you very much.
Question by:sjsell
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 70

Expert Comment

ID: 21806163
Is there any reason that you are not using AD Integrated DNS?
This is much more efficient and allows you to have multiple primary DNS servers and i is a lot less hassle.
LVL 13

Assisted Solution

ocon827679 earned 100 total points
ID: 21806187
Are both of these servers domain controllers?  If so, why not leave them as AD Integrated.  The pros of AD Integrated certainly out weigh the cons.  There is no advantage to a secondary zone over and AD Integrated Primary.

Author Comment

ID: 21806223
The book that I was reading made it sound like it can be bad to have multiple Primary DNS servers.  You should have one Primary and the rest should be secondary.  I plan on leaving server18 (what is our primary dns server) AD integrated.  I just wanted the Davis-RKP to be a secondary.  If I leave it as a primary, and I need to make a change to anything do I have to do it to all of the servers or can I just increment the serial number and it will replicate to the other DNS server?

Thanks for the amazingly fast reply.
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

LVL 70

Accepted Solution

KCTS earned 400 total points
ID: 21806315
Not at all. AD Integrated DNS is more secure, integrates fully with Active Directory, if more efficient as it uses AD replication rather than relying on zone transfers and as it uses the multi-master model there is less latency as all servers can update each other. AD Integrated DNS should really be used as the default and you have to have a good reason not to use it, rather than justify its use.

Author Comment

ID: 21806361
Thank you.  I will leave it as AD integrated then.  Let me make sure I understand updating it then.  If I update any of the DNS servers, it will replicate to any other AD integrated DNS server?  Do I need to increment the serial on the SOA on the server I am updating or will it do that automatically when I make a change?
LVL 70

Expert Comment

ID: 21806390
Make the change on any server and when replication occurs the other servers will be updated automatically - no need to do anything

Author Closing Comment

ID: 31468097
Wow. Thank you for your fast responses.  I've been toying with joining EE for a long time and this one had me stumped so I tried a trial.  I will be joining permanently now.  Thanks and expect a LOT of questions in the future.

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question